Expand description
End-to-end encryption for git-ref sync.
Provides passphrase-based key derivation using Argon2id and symmetric encryption using AES-256-GCM. Session content is encrypted before being written into the lore store ref and decrypted after being read back, ensuring that anyone with repository access but without the passphrase cannot read the reasoning history.
Failures are reported via SyncError.
Constants§
- KEY_
SIZE - Size of the encryption key in bytes (256 bits for AES-256).
- NONCE_
SIZE - Size of the nonce in bytes (96 bits for AES-GCM).
- SALT_
SIZE - Size of the salt for key derivation.
Functions§
- decode_
key_ hex - Decodes a hexadecimal key.
- decrypt_
data - Decrypts data that was encrypted with
encrypt_data. - derive_
key - Derives an encryption key from a passphrase and salt using Argon2id.
- encode_
key_ hex - Encodes a key as hexadecimal for storage.
- encrypt_
data - Encrypts data using AES-256-GCM.
- generate_
salt - Generates a random salt for key derivation.