Skip to main content

Module encryption

Module encryption 

Source
Expand description

End-to-end encryption for git-ref sync.

Provides passphrase-based key derivation using Argon2id and symmetric encryption using AES-256-GCM. Session content is encrypted before being written into the lore store ref and decrypted after being read back, ensuring that anyone with repository access but without the passphrase cannot read the reasoning history.

Failures are reported via SyncError.

Constants§

KEY_SIZE
Size of the encryption key in bytes (256 bits for AES-256).
NONCE_SIZE
Size of the nonce in bytes (96 bits for AES-GCM).
SALT_SIZE
Size of the salt for key derivation.

Functions§

decode_key_hex
Decodes a hexadecimal key.
decrypt_data
Decrypts data that was encrypted with encrypt_data.
derive_key
Derives an encryption key from a passphrase and salt using Argon2id.
encode_key_hex
Encodes a key as hexadecimal for storage.
encrypt_data
Encrypts data using AES-256-GCM.
generate_salt
Generates a random salt for key derivation.