Skip to main content

Module encryption

Module encryption 

Source
Expand description

Native page-level encryption (optional, behind the encryption feature).

Realizes §7 of the design spec (Phase 10.1): a per-table Key-Encryption Key (KEK) derived from a passphrase via Argon2id (slow memory-hard KDF, resists offline brute force) followed by HKDF-SHA256 expand (domain separation). Each sorted run gets a fresh random Data-Encryption Key (DEK); the DEK is wrapped (AES-256-GCM) by the KEK and stored, alongside a per-run nonce prefix, in the run’s Encryption Descriptor. Per-page nonces are deterministic — nonce_prefix[0..8] (random) || column_id (2) || page_seq (2) — so no per-page nonce material is persisted. Decrypting a page requires unwrapping its run’s DEK with the table KEK.

Structs§

Kek
Placeholder KEK when the encryption feature is disabled. It has no public constructor, so it can never exist — encrypted tables are therefore impossible without the feature, and all plumbing types (Option<Arc<Kek>> etc.) remain valid without a cfg gate.
PlaintextCipher
No-op cipher for unencrypted tables. Used by default.
RunEncryption
Per-run encryption material assembled at write/read time: the page cipher (over the unwrapped DEK), the nonce prefix, and (write path only) the serialized descriptor to embed in the run. Carries only trait-object + primitive fields so it is constructible without the encryption feature’s concrete crypto types.

Constants§

DEK_LEN
DEK length (AES-256 = 32 bytes). Always available.

Traits§

Cipher
Symmetric page cipher.

Functions§

fill_random
Fill a buffer with OS CSPRNG bytes. Always available.
meta_dek_for
wal_dek_for