Expand description
The onionsalt crate.
The Onion Salt encryption scheme is an onion encryption scheme
that is closely derived from the NaCl crypto_box
format.
§Examples
Here is a simple example of onion encrypting a message and decrypting it.
let pairs = [crypto::box_keypair(),
crypto::box_keypair(),
crypto::box_keypair(),
crypto::box_keypair(),
crypto::box_keypair(),
crypto::box_keypair()];
let recipient = 2;
let recipient_key = pairs[recipient].clone();
let keys_and_routes: [(crypto::PublicKey, [u8; ROUTING_LENGTH]); ROUTE_COUNT]
= [(pairs[0].public, *b"address for 0 router "),
(pairs[1].public, *b"the address for router 1"),
(pairs[2].public, *b"this is the recipient!!!"),
(pairs[3].public, *b"the next router is nice."),
(pairs[4].public, *b"the second-to-last node."),
(pairs[5].public, *b"This is my own address. ")];
let mut payload: [u8; PAYLOAD_LENGTH] = [0; PAYLOAD_LENGTH];
payload[3] = 3;
let payload = payload;
let our_personal_key = crypto::box_keypair();
let mut ob = onionbox(&keys_and_routes, recipient).unwrap();
ob.add_payload(our_personal_key, &payload);
let mut packet = ob.packet();
let response = [1; PAYLOAD_LENGTH];
for i in 0..6 {
println!("opening box {}", i);
let mut oob = onionbox_open(&packet, &pairs[i].secret).unwrap();
println!("grabbing routing for {}", i);
let routing = oob.routing();
// routing now holds the routing information sent to "i"
if i == recipient {
// This is how to attach a response if you are the recipient.
oob.respond(&recipient_key, &response);
}
packet = oob.packet();
}
let resp = ob.read_return(our_personal_key, &packet).unwrap();
// resp now holds the return message, authenticated and decrypted.
Modules§
- creatediagrams
- crypto
- A rust translation of the TweetNaCl library. It is mostly a direct translation, but in places I tried to make the API more rustic. It has three major features, of which you are likely to use only one.
Structs§
Constants§
- ENCRYPTEDPAYLOAD_
LENGTH - The size of an encrypted payload.
- PACKET_
LENGTH PACKET_LENGTH
is the size that we actually send to each recipient.- PAYLOAD_
LENGTH PAYLOAD_LENGTH
is the size of the payload that the primary recipient can get. It differs fromENCRYPTEDPAYLOAD_LENGTH
by 48 (orOVERHEADBYTES
).- ROUTE_
COUNT - The number of routers we send through. Eventually I want to implement the feature to send through fewer routers with the message arriving back early.
- ROUTING_
LENGTH - The ROUTING_LENGTH is big enough for an ipv6 address and some extra information.
Functions§
- onionbox
- Encrypt a message in an onion defined by
keys_and_routings
, withpayload
directed topayload_recipient
. - onionbox_
open - The message is passed in
input
, and a struct is returned which has methods to access the decrypted routing information, the decrypted message (to be passed to the next router), to access the payload, and to insert an encrypted response to the payload.