Expand description
Cryptographic operations for promocrypt-core.
Implements the two-key encryption system using:
- Argon2id for key derivation
- AES-256-GCM for authenticated encryption
- AES-256-SIV for deterministic storage encryption
Constants§
- ARGO
N2_ MEMORY_ COST - Argon2 memory cost in KiB (64 MB)
- ARGO
N2_ PARALLELISM - Argon2 parallelism
- ARGO
N2_ TIME_ COST - Argon2 time cost (iterations)
- ENCRYPTED_
KEY_ SIZE - Encrypted key size (32 bytes key + 16 bytes tag)
- NONCE_
SIZE - Nonce size for AES-256-GCM
- SALT_
SIZE - Salt size in bytes
- TAG_
SIZE - Tag size for AES-256-GCM
Functions§
- decrypt
- Decrypt data with AES-256-GCM.
- decrypt_
code_ from_ storage - Decrypt a code from database storage.
- decrypt_
codes_ from_ storage - Decrypt multiple codes from storage (batch operation).
- decrypt_
data - Decrypt data with a data key.
- decrypt_
data_ key - Decrypt a 32-byte data key from storage.
- derive_
key - Derive a 32-byte key from a password/secret using Argon2id.
- encrypt
- Encrypt data with AES-256-GCM.
- encrypt_
code_ for_ storage - Encrypt a code for database storage (deterministic).
- encrypt_
codes_ for_ storage - Encrypt multiple codes for storage (batch operation).
- encrypt_
data - Encrypt data with a data key (for config/mutable sections).
- encrypt_
data_ key - Encrypt a 32-byte data key for storage.
- generate_
nonce - Generate a random 12-byte nonce.
- generate_
random_ key - Generate a random 32-byte key.
- generate_
salt - Generate a random 16-byte salt.
- hash_
secret - Hash a secret for storage in history (using SHA256).