Struct Chacha 

pub struct Chacha { /* private fields */ }

A tool to encrypt and decrypt data with chacha20poly1305, with a key that is derived from the given password using pbkdf2.

The methods encrypt and decrypt just deal with the secret, the methods encrypt_auth and decrypt_auth use additionally an authentication tag.

The return value of the encrypt methods is of type Cipher and needs to be provided with the same content to the decrypt call.

Example with authentication tag

use pwsec::Chacha;
let secret = b"this is some serialized form of the secret data";
let auth_tag = b"this is just some informal and nonconfidential summary";
let pw = "LOIUo98zkjhB";
let chacha = Chacha::with_pbkdf2_rounds(123_456);
let cipher = chacha.encrypt_auth(secret, auth_tag, pw).unwrap();

// Decryption needs the cipher, the auth_tag, and the password:
let decrypted_secret = chacha.decrypt_auth(&cipher, auth_tag, pw).unwrap();
assert_eq!(secret.to_vec(), decrypted_secret);

Implementations

impl Chacha

pub fn with_pbkdf2_rounds(pbkdf_rounds: u32) -> Self

The constructor takes the number of rounds that pbkdf2 should use.

Choose a random big value, like 125_642 or 101_864, and use the same number for encryption and decryption.

pub fn encrypt(&self, secret: &[u8], pw: &str) -> Result<Cipher, Error>

Encrypts a secret securely, based on a password.

Parameters:

• Input:
  • secret: the sensitive data you want to encrypt
  • pw: the password
• Output:
  • the encrypted secret

Errors

Error::Encrypt can occur.

pub fn encrypt_auth( &self, secret: &[u8], auth: &[u8], pw: &str, ) -> Result<Cipher, Error>

Encrypts a secret securely, based on a password, and using an authentication tag.

Parameters:

• Input:
  • secret: the sensitive data you want to encrypt
  • auth: optional additional data that will not be encrypted, but must be provided in unmodified form also to decrypt_auth
  • pw: the password
• Output:
  • the sensitive data you had encrypted

Errors

Error::Encrypt can occur.

pub fn decrypt(&self, cipher: &Cipher, pw: &str) -> Result<Vec<u8>, Error>

Decrypts data that were encrypted with encrypt().

Parameters:

• Input:
  • cipher: the output from encrypt
  • auth: the same value as it was given to the encrypt call
  • pw: the password
• Output:
  • the sensitive data you had encrypted

Errors

Error::Decrypt can occur.

pub fn decrypt_auth( &self, cipher: &Cipher, auth: &[u8], pw: &str, ) -> Result<Vec<u8>, Error>

Decrypts data that were encrypted with encrypt().

Parameters:

• Input:
  • cipher: the output from encrypt
  • auth: the same value as it was given to the encrypt call
  • pw: the password
• Output:
  • the sensitive data you had encrypted

Errors

Error::Decrypt can occur.