Expand description
§redact-crypto
The redact-crypto crate contains all of the interfaces, data structures,
and abstractions necessary to work with cryptographic primitives and Redact data-types.
The motivation behind this crate is to provide a unified interface for interacting with serialized data that may be encrypted. Serializable data types are represented as an enum tree, with the base types being:
- bool
- u64
- i64
- f64
- Vec
These should cover most use cases for now. In the case of serializing a custom data type, that type can be serialized into bytes and then those bytes turned into a Vec to be stored in the redact type system.
The other set of types in the tree covers cryptographic keys, which are themselves split into symmetric and asymmetric enums. Current keys are exclusively implemented via libsodium, but other implementations will be added based on need.
This crate also provides a storage interface for CRUD operations on these data types. The
provided implementation can transparently perform these operations on unencrypted data,
encrypted data, or references to data. This means it can, for example, search for all
data of type AsymmetricKey and return all possible keys regardless of if that key
is encrypted. It also provides resolution functionality that accepts an encrypted piece of
data and decrypts it into its final type by fetching the appropriate key from storage. It can
do this recursively to resolve an entire chain of encryption.
The final interface provided by this crate covers sources. Currently, the only supported source is a byte source, meaning it represents some device which returns a vector of bytes. Current supported bytes sources are memory and filesystem. These can be used interchangeably when a bytes source is required and they will correctly resolve the set of bytes if possible.
File directory:
- lib.rs: exports root-level public types from otherwise private submodules
- error.rs: custom errors that can arise from various redact-crypto operations
- sources.rs: types, traits, and implementations for sources of data
- typebuilders.rs: types that build types
- types.rs: all redact types that can be serialized and stored as unencrypted/ encrypted/referenced
- keys.rs: exports key submodules such as sodiumoxide key implementations
- keys/sodiumoxide.rs: key implementations backed by sodiumoxide
- nonces.rs: nonce hierarchy for each implemented key type
- nonces/sodiumoxide.rs: sodiumoxide nonce implementations
- storage.rs: trait for a data type that stores
Entrytypes - storage/mongodb.rs: storage implentation for mongodb
- storage/redact.rs: storage implementation for a redact-store server
Re-exports§
pub use key::AsymmetricKey;pub use key::AsymmetricKeyBuilder;pub use key::HasAlgorithmIdentifier;pub use key::HasPublicKey;pub use key::Key;pub use key::KeyBuilder;pub use key::PublicAsymmetricKey;pub use key::PublicAsymmetricKeyBuilder;pub use key::PublicAsymmetricSealer;pub use key::PublicAsymmetricUnsealer;pub use key::SecretAsymmetricKey;pub use key::SecretAsymmetricKeyBuilder;pub use key::SecretAsymmetricSealer;pub use key::SecretAsymmetricUnsealer;pub use key::Signer;pub use key::SymmetricKey;pub use key::SymmetricKeyBuilder;pub use key::SymmetricSealer;pub use key::SymmetricUnsealer;pub use key::ToPublicAsymmetricByteAlgorithm;pub use key::ToSecretAsymmetricByteAlgorithm;pub use key::ToSymmetricByteAlgorithm;pub use key::Verifier;pub use nonce::AsymmetricNonce;pub use nonce::Nonce;pub use nonce::SymmetricNonce;pub use storage::mongodb::MongoStorer;pub use storage::mongodb::MongoStorerError;pub use storage::redact::RedactStorer;pub use storage::redact::RedactStorerError;pub use storage::HasIndex;pub use storage::IndexedStorer;pub use storage::IndexedTypeStorer;pub use storage::NonIndexedTypeStorer;pub use storage::Storer;pub use storage::TypeStorer;
Modules§
- cert
- key
- nonce
- Classifies nonces used by different key types.
- storage
- The storage module covers all aspects of CRUD operations on Redact data-types. It allows for retrieving data entries stored in a Redact database. These data entries can be either unencrypted bytes, encrypted bytes, or a reference pointing to another entry.
- x509
Structs§
- Binary
Data - Binary
Data Builder - Bool
Data Builder - Entry
- F64Data
Builder - FsByte
Source - A source that is a path to a file on the filesystem. The contents of the file are cached on the first call to get(), and can be refreshed by calling the reload() method.
- I64Data
Builder - Path
- Represents a valid path
- String
Data Builder - Type
Builder Container - Need this to provide a level an indirection for TryFrom
- U64Data
Builder - Vector
Byte Source - A source that is an array of bytes in memory
Enums§
- Binary
Type - Byte
Algorithm - Byte
Source - Enumerates all the different types of byte-type sources. Currently supported:
- Crypto
Error - Error that wraps all possible errors out of the redact-crypto crate
- Data
- Data
Builder - Source
- Enumerates all the different types of sources. Currently supported:
- Source
Error - State
- Type
- Type
Builder