Expand description
§redact-crypto
The redact-crypto
crate contains all of the interfaces, data structures,
and abstractions necessary to work with cryptographic primitives and Redact data-types.
The motivation behind this crate is to provide a unified interface for interacting with serialized data that may be encrypted. Serializable data types are represented as an enum tree, with the base types being:
- bool
- u64
- i64
- f64
- Vec
These should cover most use cases for now. In the case of serializing a custom data type, that type can be serialized into bytes and then those bytes turned into a Vec to be stored in the redact type system.
The other set of types in the tree covers cryptographic keys, which are themselves split into symmetric and asymmetric enums. Current keys are exclusively implemented via libsodium, but other implementations will be added based on need.
This crate also provides a storage interface for CRUD operations on these data types. The
provided implementation can transparently perform these operations on unencrypted data,
encrypted data, or references to data. This means it can, for example, search for all
data of type AsymmetricKey
and return all possible keys regardless of if that key
is encrypted. It also provides resolution functionality that accepts an encrypted piece of
data and decrypts it into its final type by fetching the appropriate key from storage. It can
do this recursively to resolve an entire chain of encryption.
The final interface provided by this crate covers sources. Currently, the only supported source is a byte source, meaning it represents some device which returns a vector of bytes. Current supported bytes sources are memory and filesystem. These can be used interchangeably when a bytes source is required and they will correctly resolve the set of bytes if possible.
File directory:
- lib.rs: exports root-level public types from otherwise private submodules
- error.rs: custom errors that can arise from various redact-crypto operations
- sources.rs: types, traits, and implementations for sources of data
- typebuilders.rs: types that build types
- types.rs: all redact types that can be serialized and stored as unencrypted/ encrypted/referenced
- keys.rs: exports key submodules such as sodiumoxide key implementations
- keys/sodiumoxide.rs: key implementations backed by sodiumoxide
- nonces.rs: nonce hierarchy for each implemented key type
- nonces/sodiumoxide.rs: sodiumoxide nonce implementations
- storage.rs: trait for a data type that stores
Entry
types - storage/mongodb.rs: storage implentation for mongodb
- storage/redact.rs: storage implementation for a redact-store server
Re-exports§
pub use key::AsymmetricKey;
pub use key::AsymmetricKeyBuilder;
pub use key::HasAlgorithmIdentifier;
pub use key::HasPublicKey;
pub use key::Key;
pub use key::KeyBuilder;
pub use key::PublicAsymmetricKey;
pub use key::PublicAsymmetricKeyBuilder;
pub use key::PublicAsymmetricSealer;
pub use key::PublicAsymmetricUnsealer;
pub use key::SecretAsymmetricKey;
pub use key::SecretAsymmetricKeyBuilder;
pub use key::SecretAsymmetricSealer;
pub use key::SecretAsymmetricUnsealer;
pub use key::Signer;
pub use key::SymmetricKey;
pub use key::SymmetricKeyBuilder;
pub use key::SymmetricSealer;
pub use key::SymmetricUnsealer;
pub use key::ToPublicAsymmetricByteAlgorithm;
pub use key::ToSecretAsymmetricByteAlgorithm;
pub use key::ToSymmetricByteAlgorithm;
pub use key::Verifier;
pub use nonce::AsymmetricNonce;
pub use nonce::Nonce;
pub use nonce::SymmetricNonce;
pub use storage::mongodb::MongoStorer;
pub use storage::mongodb::MongoStorerError;
pub use storage::redact::RedactStorer;
pub use storage::redact::RedactStorerError;
pub use storage::HasIndex;
pub use storage::IndexedStorer;
pub use storage::IndexedTypeStorer;
pub use storage::NonIndexedTypeStorer;
pub use storage::Storer;
pub use storage::TypeStorer;
Modules§
- Classifies nonces used by different key types.
- The storage module covers all aspects of CRUD operations on Redact data-types. It allows for retrieving data entries stored in a Redact database. These data entries can be either unencrypted bytes, encrypted bytes, or a reference pointing to another entry.
Structs§
- A source that is a path to a file on the filesystem. The contents of the file are cached on the first call to get(), and can be refreshed by calling the reload() method.
- Represents a valid path
- Need this to provide a level an indirection for TryFrom
- A source that is an array of bytes in memory
Enums§
- Enumerates all the different types of byte-type sources. Currently supported:
- Error that wraps all possible errors out of the redact-crypto crate
- Enumerates all the different types of sources. Currently supported: