Skip to main content

rustauth_core/crypto/
envelope.rs

1//! RustAuth secret-rotation envelope helpers.
2
3const ENVELOPE_PREFIX: &str = "$oa$";
4
5/// Parsed RustAuth encrypted payload envelope.
6#[derive(Debug, Clone, PartialEq, Eq)]
7pub struct Envelope {
8    pub version: u32,
9    pub ciphertext: String,
10}
11
12/// Parse `$oa$<version>$<ciphertext>` payloads.
13pub fn parse_envelope(data: &str) -> Option<Envelope> {
14    let rest = data.strip_prefix(ENVELOPE_PREFIX)?;
15    let (version, ciphertext) = rest.split_once('$')?;
16    if version.starts_with('-') {
17        return None;
18    }
19    let version = version.parse::<u32>().ok()?;
20
21    Some(Envelope {
22        version,
23        ciphertext: ciphertext.to_owned(),
24    })
25}
26
27/// Format a ciphertext with RustAuth's secret-rotation envelope.
28pub fn format_envelope(version: u32, ciphertext: &str) -> String {
29    format!("{ENVELOPE_PREFIX}{version}${ciphertext}")
30}