Expand description
SecureTar v3 reader primitives.
This crate is an independent Rust implementation aligned with the Python
home-assistant-libs/securetar
package. It currently implements the SecureTar v3 read path: header parsing,
password validation, key restoration, and streaming decryption.
Legacy SecureTar v1/v2 AES-CBC and archive-writing helpers are intentionally not implemented yet.
use std::{fs::File, io::Read};
use securetar::{SecureTarDecryptStream, SecureTarRootKeyContext};
let file = File::open("encrypted.securetar")?;
let context = SecureTarRootKeyContext::new("password");
let mut stream = SecureTarDecryptStream::new(file, context)?;
let mut plaintext_tar = Vec::new();
stream.read_to_end(&mut plaintext_tar)?;Structs§
- Decrypt
Reader - Plaintext reader returned by
SecureTarDecryptStream. - Secure
TarDecrypt Stream - Decrypting SecureTar v3 stream.
- Secure
TarDerived KeyMaterial V3 - Restored v3 key material.
- Secure
TarHeader - Parsed SecureTar header.
- Secure
TarRoot KeyContext - Password context for restoring per-file v3 key material.
Enums§
- Cipher
Mode - Cipher direction.
- Secure
TarError - SecureTar errors.
Constants§
- AES_
BLOCK_ SIZE - AES block size used by legacy SecureTar v1/v2.
- AES_
IV_ SIZE - AES IV size used by legacy SecureTar v1/v2.
- DEFAULT_
BUFSIZE - Default Python securetar buffer size.
- DEFAULT_
CIPHER_ VERSION - Default SecureTar version for new encrypted data in Python.
- GZIP_
MAGIC_ BYTES - Gzip magic bytes used by Python validation.
- SECURETAR_
FILE_ ID_ SIZE - Size of the SecureTar file id section.
- SECURETAR_
FILE_ METADATA_ SIZE - Size of the SecureTar metadata section.
- SECURETAR_
LEGACY_ HEADER_ SIZE - Header size for legacy magic-less SecureTar v1.
- SECURETAR_
MAGIC - SecureTar magic bytes.
- SECURETAR_
MAGIC_ RESERVED - Required reserved bytes in the SecureTar file id.
- SECURETAR_
V2_ CIPHER_ INIT_ SIZE - Size of the v2 cipher initialization section.
- SECURETAR_
V2_ HEADER_ SIZE - Size of a v2 header.
- SECURETAR_
V3_ CIPHER_ INIT_ SIZE - Size of the v3 cipher initialization section.
- SECURETAR_
V3_ HEADER_ SIZE - Size of a v3 header.
- TAR_
BLOCK_ SIZE - Tar block size.
- TAR_
MAGIC_ BYTES - Tar magic bytes used by Python validation.
- TAR_
MAGIC_ OFFSET - Tar magic offset used by Python validation.
- V3_
CHACH A20_ HEADER_ SIZE - Size of the XChaCha20-Poly1305 secretstream header.
- V3_
DERIVED_ KEY_ SALT_ SIZE - Size of v3 BLAKE2b salts.
- V3_
DERIVED_ KEY_ SIZE - Size of v3 derived keys.
- V3_
KDF_ MEMLIMIT - Argon2id memory limit, in bytes, for v3 keys.
- V3_
KDF_ OPSLIMIT - Argon2id operation limit for v3 keys.
- V3_
SECRETSTREAM_ ABYTES - Secretstream authentication bytes per v3 chunk.
- V3_
SECRETSTREAM_ CHUNK_ SIZE - Plaintext bytes per v3 secretstream chunk.
Functions§
- get_
archive_ max_ ciphertext_ size - Returns Python-compatible maximum outer archive ciphertext size.
- is_
securetar_ magic - Checks whether bytes start with SecureTar magic.
- secretstream_
overhead - Returns v3 secretstream overhead for a plaintext size.
- v3_
ciphertext_ size - Returns v3 payload ciphertext size, excluding the header.
- validate
- Validates a stream; pass
falseto read through the final tag. - validate_
password - Validates that a password can decrypt the beginning of the stream.
Type Aliases§
- Result
- Crate result type.