logo
Expand description

A file content self_encryptor.

This library provides convergent encryption on file-based data and produces a DataMap type and several chunks of encrypted data. Each chunk is up to 1MB in size and has an index and a name. This name is the SHA3-256 hash of the content, which allows the chunks to be self-validating. If size and hash checks are utilised, a high degree of certainty in the validity of the data can be expected.

Project GitHub page.

Examples

A working implementation can be found in the “examples” folder of this project.

use self_encryption::{encrypt, test_helpers::random_bytes};

#[tokio::main]
async fn main() {
    let file_size = 10_000_000;
    let bytes = random_bytes(file_size);

    if let Ok((_data_map, _encrypted_chunks)) = encrypt(bytes) {
        // .. then persist the `encrypted_chunks`.
        // Remember to keep `data_map` somewhere safe..!
    }
}

Storage of the Vec<EncryptedChunk> or DataMap is outwith the scope of this library and must be implemented by the user.

Re-exports

pub use bytes;
pub use xor_name;

Structs

This is - in effect - a partial decryption key for an encrypted chunk of data.

Holds the information that is required to recover the content of the encrypted file. This is held as a vector of ChunkInfo, i.e. a list of the file’s chunk hashes. Only files larger than 3072 bytes (3 * MIN_CHUNK_SIZE) can be self-encrypted. Smaller files will have to be batched together.

The actual encrypted content of the chunk, and its key index.

Helper struct for seeking original file bytes from chunks.

Enums

Errors which can arise during self_encryption or -decryption.

Constants

Controls the compression-speed vs compression-density tradeoffs. The higher the quality, the slower the compression. Range is 0 to 11.

The maximum size (before compression) of an individual chunk of the file, defined as 1MB.

The minimum size (before compression) of an individual chunk of the file, defined as 1kB.

The minimum size (before compression) of data to be self-encrypted, defined as 3kB.

Functions

Decrypts what is expected to be the full set of chunks covered by the data map.

Decrypts a range, used when seeking.

Encrypts a set of bytes and returns the encrypted data together with the data map that is derived from the input data, and is used to later decrypt the encrypted data. Returns an error if the size is too small for self-encryption. Only files larger than 3072 bytes (3 * MIN_CHUNK_SIZE) can be self-encrypted. Smaller files will have to be batched together for self-encryption to work.

Helper function for getting info needed to seek original file bytes from chunks.

Type Definitions

Specialisation of std::Result for crate.