Crate self_encryption

Source
Expand description

A file content self_encryptor.

This library provides convergent encryption on file-based data and produces a DataMap type and several chunks of encrypted data. Each chunk is up to 1MB in size and has an index and a name. This name is the SHA3-256 hash of the content, which allows the chunks to be self-validating. If size and hash checks are utilised, a high degree of certainty in the validity of the data can be expected.

Project GitHub page.

§Examples

A working implementation can be found in the “examples” folder of this project.

use self_encryption::{encrypt, test_helpers::random_bytes};

#[tokio::main]
async fn main() {
    let file_size = 10_000_000;
    let bytes = random_bytes(file_size);

    if let Ok((_data_map, _encrypted_chunks)) = encrypt(bytes) {
        // .. then persist the `encrypted_chunks`.
        // Remember to keep `data_map` somewhere safe..!
    }
}

Storage of the Vec<EncryptedChunk> or DataMap is outwith the scope of this library and must be implemented by the user.

Re-exports§

Structs§

  • This is - in effect - a partial decryption key for an encrypted chunk of data.
  • Holds the information that is required to recover the content of the encrypted file. This is held as a vector of ChunkInfo, i.e. a list of the file’s chunk hashes. Only files larger than 3072 bytes (3 * MIN_CHUNK_SIZE) can be self-encrypted. Smaller files will have to be batched together.
  • The actual encrypted content of the chunk
  • The maximum size (before compression) of an individual chunk of a file, defaulting as 1MiB.
  • The streaming decryptor to carry out the decryption on fly, chunk by chunk.
  • The streaming encryptor to carry out the encryption on fly, chunk by chunk.
  • A 256-bit number, viewed as a point in XOR space.

Enums§

  • Errors which can arise during self_encryption or -decryption.

Constants§

  • Controls the compression-speed vs compression-density tradeoffs. The higher the quality, the slower the compression. Range is 0 to 11.
  • The minimum size (before compression) of an individual chunk of a file, defined as 1B.
  • The minimum size (before compression) of data to be self-encrypted, defined as 3B.

Functions§

  • Decrypts data using chunks retrieved from any storage backend via the provided retrieval function.
  • Decrypt a chunk, given the index of that chunk in the sequence of chunks, and the raw encrypted content.
  • Decrypts data using chunks retrieved from any storage backend via the provided retrieval function. Writes the decrypted output to the specified file path.
  • Deserializes bytes into a data structure using bincode.
  • Encrypts a set of bytes and returns the encrypted data together with the data map that is derived from the input data.
  • Read a file from the disk to encrypt, and output the chunks to a given output directory if presents.
  • Recursively gets the root data map by decrypting child data maps Takes a chunk retrieval function that handles fetching the encrypted chunks
  • Recursively gets the root data map by decrypting child data maps using parallel chunk retrieval.
  • Serializes a data structure using bincode.
  • Shrinks a data map by recursively encrypting it until the number of chunks is small enough Returns the final data map and all chunks generated during shrinking
  • Decrypts data from storage in a streaming fashion using parallel chunk retrieval.
  • Reads a file in chunks, encrypts them, and stores them using a provided functor. Returns a DataMap.
  • Verifies and deserializes a chunk by checking its content hash matches the provided name.

Type Aliases§

  • Specialisation of std::Result for crate.