Expand description
A file content self_encryptor.
This library provides convergent encryption on file-based data and produces a DataMap
type and
several chunks of encrypted data. Each chunk is up to 1MB in size and has an index and a name. This name is the
SHA3-256 hash of the content, which allows the chunks to be self-validating. If size and hash
checks are utilised, a high degree of certainty in the validity of the data can be expected.
§Examples
A working implementation can be found in the “examples” folder of this project.
use self_encryption::{encrypt, test_helpers::random_bytes};
#[tokio::main]
async fn main() {
let file_size = 10_000_000;
let bytes = random_bytes(file_size);
if let Ok((_data_map, _encrypted_chunks)) = encrypt(bytes) {
// .. then persist the `encrypted_chunks`.
// Remember to keep `data_map` somewhere safe..!
}
}
Storage of the Vec<EncryptedChunk>
or DataMap
is outwith the scope of this
library and must be implemented by the user.
Re-exports§
Structs§
- This is - in effect - a partial decryption key for an encrypted chunk of data.
- Holds the information that is required to recover the content of the encrypted file. This is held as a vector of
ChunkInfo
, i.e. a list of the file’s chunk hashes. Only files larger than 3072 bytes (3 * MIN_CHUNK_SIZE) can be self-encrypted. Smaller files will have to be batched together. - The actual encrypted content of the chunk
- The maximum size (before compression) of an individual chunk of a file, defaulting as 1MiB.
- The streaming decryptor to carry out the decryption on fly, chunk by chunk.
- The streaming encryptor to carry out the encryption on fly, chunk by chunk.
- A 256-bit number, viewed as a point in XOR space.
Enums§
- Errors which can arise during self_encryption or -decryption.
Constants§
- Controls the compression-speed vs compression-density tradeoffs. The higher the quality, the slower the compression. Range is 0 to 11.
- The minimum size (before compression) of an individual chunk of a file, defined as 1B.
- The minimum size (before compression) of data to be self-encrypted, defined as 3B.
Functions§
- Decrypts data using chunks retrieved from any storage backend via the provided retrieval function.
- Decrypt a chunk, given the index of that chunk in the sequence of chunks, and the raw encrypted content.
- Decrypts data using chunks retrieved from any storage backend via the provided retrieval function. Writes the decrypted output to the specified file path.
- Deserializes bytes into a data structure using bincode.
- Encrypts a set of bytes and returns the encrypted data together with the data map that is derived from the input data.
- Read a file from the disk to encrypt, and output the chunks to a given output directory if presents.
- Recursively gets the root data map by decrypting child data maps Takes a chunk retrieval function that handles fetching the encrypted chunks
- Recursively gets the root data map by decrypting child data maps using parallel chunk retrieval.
- Serializes a data structure using bincode.
- Shrinks a data map by recursively encrypting it until the number of chunks is small enough Returns the final data map and all chunks generated during shrinking
- Decrypts data from storage in a streaming fashion using parallel chunk retrieval.
- Reads a file in chunks, encrypts them, and stores them using a provided functor. Returns a DataMap.
- Verifies and deserializes a chunk by checking its content hash matches the provided name.
Type Aliases§
- Specialisation of
std::Result
for crate.