Crate self_encryption[−][src]

Expand description

A file content self_encryptor.

This library provides convergent encryption on file-based data and produces a SecretKey type and several chunks of encrypted data. Each chunk is up to 1MB in size and has an index and a name. This name is the SHA3-256 hash of the content, which allows the chunks to be self-validating. If size and hash checks are utilised, a high degree of certainty in the validity of the data can be expected.

Project GitHub page.

Examples

A working implementation can be found in the “examples” folder of this project.

use self_encryption::{encrypt, test_helpers::random_bytes};

#[tokio::main]
async fn main() {
    let file_size = 10_000_000;
    let bytes = random_bytes(file_size);
     
    if let Ok((_secret_key, _encrypted_chunks)) = encrypt(bytes) {
        // .. then persist the `encrypted_chunks`.
        // Remember to keep `secret_key` somewhere safe..!
    }
}

Storage of the Vec<EncryptedChunk> or SecretKey is outwith the scope of this library and must be implemented by the user.

Structs

ChunkKey

This is - in effect - a partial decryption key for an encrypted chunk of data.

EncryptedChunk

The actual encrypted content of the chunk, and its key index.

SecretKey

A secret key to decrypt a self-encrypted file.

SeekInfo

Helper struct for seeking original file bytes from chunks.

Enums

Error

Errors which can arise during self_encryption or -decryption.

Constants

COMPRESSION_QUALITY

Controls the compression-speed vs compression-density tradeoffs. The higher the quality, the slower the compression. Range is 0 to 11.

MAX_CHUNK_SIZE

The maximum size (before compression) of an individual chunk of the file, defined as 1MB.

MIN_CHUNK_SIZE

The minimum size (before compression) of an individual chunk of the file, defined as 1kB.

MIN_ENCRYPTABLE_BYTES

The minimum size (before compression) of data to be self-encrypted, defined as 3kB.

Functions

decrypt_full_set

Decrypts what is expected to be the full set of chunks covered by the secret key.

decrypt_range

Decrypts a range, used when seeking.

encrypt

Encrypts a set of bytes and returns the encrypted data together with the secret key that is derived from the input data. Returns an error if the size is too small for self-encryption. Only files larger than 3072 bytes (3 * MIN_CHUNK_SIZE) can be self-encrypted. Smaller files will have to be batched together for self-encryption to work.

seek_info

Helper function for getting info needed to seek original file bytes from chunks.

Type Definitions

Result

Specialisation of std::Result for crate.