Crate sentinel_crypto 

Sentinel Crypto

A modular, secure cryptographic library for the Sentinel document database. This crate provides hashing and digital signature operations with a focus on maintainability, security, and performance.

Design Principles

• Modular Architecture: Traits are separated from implementations, allowing easy algorithm switching and testing.
• Security First: All sensitive data is automatically zeroized. Sealed traits prevent external insecure implementations.
• Unified Error Handling: Single CryptoError enum for consistent error handling across all operations.
• RustCrypto Only: Uses only audited rustcrypto crates (blake3, ed25519-dalek) for cryptographic primitives.
• Parallel Performance: BLAKE3 supports parallel computation for large inputs.

Security Features

• Memory Protection: SigningKey and other sensitive types automatically zeroize memory when dropped.
• Sealed Traits: Prevents external implementations that might bypass security.
• Type Safety: Associated types ensure compile-time correctness.
• Error Abstraction: Errors don’t leak sensitive information.

Performance

• BLAKE3: High-performance hash function with parallel support.
• Ed25519: Fast elliptic curve signatures with 128-bit security.

Usage

use sentinel_crypto::{hash_data, sign_hash, verify_signature, SigningKey};

let data = serde_json::json!({"key": "value"});
let hash = hash_data(&data).unwrap();

let key = SigningKey::from_bytes(&rand::random::<[u8; 32]>());
let signature = sign_hash(&hash, &key).unwrap();

let public_key = key.verifying_key();
assert!(verify_signature(&hash, &signature, &public_key).unwrap());

Re-exports

pub use encrypt::Aes256GcmSivEncryptor;

pub use encrypt::Ascon128Encryptor;

pub use encrypt::EncryptionKeyManager;

pub use encrypt::XChaCha20Poly1305Encryptor;

pub use encrypt_trait::EncryptionAlgorithm;

pub use error::CryptoError;

pub use hash_trait::HashFunction;

pub use key_derivation::Argon2KeyDerivation;

pub use key_derivation::Pbkdf2KeyDerivation;

pub use key_derivation_trait::KeyDerivationFunction;

pub use sign::Ed25519Signer;

pub use sign::SigningKeyManager;

pub use sign_trait::SignatureAlgorithm;

pub use crypto_config::*;

Modules

crypto_config

encrypt

encrypt_trait

error

hash

hash_trait

key_derivation

key_derivation_trait

sign

sign_trait

Structs

Signature

Ed25519 signature.

SigningKey

ed25519 signing key which can be used to produce signatures.

VerifyingKey

An ed25519 public key.

Functions

decrypt_data

Decrypts data using the globally configured algorithm.

derive_key_from_passphrase

Derives a 32-byte key from a passphrase using the globally configured algorithm. Returns the randomly generated salt and the derived key.

derive_key_from_passphrase_with_salt

Derives a 32-byte key from a passphrase using the provided salt and the globally configured algorithm.

encrypt_data

Encrypts data using the globally configured algorithm.

hash_data

Computes the hash of the given JSON data using the globally configured algorithm.

sign_hash

Signs the given hash using the globally configured algorithm.

verify_signature

Verifies the signature of the given hash using the globally configured algorithm.