pub trait SerdeEncryptSharedKeyDeterministic {
type S: TypedSerialized<T = Self>;
fn encrypt(&self, shared_key: &SharedKey) -> Result<EncryptedMessage, Error>
where
Self: Serialize,
{ ... }
fn decrypt_owned(
encrypted_message: &EncryptedMessage,
shared_key: &SharedKey
) -> Result<Self, Error>
where
Self: DeserializeOwned,
{ ... }
fn decrypt_ref<'de>(
encrypted_message: &EncryptedMessage,
shared_key: &SharedKey
) -> Result<Self::S, Error>
where
Self: Deserialize<'de>,
{ ... }
}
Expand description
Shared-key authenticated deterministic encryption for serde-serializable types.
Features
- Message authentication.
- Same cipher-text for the same plain-text for eq-match in cipher-text. Note that this is more vulnerable than SerdeEncryptSharedKey because, for example, attackers can find repeated patterns in cipher-text and then guess repeated patterns in plain-text.
- Uses small (32-byte) key.
Anti-features
- Identity authentication of sender nor receiver.
Popular use cases
Good for both large and small message encryption / decryption.
Eq-match feature is used in encrypted indexes in RDBMS, for example.
Examples
See: SerdeEncryptSharedKey, who has nearly the same usage.
Algorithm
- Encryption: XChaCha20
- Message authentication: Poly1305 MAC
- Fixed nonce.
Required Associated Types
type S: TypedSerialized<T = Self>
type S: TypedSerialized<T = Self>
Serializer implementation
Provided Methods
Serialize and encrypt.
Failures
- SerializationError when failed to serialize message.
- EncryptionError when failed to encrypt serialized message.
fn decrypt_owned(
encrypted_message: &EncryptedMessage,
shared_key: &SharedKey
) -> Result<Self, Error> where
Self: DeserializeOwned,
fn decrypt_owned(
encrypted_message: &EncryptedMessage,
shared_key: &SharedKey
) -> Result<Self, Error> where
Self: DeserializeOwned,
Decrypt and deserialize into DeserializeOwned type.
Failures
- DecryptionError when failed to decrypt message.
- DeserializationError when failed to deserialize decrypted message.
fn decrypt_ref<'de>(
encrypted_message: &EncryptedMessage,
shared_key: &SharedKey
) -> Result<Self::S, Error> where
Self: Deserialize<'de>,
fn decrypt_ref<'de>(
encrypted_message: &EncryptedMessage,
shared_key: &SharedKey
) -> Result<Self::S, Error> where
Self: Deserialize<'de>,
Just decrypts cipher-text. Returned data must be deserialized later.
Types implementing serde::Deserialize<'de>
(not serde::de::DeserializeOwned
) should use
this function to resolve lifetime.
Failures
- DecryptionError when failed to decrypt message.