Expand description
§Shield Core
EXPTIME-secure encryption library - Rust implementation.
§Security Model
Shield uses only symmetric primitives with proven exponential-time security. Breaking requires 2^256 operations - no shortcut exists.
- PBKDF2-SHA256 for key derivation
- AES-256-CTR-like stream cipher (SHA256-based keystream)
- HMAC-SHA256 for authentication
§Usage
use shield_core::Shield;
let shield = Shield::new("password", "service.com");
let ciphertext = shield.encrypt(b"secret data").unwrap();
let plaintext = shield.decrypt(&ciphertext).unwrap();§Error Handling
All fallible operations return Result<T, ShieldError>. Common errors:
ShieldError::AuthenticationFailed- MAC verification failed (tampered/wrong key)ShieldError::CiphertextTooShort- Input too small to be valid ciphertextShieldError::RandomFailed- System RNG failure (extremely rare)ShieldError::InvalidFormat- Malformed input data
§Panics
Functions that may panic are documented, but panics are rare and indicate:
- Internal invariant violations (should never happen in correct usage)
- System-level failures (e.g., time going backwards)
Re-exports§
pub use channel::ChannelConfig;pub use channel::ShieldChannel;pub use channel::ShieldListener;pub use fingerprint::FingerprintMode;
Modules§
- channel
- Shield Secure Channel - TLS/SSH-like secure transport using symmetric crypto.
- fingerprint
- Hardware fingerprinting for device-bound encryption.
- password
- Password strength analysis and validation.
Structs§
- Broadcast
Encryption - Efficient broadcast encryption for large groups.
- Encrypted
Broadcast - Encrypted broadcast message format.
- Encrypted
Group Message - Encrypted group message format.
- Group
Encryption - Multi-recipient encryption.
- Identity
- User identity.
- Identity
Provider - Identity provider for managing users and sessions.
- KeyRotation
Manager - Key rotation manager.
- KeySplitter
- Split keys into shares (all required to reconstruct).
- Lamport
Signature - Lamport one-time signature (post-quantum secure).
- PAKE
Exchange - Password-Authenticated Key Exchange.
- QRExchange
- Key exchange via QR codes or manual transfer.
- Ratchet
Session - Ratcheting session for forward secrecy.
- Recovery
Codes - Recovery codes for 2FA backup.
- Secure
Session - Secure session with automatic key rotation.
- Session
- Session information.
- Shield
- EXPTIME-secure symmetric encryption.
- Stream
Cipher - Stream cipher for large file encryption.
- Symmetric
Signature - HMAC-based symmetric signature.
- TOTP
- TOTP generator and validator.
Enums§
- Shield
Error - Errors that can occur during Shield operations.
Functions§
- quick_
decrypt - Quick decrypt with pre-shared key
- quick_
encrypt - Quick encrypt with pre-shared key (no password derivation)
Type Aliases§
- Result
- Result type for Shield operations.