Struct Shield 

pub struct Shield { /* private fields */ }

EXPTIME-secure symmetric encryption.

Uses password-derived keys with PBKDF2 and encrypts using a SHA256-based stream cipher with HMAC-SHA256 authentication. Breaking requires 2^256 operations - no shortcut exists.

Version 2 adds replay protection and length obfuscation:

• Timestamp validation prevents replay attacks
• Random padding (32-128 bytes) obfuscates message length

Key separation: Derives separate subkeys for encryption and authentication to prevent cross-protocol attacks: enc_key = SHA256(key || 0x01), mac_key = SHA256(key || 0x02).

Key material is securely zeroized from memory when dropped.

Implementations

impl Shield

pub fn new(password: &str, service: &str) -> Self

Create a new Shield instance from password and service name.

Arguments

• password - User’s password
• service - Service identifier (e.g., “github.com”)

Example

use shield_core::Shield;
let shield = Shield::new("my_password", "example.com");

pub fn with_key(key: [u8; 32]) -> Self

Create Shield with a pre-shared key (no password derivation).

pub fn with_fingerprint( password: &str, service: &str, mode: FingerprintMode, ) -> Result<Self>

Create Shield with hardware fingerprinting (device-bound encryption).

Derives keys from password + hardware identifier, binding encryption to the physical device. Keys cannot be transferred to other hardware without the correct fingerprint.

Arguments

• password - User’s password
• service - Service identifier (e.g., “github.com”)
• mode - Fingerprint collection mode (Motherboard, CPU, or Combined)

Example

use shield_core::{Shield, FingerprintMode};
let shield = Shield::with_fingerprint("password", "example.com", FingerprintMode::Combined)?;

Errors

Returns error if hardware fingerprint cannot be collected.

Security

• Binding Strength: MEDIUM (hardware IDs are stable but replaceable)
• Spoofability: LOW-MEDIUM (requires hardware access or VM manipulation)
• Portability: NONE (keys are device-bound by design)

pub fn with_max_age(self, max_age_ms: Option<u64>) -> Self

Set maximum message age for replay protection.

Arguments

• max_age_ms - Maximum age in milliseconds, or None to disable replay protection

pub fn encrypt(&self, plaintext: &[u8]) -> Result<Vec<u8>>

Encrypt data (v2 format with replay protection and length obfuscation).

Returns: nonce(16) || ciphertext || mac(16)

Inner format: counter(8) || timestamp_ms(8) || pad_len(1) || random_padding(32-128) || plaintext

Errors

Returns error if random generation fails.

pub fn encrypt_with_key(key: &[u8; 32], plaintext: &[u8]) -> Result<Vec<u8>>

Encrypt with explicit key (v2 format). Derives separate enc/mac subkeys internally.

pub fn decrypt(&self, encrypted: &[u8]) -> Result<Vec<u8>>

Decrypt and verify data (supports both v1 and v2 formats).

Automatically detects v2 format by timestamp range and applies replay protection if configured. Tries separated subkeys first, falls back to unified key for backward compatibility.

Errors

Returns error if MAC verification fails, ciphertext is malformed, or message is expired.

pub fn decrypt_with_key(key: &[u8; 32], encrypted: &[u8]) -> Result<Vec<u8>>

Decrypt with explicit key (no replay protection).

pub fn decrypt_with_max_age( key: &[u8; 32], encrypted: &[u8], max_age_ms: Option<u64>, ) -> Result<Vec<u8>>

Decrypt with explicit max age for replay protection.

pub fn decrypt_v1(&self, encrypted: &[u8]) -> Result<Vec<u8>>

Decrypt v1 format explicitly (for backward compatibility with legacy ciphertext).

Always uses v1 parsing: skip 8-byte counter prefix, no timestamp check.

pub fn decrypt_v1_with_key(key: &[u8; 32], encrypted: &[u8]) -> Result<Vec<u8>>

Decrypt v1 format with explicit key (uses separated subkeys).

Trait Implementations

impl Drop for Shield

fn drop(&mut self)

Executes the destructor for this type.

impl Zeroize for Shield

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.