Expand description
State file encryption using AES-256-GCM with PBKDF2 key derivation.
This crate provides transparent encryption and decryption of sensitive data using AES-256-GCM with PBKDF2 key derivation from user passphrases.
§Usage
use shipper_encrypt::{encrypt, decrypt};
let plaintext = b"Secret data";
let passphrase = "my-secret-passphrase";
let encrypted = encrypt(plaintext, passphrase).expect("encryption failed");
let encrypted_str = String::from_utf8(encrypted).expect("valid UTF-8");
let decrypted = decrypt(&encrypted_str, passphrase).expect("decryption failed");
assert_eq!(plaintext.to_vec(), decrypted);§Security
- Uses AES-256-GCM for authenticated encryption
- PBKDF2 with 100,000 iterations for key derivation
- Random salt and nonce for each encryption operation
- Encrypted data format: base64(salt || nonce || ciphertext || auth_tag)
Structs§
- Encryption
Config - Encryption configuration
- State
Encryption - Transparent encryption wrapper for file operations.
Functions§
- decrypt
- Decrypt data using AES-256-GCM with PBKDF2 key derivation
- encrypt
- Encrypt data using AES-256-GCM with PBKDF2 key derivation
- is_
encrypted - Check if data appears to be encrypted (starts with base64-encoded salt) This is a heuristic check - it may give false negatives for very short or specially crafted plaintexts, but should work for normal JSON state files.
- mask_
passphrase - Mask a passphrase for safe display, showing only the first and last characters with asterisks in between. Passphrases with fewer than 3 characters are fully masked.
- read_
decrypted - Read and decrypt a file
- write_
encrypted - Write and encrypt data to a file