Trait t_rust_less_lib::secrets_store::cipher::Cipher

pub trait Cipher: Send + Sync {
    fn key_type(&self) -> KeyType;
    fn name(&self) -> String;
    fn generate_key_pair(&self) -> SecretStoreResult<(PublicKey, PrivateKey)>;
    fn seal_key_length(&self) -> usize;
    fn seal_min_nonce_length(&self) -> usize;
    fn seal_private_key(
        &self, 
        seal_key: &SecretBytes, 
        nonce: &[u8], 
        private_key: &PrivateKey
    ) -> SecretStoreResult<Vec<u8>>;
    fn open_private_key(
        &self, 
        seal_key: &SecretBytes, 
        nonce: &[u8], 
        crypted_key: &[u8]
    ) -> SecretStoreResult<PrivateKey>;
    fn encrypt(
        &self, 
        recipients: &[(&str, PublicKey)], 
        data: &SecretBytes, 
        header_builder: Builder<'_>
    ) -> SecretStoreResult<Vec<u8>>;
    fn decrypt(
        &self, 
        user: (&str, &PrivateKey), 
        header: Reader<'_>, 
        crypted: &[u8]
    ) -> SecretStoreResult<SecretBytes>;

    fn find_matching_header<'a>(
        &self, 
        headers: &Reader<'a, Owned>
    ) -> SecretStoreResult<Option<Reader<'a>>> { ... }
}

Common interface of all cipher suites.

In this case “Chiper” does not refer to a single cipher but rather to a set of chiphers and methods used in combination to realize public/private key encryption on data with multiple recipients.

Required methods

fn key_type(&self) -> KeyType

Get the type identifier use inside the storage format.

fn name(&self) -> String

Get a displayable name of the cipher

fn generate_key_pair(&self) -> SecretStoreResult<(PublicKey, PrivateKey)>

Generate a new public-private key-pair.

The cipher should decide by itself a suitable key-strength.

fn seal_key_length(&self) -> usize

Get the required length of the seal key for the seal_private_key and open_private_key operation.

fn seal_min_nonce_length(&self) -> usize

Get the minimal nonce length for all seal/open/encrypt/decrypt operations.

fn seal_private_key(
    &self,
    seal_key: &SecretBytes,
    nonce: &[u8],
    private_key: &PrivateKey
) -> SecretStoreResult<Vec<u8>>

Seal a private key of this cipher suite.

• seal_key the sealing key created by a key-derivation, ensured to have exactly seal_key_length bytes
• nonce random nonce to use, ensured to have at least seal_min_nonce_length bytes
• private_key the private key to seal, created by a generate_key_pair of this suite

fn open_private_key(
    &self,
    seal_key: &SecretBytes,
    nonce: &[u8],
    crypted_key: &[u8]
) -> SecretStoreResult<PrivateKey>

Open a sealed private key of this cipher suite.

• seal_key the sealing key created by a key-derivation, ensured to have exactly seal_key_length bytes
• nonce random nonce to use, ensured to have at least seal_min_nonce_length bytes
• crypted_key the encrypted bytes created by a seal_private_key

fn encrypt(
    &self,
    recipients: &[(&str, PublicKey)],
    data: &SecretBytes,
    header_builder: Builder<'_>
) -> SecretStoreResult<Vec<u8>>

Encrypt arbitrary data for a set of recipients.

• recipients list of recipients allowed to access/decrypt the data. It has to be ensured that each recipient contains a public-key compatible with this suite.
• data the data to encrypt
• header_builder reference to the builder creating the encapsulating data-block for storage

fn decrypt(
    &self,
    user: (&str, &PrivateKey),
    header: Reader<'_>,
    crypted: &[u8]
) -> SecretStoreResult<SecretBytes>

Decrypt data for a user

• user the user accessing/decrypting the data. It has to be ensured that the user contains a private-key compatible with this suite and is part of the recipient list of the data.
• header reference to the header of the stored data-block.
• crypted the encrypted data

Provided methods

fn find_matching_header<'a>(
    &self,
    headers: &Reader<'a, Owned>
) -> SecretStoreResult<Option<Reader<'a>>>

Implementors