Trait Cipher

pub trait Cipher: Send + Sync {
    // Required methods
    fn key_type(&self) -> KeyType;
    fn name(&self) -> String;
    fn generate_key_pair(&self) -> SecretStoreResult<(PublicKey, PrivateKey)>;
    fn seal_key_length(&self) -> usize;
    fn seal_min_nonce_length(&self) -> usize;
    fn seal_private_key(
        &self,
        seal_key: &SecretBytes,
        nonce: &[u8],
        private_key: &PrivateKey,
    ) -> SecretStoreResult<Vec<u8>>;
    fn open_private_key(
        &self,
        seal_key: &SecretBytes,
        nonce: &[u8],
        crypted_key: &[u8],
    ) -> SecretStoreResult<PrivateKey>;
    fn encrypt(
        &self,
        recipients: &[(&str, PublicKey)],
        data: &SecretBytes,
        header_builder: Builder<'_>,
    ) -> SecretStoreResult<Vec<u8>>;
    fn decrypt(
        &self,
        user: (&str, &PrivateKey),
        header: Reader<'_>,
        crypted: &[u8],
    ) -> SecretStoreResult<SecretBytes>;

    // Provided method
    fn find_matching_header<'a>(
        &self,
        headers: &Reader<'a, Owned>,
    ) -> SecretStoreResult<Option<Reader<'a>>> { ... }
}

Common interface of all cipher suites.

In this case “Chiper” does not refer to a single cipher but rather to a set of chiphers and methods used in combination to realize public/private key encryption on data with multiple recipients.

Required Methods

fn key_type(&self) -> KeyType

Get the type identifier use inside the storage format.

fn name(&self) -> String

Get a displayable name of the cipher

fn generate_key_pair(&self) -> SecretStoreResult<(PublicKey, PrivateKey)>

Generate a new public-private key-pair.

The cipher should decide by itself a suitable key-strength.

fn seal_key_length(&self) -> usize

Get the required length of the seal key for the seal_private_key and open_private_key operation.

fn seal_min_nonce_length(&self) -> usize

Get the minimal nonce length for all seal/open/encrypt/decrypt operations.

fn seal_private_key( &self, seal_key: &SecretBytes, nonce: &[u8], private_key: &PrivateKey, ) -> SecretStoreResult<Vec<u8>>

Seal a private key of this cipher suite.

• seal_key the sealing key created by a key-derivation, ensured to have exactly seal_key_length bytes
• nonce random nonce to use, ensured to have at least seal_min_nonce_length bytes
• private_key the private key to seal, created by a generate_key_pair of this suite

fn open_private_key( &self, seal_key: &SecretBytes, nonce: &[u8], crypted_key: &[u8], ) -> SecretStoreResult<PrivateKey>

Open a sealed private key of this cipher suite.

• seal_key the sealing key created by a key-derivation, ensured to have exactly seal_key_length bytes
• nonce random nonce to use, ensured to have at least seal_min_nonce_length bytes
• crypted_key the encrypted bytes created by a seal_private_key

fn encrypt( &self, recipients: &[(&str, PublicKey)], data: &SecretBytes, header_builder: Builder<'_>, ) -> SecretStoreResult<Vec<u8>>

Encrypt arbitrary data for a set of recipients.

• recipients list of recipients allowed to access/decrypt the data. It has to be ensured that each recipient contains a public-key compatible with this suite.
• data the data to encrypt
• header_builder reference to the builder creating the encapsulating data-block for storage

fn decrypt( &self, user: (&str, &PrivateKey), header: Reader<'_>, crypted: &[u8], ) -> SecretStoreResult<SecretBytes>

Decrypt data for a user

• user the user accessing/decrypting the data. It has to be ensured that the user contains a private-key compatible with this suite and is part of the recipient list of the data.
• header reference to the header of the stored data-block.
• crypted the encrypted data

Provided Methods

fn find_matching_header<'a>( &self, headers: &Reader<'a, Owned>, ) -> SecretStoreResult<Option<Reader<'a>>>

Implementors