Skip to main content

TimeLockSalts

toolkit_zero::encryption::timelock

Struct TimeLockSalts 

Source 
pub struct TimeLockSalts {
    pub s1: [u8; 32],
    pub s2: [u8; 32],
    pub s3: [u8; 32],
}
Expand description

Three independent 32-byte random salts — one per KDF pass.

Generate once at encryption time via TimeLockSalts::generate and store 96 bytes in the ciphertext header. The same TimeLockSalts must be supplied to [derive_key_now] / [derive_key_at] at decryption time.

Salts are not secret — they only prevent precomputation attacks. All three fields are zeroized when this value is dropped.

Fields§

§s1: [u8; 32]

Salt for the first Argon2id pass.

§s2: [u8; 32]

Salt for the scrypt pass.

§s3: [u8; 32]

Salt for the final Argon2id pass.

Implementations§

Source§

impl TimeLockSalts

Source

pub fn generate() -> Self

Generate three independent 32-byte salts from the OS CSPRNG.

Examples found in repository?
examples/timelock_round_trip.rs (line 28)
24fn main() {
25    // ── Encryption side ───────────────────────────────────────────────────────
26    // Generate fresh salts.  Salts are NOT secret — store them in plaintext
27    // alongside the ciphertext so the decryption side can reproduce the key.
28    let salts = TimeLockSalts::generate();
29
30    // Use a deliberately fast preset so the example finishes quickly.
31    // In production use KdfPreset::Balanced or stronger.
32    let kdf = KdfPreset::Balanced.params();
33
34    // Lock to any Tuesday at 18:00 (hour-precision window = the full 18:00–18:59 block).
35    let cadence   = TimeLockCadence::DayOfWeek(Weekday::Tuesday);
36    let lock_time = TimeLockTime::new(18, 0).unwrap();
37
38    println!("Deriving encryption key (this may take a few seconds)…");
39    let enc_key = TimelockBuilder::encrypt()
40        .cadence(cadence.clone())
41        .time(lock_time)
42        .precision(TimePrecision::Hour)
43        .format(TimeFormat::Hour24)
44        .salts(salts.clone())
45        .kdf(kdf)
46        .derive()
47        .expect("encryption-side key derivation failed");
48
49    println!("enc_key[:8] = {:02x?}", &enc_key.as_bytes()[..8]);
50
51    // Pack every setting — including salts and KDF params — into a compact header.
52    // This header goes into the ciphertext in plaintext; nothing here is secret.
53    let header = pack(
54        TimePrecision::Hour,
55        TimeFormat::Hour24,
56        &cadence,
57        salts,
58        kdf,
59    );
60
61    // ── Decryption side ───────────────────────────────────────────────────────
62    // Load `header` from the ciphertext and call TimelockBuilder::decrypt at the
63    // matching time slot.  All settings are read from the header automatically.
64    println!("Deriving decryption key from system clock…");
65    let dec_key = TimelockBuilder::decrypt(header)
66        .derive()
67        .expect("decryption-side key derivation failed");
68
69    println!("dec_key[:8] = {:02x?}", &dec_key.as_bytes()[..8]);
70
71    // ── Verdict ───────────────────────────────────────────────────────────────
72    if enc_key.as_bytes() == dec_key.as_bytes() {
73        println!("\nKeys match ✓  — running on a Tuesday at 18:xx");
74    } else {
75        println!("\nKeys differ — not running on a Tuesday at 18:xx (expected outside that window)");
76    }
77}
Source

pub fn from_bytes(s1: [u8; 32], s2: [u8; 32], s3: [u8; 32]) -> Self

Construct from raw bytes (e.g. when loading from a ciphertext header).

Source

pub fn to_bytes(&self) -> [u8; 96]

Serialize to 96 contiguous bytes (s1 ∥ s2 ∥ s3) for header storage.

Source

pub fn from_slice(b: &[u8; 96]) -> Self

Deserialize from 96 contiguous bytes produced by [to_bytes].

Trait Implementations§

Source§

impl Clone for TimeLockSalts

Source§

fn clone(&self) -> TimeLockSalts

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for TimeLockSalts

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Drop for TimeLockSalts

Available on crate features enc-timelock-keygen-now or enc-timelock-keygen-input or enc-timelock-async-keygen-now or enc-timelock-async-keygen-input only.
Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl Zeroize for TimeLockSalts

Available on crate features enc-timelock-keygen-now or enc-timelock-keygen-input or enc-timelock-async-keygen-now or enc-timelock-async-keygen-input only.
Source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more