Skip to main content

Module serialization

toolkit_zero

Module serialization 

Source
Expand description

Struct-to-binary serialization with authenticated encryption.

This module converts any bincode-encodable value into an opaque, authenticated byte blob and back, using ChaCha20-Poly1305 (IETF AEAD). A fresh random 12-byte nonce is generated for every seal call, so ciphertexts are non-deterministic even for identical plaintext and key.

§What is guaranteed

  • Confidentiality. The ciphertext reveals nothing about the plaintext without the key.
  • Integrity and authenticity. The Poly1305 tag detects any bit-level modification; open returns an error on tampered or truncated blobs.
  • Semantic security. The random nonce ensures that encrypting the same value twice produces different ciphertexts, preventing chosen-plaintext attacks.
  • No magic bytes / constant header. Every output byte depends on the key and a fresh nonce; there is no static recognisable prefix.

§Format

blob = nonce (12 B) ‖ AEAD_ciphertext (bincode(value)) ‖ Poly1305 tag (16 B)

§Default key

When no key is supplied, the string "serialization/deserialization" is used.

§Example

use toolkit_zero::serialization::{seal, open, Encode, Decode};

#[derive(Encode, Decode, Debug, PartialEq)]
struct Point { x: f64, y: f64 }

let p = Point { x: 1.5, y: -3.0 };

// default key — string literals work directly
let blob = seal(&p, None::<&str>).unwrap();
let back: Point = open(&blob, None::<&str>).unwrap();
assert_eq!(p, back);

// explicit key — str literals or String are both accepted
let blob2 = seal(&p, Some("my secret key")).unwrap();
let back2: Point = open(&blob2, Some("my secret key")).unwrap();
assert_eq!(p, back2);

Re-exports§

pub use bincode;

Modules§

backend_deps
Re-exports all backend dependencies used by the serialization module.

Enums§

SerializationError
Errors returned by seal and open.

Traits§

Decode
Trait that makes a type able to be decoded, akin to serde’s DeserializeOwned trait.
Encode
Any source that can be encoded. This trait should be implemented for all types that you want to be able to use with any of the encode_with methods.

Functions§

open
Decode a byte blob produced by seal back into T.
seal
Encode value to an authenticated, encrypted byte blob sealed with key.

Attribute Macros§

deserialize
Emit an inline open() call, decoding a blob or reading from a file.
serializable
Derive bincode::Encode + bincode::Decode and inject seal / open methods.
serialize
Emit an inline seal() call, binding the result or writing it to a file.

Derive Macros§

Decode
Encode