Expand description
Low-level cryptography primitives for tsafe.
Key derivation: Argon2id with tunable cost parameters. Encryption:
XChaCha20-Poly1305 by default, with optional AES-256-GCM support behind the
fips feature flag. All secret material is handled via
Zeroizing wrappers so keys are wiped from heap
memory on drop.
Structs§
- Vault
Key - A 256-bit key that is zeroed from memory on drop.
Enums§
- Cipher
Kind - Cipher selection for vault/team ciphertext on disk.
- KeyPurpose
- Purpose labels for HKDF expansion. Adding new purposes must use a distinct label so old ciphertext domains remain isolated.
- KeySchedule
- The on-disk vault format historically used the root key directly. Newer vaults keep the same file format but scope encryption through HKDF-derived purpose keys so challenge/data material do not share a key.
Constants§
Functions§
- decode_
b64 - decrypt
- Decrypt with XChaCha20-Poly1305. Authentication failure returns
DecryptionFailed. - decrypt_
for_ cipher - decrypt_
with_ key_ schedule - default_
vault_ cipher - derive_
key - Derive a 256-bit key from a password + salt using Argon2id.
- derive_
labeled_ subkey - Derive a 256-bit subkey from a root key using an explicit HKDF label.
- derive_
subkey - Derive a purpose-scoped 256-bit subkey from a root key using HKDF-SHA256.
- detect_
key_ schedule - Detect which key schedule was used for a known-plaintext record.
- encode_
b64 - encrypt
- Encrypt plaintext with XChaCha20-Poly1305. Returns (nonce, ciphertext).
- encrypt_
for_ cipher - encrypt_
with_ key_ schedule - parse_
cipher_ kind - random_
nonce - random_
salt - snap_
decrypt - Decrypt a snap blob received from the snap server.
- snap_
encrypt - Encrypt a plaintext string for one-time snap sharing.