Expand description
PIN-based encryption for identity keys.
Encrypts signing, recipient, and (optionally) Nostr secret keys using:
- Argon2id for PIN → key derivation (memory-hard, resistant to brute force)
- AES-256-GCM for authenticated encryption
§Format versions
v1 (legacy): [1B version=1][16B salt][12B nonce][64B encrypted][16B tag]
- Payload: 32B signing + 32B recipient = 64 bytes
v2 (current): [1B version=2][16B salt][12B nonce][96B encrypted][16B tag]
- Payload: 32B signing + 32B recipient + 32B nostr = 96 bytes
Decryption is backward-compatible: v1 blobs return nostr = None.
Enums§
- PinError
- Errors during PIN encryption/decryption.
Functions§
- decrypt_
identity_ keys - Decrypt identity keys using a PIN.
- encrypt_
identity_ keys - Encrypt signing, recipient, and Nostr keys using a PIN (v2 format).