Expand description
§ZeroVault Core - Fort-Knox Level Cryptographic Security
This crate provides enterprise-grade, maximum security cryptographic operations for the ZeroVault secure document encryption system. It implements a comprehensive defense-in-depth approach with:
- Triple-layer encryption using multiple algorithms
- Advanced key derivation with Argon2id (1GB memory cost)
- Key splitting using Shamir’s Secret Sharing
- Secure memory management with guard pages and canaries
- Side-channel attack resistance
- Comprehensive integrity verification
§Security Design
ZeroVault Core implements a true “defense-in-depth” approach where multiple independent security layers must be breached to compromise the data:
- Outer Layer: AES-256-GCM authenticated encryption
- Middle Layer: ChaCha20-Poly1305 authenticated encryption
- Inner Layer: AES-256-CBC with independent HMAC-SHA512
§Memory Security
All sensitive data is protected in memory using:
- Memory locking to prevent swapping to disk
- Guard pages to detect buffer overflows
- Memory canaries for tampering detection
- Secure multi-pass memory zeroization
§Usage Example
use zero_vault_core::{encrypt_data, decrypt_data};
// Encrypt data with maximum security
let data = b"Sensitive information";
let password = "complex-password-example";
let encrypted = encrypt_data(data, password).unwrap();
// Decrypt data with all security verifications
let decrypted = decrypt_data(&encrypted, password).unwrap();
assert_eq!(data.to_vec(), decrypted);Re-exports§
pub use types::SecureKey;pub use types::VaultEncryptedData;pub use types::VaultEncryptionParams;pub use types::VaultError;pub use types::VaultKeyHierarchy;pub use crypto::decrypt_data;pub use crypto::encrypt_data;pub use memory::SecureBytes;pub use memory::SecureMemory;pub use memory::SecureString;