Skip to content

emabee/pwsec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
examples
examples
 
 
scripts
scripts
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE-APACHE
LICENSE-APACHE
 
 
LICENSE-MIT
LICENSE-MIT
 
 
README.md
README.md
 
 

Repository files navigation

pwsec - support for password-based encryption

Latest version Documentation License Build unsafe forbidden

Usage

Add pwsec to the dependencies section in your project's Cargo.toml:

[dependencies]
pwsec = "0.5"

Capabilities

pwsec uses an (optionally authenticated) encryption scheme.

Two closely related variants are provided currently, Chacha and ChachaB64.

Alternative variants with similar API and based on other encryption algorithms can be added on demand.

Example with ChachaB64 and storage in a file

const PBKDF2_ROUNDS: u32 = 172_234; // Choose some awkward high number

// Usecase: you have some secret data that you want to encrypt,
// so that you can store it to a file and decrypt them later.
let secret = b"this is some serialized form of the secret data";

// You also have an authentication tag, which is not secret,
// it is used to verify the integrity of the stored data.
// It can be a hash of the data, or some other summary.
// In this example, we use a simple string as the auth tag.
let auth_tag = b"arbitrary, nonconfidential text";

// You use a password to encrypt and decrypt the data, and you have to remember it
let password = "LOIUo98zkjhB";

Encryption

// Encrypt the secret and store the result
let storage = {
    let cipher = ChachaB64::with_pbkdf2_rounds(PBKDF2_ROUNDS)
        .encrypt_auth(secret, auth_tag, password)?
        .to_string();

    (cipher, auth_tag)
};
flowchart LR

A1{{Auth data}}
A2[/Auth data/]
C[/CipherB64:
salt+ciphertext+nonce/]
E[__ChachaB64::__
__encrypt_auth__
]
P{{Password}}
S{{Secret}}

style E fill:#AAf,stroke:#333,stroke-width:3px

subgraph File
    C
    A2
end

subgraph Application Data
    A1
    S
end
P

P --> E
S -- Serialization --> E
A1 -- Serialization --> E

E --> C
A1 -. Serialization .-> A2
Loading

Decryption

// Read the cipher and the auth_tag from whereever you stored them
let (cipher, auth_tag) = storage;
let cipher_b64 = CipherB64::parse(&cipher).context("bad decrypt")?;

// Provide the password and decrypt the secret
let decrypted_secret = ChachaB64::with_pbkdf2_rounds(PBKDF2_ROUNDS)
    .decrypt_auth(cipher_b64, &auth_tag, password)?;

assert_eq!(*secret, *decrypted_secret);
flowchart RL

A1{{Auth data}}
A2[/Auth data/]
C[/CipherB64:
salt+ciphertext+nonce/]
D[__ChachaB64::
decrypt_auth__]
P{{Password}}
S{{Secret}}

style D fill:#AAf,stroke:#333,stroke-width:3px

subgraph File
    C
    A2
end

subgraph Application Data
    A1
    S
end
P

P --> D
D -- Deserialization --> S
A2 --> D

C --> D
A2 -. Deserialization .-> A1
Loading

Versions

See the change log for more details.

License

Licensed under either of:

  • Apache License, Version 2.0
  • MIT license

at your option.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages