Lib.rs

Cryptography
#encryption #shared-key #aes-256 #encryption-key #decryption #ecb #key-derivation

shared-aes-enc

A shared AES encryption library providing secure encryption and decryption functionality

Owned by paperfund.

2 releases

Uses new Rust 2024

0.3.8 Jun 17, 2025
0.3.7 Jun 16, 2025

#1069 in Cryptography

24 downloads per month

MIT license

11KB
119 lines

Shared AES Encryption

A Rust library for shared-key AES encryption that combines two separate keys to create a derived encryption key using SHA3 hashing and bit manipulation techniques.

Features

  • 🔐 Shared Key Encryption: Combines two keys to create a secure derived key
  • 🔑 SHA3-256 Key Derivation: Uses cryptographic hashing with bit reversal for key derivation
  • 📦 AES-256 ECB Encryption: Secure block cipher encryption with PKCS7 padding
  • 🎲 Password Generation: Generate cryptographically secure random passwords
  • 📋 Base64 Support: Automatic base64 encoding/decoding for encrypted data
  • 🛡️ Memory-safe Rust: Built with Rust's memory safety guarantees

Installation

Add this to your Cargo.toml:

[dependencies]
shared-aes-enc = "0.3.7"

Usage

Basic Shared Key Encryption

The library's main feature is encrypting data using two separate keys that are combined:

use shared_aes_enc::*;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let key1 = "alice_secret_key";
    let key2 = "bob_secret_key";
    let message = "Hello, World!";
    
    // Encrypt string (returns base64-encoded result)
    let encrypted = shared_key_encrypt(key1, key2, message)?;
    println!("Encrypted: {}", encrypted);
    
    // Decrypt back to original string
    let decrypted = shared_key_decrypt(key1, key2, &encrypted)?;
    println!("Decrypted: {}", decrypted);
    
    assert_eq!(message, decrypted);
    Ok(())
}

Binary Data Encryption

For encrypting raw bytes without base64 encoding:

use shared_aes_enc::*;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let key1 = "user_key";
    let key2 = "server_key";
    let data = b"Binary data to encrypt";
    
    // Encrypt binary data
    let encrypted_bytes = shared_key_encrypt_bytes(key1, key2, data)?;
    
    // To decrypt, you'll need to use the lower-level decryption
    // (Note: The library currently only provides string decryption)
    
    Ok(())
}

Password Generation

Generate cryptographically secure random passwords:

use shared_aes_enc::*;

fn main() {
    // Generate a 16-character random password
    let password = generate_password(16);
    println!("Generated password: {}", password);
    
    // Generate a longer password
    let long_password = generate_password(32);
    println!("Long password: {}", long_password);
}

API Reference

Encryption Functions

  • shared_key_encrypt(key1: &str, key2: &str, data: &str) -> Result<String, Box<dyn std::error::Error>>

    • Encrypts a string using two keys and returns base64-encoded result

  • shared_key_encrypt_bytes(key1: &str, key2: &str, data: &[u8]) -> Result<Vec<u8>, Box<dyn std::error::Error>>

    • Encrypts binary data using two keys and returns raw encrypted bytes

  • shared_key_decrypt(key1: &str, key2: &str, encrypted_b64: &str) -> Result<String, Box<dyn std::error::Error>>

    • Decrypts base64-encoded data back to the original string

Utility Functions

  • generate_password(length: usize) -> String
    • Generates a random password of specified length using alphanumeric characters

How It Works

Key Derivation Process

  1. Key Combination: The two input keys are padded and concatenated
  2. Bit Reversal: The combined key undergoes bit reversal for additional security
  3. SHA3 Hashing: The result is hashed using SHA3-256 to create the final AES key
  4. AES Encryption: Data is encrypted using AES-256 in ECB mode with PKCS7 padding

Security Features

  • Dual Key Requirement: Both keys are required for encryption/decryption
  • Non-predictable Key Derivation: Bit reversal prevents predictable key patterns
  • Cryptographic Hashing: SHA3-256 ensures derived keys are cryptographically secure
  • Padding: PKCS7 padding handles variable-length data securely

Use Cases

This library is particularly useful for:

  • Collaborative Encryption: Scenarios where two parties each contribute a key
  • Multi-factor Security: Adding an extra layer by requiring two separate secrets
  • Key Escrow: Splitting encryption capability between multiple parties
  • CTF Challenges: Educational cryptography exercises (as suggested by the project path)

Security Considerations

⚠️ Important Security Notes:

  • ECB Mode: This library uses ECB mode, which may reveal patterns in data. Consider this for your security requirements.
  • Key Storage: Store both keys securely and separately
  • Key Quality: Use high-entropy keys for better security
  • Educational Use: This appears designed for educational/CTF purposes rather than production systems

Dependencies

  • aes (0.7.5) - AES block cipher implementation
  • block-modes (0.8.1) - Block cipher modes of operation
  • sha3 (0.10.8) - SHA-3 cryptographic hash function
  • rand (0.9.1) - Random number generation
  • base64 (0.22.1) - Base64 encoding/decoding

License

This project is licensed under the MIT License.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Note: This library appears to be designed for educational purposes or CTF (Capture The Flag) challenges. For production cryptographic needs, consider using well-established libraries with authenticated encryption modes.

Dependencies

~3MB
~41K SLoC