Module lock_keeper::crypto

Application-specific cryptographic types and operations.

Defines and implements keys and secret types, and the appropriate transformations between them. Public functions here are mostly wrappers around multiple low-level cryptographic steps.

Modules

• arbitrary_secret 🔒
• cryptor 🔒
  This defines data types related to Encryptor and Decryptor.
• cryptor_key 🔒
  This defines CryptorKey type, which is an encryption key that can be used to securely encrypt/decrypt data.
• data_blob 🔒
  This module defines [DataBlob]: A blob of bytes for storing in the server. As well as accompanying functionality for server-side encrypting and decrypting [DataBlob]s.
• generic 🔒
• secure_structs
• signing_key 🔒
• storage_key 🔒

Structs

• CryptorContext
  The context (a.k.a. associated data).
• CryptorKey
  The CryptorKey type is a default-length symmetric encryption key for an AEAD scheme. It can be used to securely encrypt data.
• DataBlob
  A blob of bytes for storing in the server.
• Decryptor
  The Decryptor type represents a ciphertext encrypted under the ChaCha20Poly1305 scheme for authenticated encryption with associated data (AEAD).
• Encrypted
  A ciphertext representing an object of type T, encrypted under the ChaCha20Poly1305 scheme for authenticated encryption with associated data (AEAD).
• Encryptor
  The Encryptor type. It contains data to be encrypted, plus context and config fields.
• Export
  Raw material for an exported signing key.
• Import
  Raw material for an imported signing key.
• KeyId
  Universally unique identifier for a stored secret or signing key. Wrapped in a Box to avoid stack overflows during heavy traffic. KeyIds are created by implementors of our DataStore trait. So we expose the internal as pub.
• MasterKey
  The master key is a default-length symmetric encryption key for an AEAD scheme.
• OpaqueSessionKey
  A session key is produced as shared output for client and server from OPAQUE.
• RemoteStorageKey
  The remote storage key is a default-length symmetric encryption key for an AEAD scheme.
• Secret
  An arbitrary secret.
• SignableBytes
  Wrapper used to declare arbitrary bytes as Signable.
• SigningKeyPair
  An ECDSA signing key pair, including a public component for verifying signatures, a private component for creating them, and context about the key pair.
• StorageKey
  A storage key is a default-length symmetric encryption key for an AEAD scheme. The storage key is used to encrypt stored secrets and signing keys.

Traits

• Signable
  Provides the methods necessary to sign and verify a piece of data with a SigningKeyPair. This trait should be explicitly implemented on types that are intended to be signed.