mirror/spacedrive
1
0
Fork 0
mirror of https://github.com/spacedriveapp/spacedrive.git synced 2026-04-20 06:28:14 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
158366b69e5464eaa1cd7da1a6b17dd3d3bb71ae
spacedrive/crates/crypto/examples/single_file.rs
jake f487db254b [ENG-429] Crypto organization/refactor (#607) 
* update comment

* key manager feature gating

* update deps & more feature gating

* fix keyring feature gating

* add an `exhaustive_read` function for crypto/stream

* restructure STREAM module

* move tests+shared utils

* clean up stream decryption

* further cleanup

* impl to `GenericArray` for `Nonce`

* update examples

* update refs & `use`s

* fix `Nonce` -> `GenericArray` conversions

* better `Protected` conversions + remove `Password` type

* a work of art

* finishing touches

* some API changes

* rename `StreamX` to `X`

* fix everything else

* separate `primitives` from `types`

* update imports & fix build
2023-03-15 16:09:36 +00:00

88 lines
2.6 KiB
Rust
Raw Blame History

use tokio::fs::File;
use sd_crypto::{
crypto::{Decryptor, Encryptor},
header::{file::FileHeader, keyslot::Keyslot},
primitives::{LATEST_FILE_HEADER, LATEST_KEYSLOT},
types::{Algorithm, HashingAlgorithm, Key, Params, Salt},
Protected,
};
const ALGORITHM: Algorithm = Algorithm::XChaCha20Poly1305;
const HASHING_ALGORITHM: HashingAlgorithm = HashingAlgorithm::Argon2id(Params::Standard);
async fn encrypt() {
let password = Protected::new(b"password".to_vec());
// Open both the source and the output file
let mut reader = File::open("test").await.unwrap();
let mut writer = File::create("test.encrypted").await.unwrap();
// This needs to be generated here, otherwise we won't have access to it for encryption
let master_key = Key::generate();
// These should ideally be done by a key management system
let content_salt = Salt::generate();
let hashed_password = HASHING_ALGORITHM
.hash(password, content_salt, None)
.unwrap();
// Create a keyslot to be added to the header
let keyslots = vec![Keyslot::new(
LATEST_KEYSLOT,
ALGORITHM,
HASHING_ALGORITHM,
content_salt,
hashed_password,
master_key.clone(),
)
.await
.unwrap()];
// Create the header for the encrypted file
let header = FileHeader::new(LATEST_FILE_HEADER, ALGORITHM, keyslots).unwrap();
// Write the header to the file
header.write(&mut writer).await.unwrap();
// Use the nonce created by the header to initialize a stream encryption object
let encryptor = Encryptor::new(master_key, header.nonce, header.algorithm).unwrap();
// Encrypt the data from the reader, and write it to the writer
// Use AAD so the header can be authenticated against every block of data
encryptor
.encrypt_streams(&mut reader, &mut writer, &header.generate_aad())
.await
.unwrap();
}
async fn decrypt() {
let password = Protected::new(b"password".to_vec());
// Open both the encrypted file and the output file
let mut reader = File::open("test.encrypted").await.unwrap();
let mut writer = File::create("test.original").await.unwrap();
// Deserialize the header, keyslots, etc from the encrypted file
let (header, aad) = FileHeader::from_reader(&mut reader).await.unwrap();
// Decrypt the master key with the user's password
let master_key = header.decrypt_master_key(password).await.unwrap();
// Initialize a stream decryption object using data provided by the header
let decryptor = Decryptor::new(master_key, header.nonce, header.algorithm).unwrap();
// Decrypt data the from the writer, and write it to the writer
decryptor
.decrypt_streams(&mut reader, &mut writer, &aad)
.await
.unwrap();
}
#[tokio::main]
async fn main() {
encrypt().await;
decrypt().await;
}
Reference in New Issue View Git Blame Copy Permalink