mirror/spacedrive
1
0
Fork 0
mirror of https://github.com/spacedriveapp/spacedrive.git synced 2026-04-23 07:59:59 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
158366b69e5464eaa1cd7da1a6b17dd3d3bb71ae
spacedrive/crates/crypto/examples/single_file_with_preview_media.rs
jake f487db254b [ENG-429] Crypto organization/refactor (#607) 
* update comment

* key manager feature gating

* update deps & more feature gating

* fix keyring feature gating

* add an `exhaustive_read` function for crypto/stream

* restructure STREAM module

* move tests+shared utils

* clean up stream decryption

* further cleanup

* impl to `GenericArray` for `Nonce`

* update examples

* update refs & `use`s

* fix `Nonce` -> `GenericArray` conversions

* better `Protected` conversions + remove `Password` type

* a work of art

* finishing touches

* some API changes

* rename `StreamX` to `X`

* fix everything else

* separate `primitives` from `types`

* update imports & fix build
2023-03-15 16:09:36 +00:00

92 lines
2.5 KiB
Rust
Raw Blame History

use tokio::fs::File;
use sd_crypto::{
crypto::Encryptor,
header::{file::FileHeader, keyslot::Keyslot, preview_media::PreviewMediaVersion},
primitives::{LATEST_FILE_HEADER, LATEST_KEYSLOT},
types::{Algorithm, HashingAlgorithm, Key, Params, Salt},
Protected,
};
const ALGORITHM: Algorithm = Algorithm::XChaCha20Poly1305;
const HASHING_ALGORITHM: HashingAlgorithm = HashingAlgorithm::Argon2id(Params::Standard);
async fn encrypt() {
let password = Protected::new(b"password".to_vec());
// Open both the source and the output file
let mut reader = File::open("test").await.unwrap();
let mut writer = File::create("test.encrypted").await.unwrap();
// This needs to be generated here, otherwise we won't have access to it for encryption
let master_key = Key::generate();
// These should ideally be done by a key management system
let content_salt = Salt::generate();
let hashed_password = HASHING_ALGORITHM
.hash(password, content_salt, None)
.unwrap();
// Create a keyslot to be added to the header
let keyslots = vec![Keyslot::new(
LATEST_KEYSLOT,
ALGORITHM,
HASHING_ALGORITHM,
content_salt,
hashed_password,
master_key.clone(),
)
.await
.unwrap()];
let pvm_media = b"a nice mountain".to_vec();
// Create the header for the encrypted file (and include our preview media)
let mut header = FileHeader::new(LATEST_FILE_HEADER, ALGORITHM, keyslots).unwrap();
header
.add_preview_media(
PreviewMediaVersion::V1,
ALGORITHM,
master_key.clone(),
&pvm_media,
)
.await
.unwrap();
// Write the header to the file
header.write(&mut writer).await.unwrap();
// Use the nonce created by the header to initialise a stream encryption object
let encryptor = Encryptor::new(master_key, header.nonce, header.algorithm).unwrap();
// Encrypt the data from the reader, and write it to the writer
// Use AAD so the header can be authenticated against every block of data
encryptor
.encrypt_streams(&mut reader, &mut writer, &header.generate_aad())
.await
.unwrap();
}
async fn decrypt_preview_media() {
let password = Protected::new(b"password".to_vec());
// Open the encrypted file
let mut reader = File::open("test.encrypted").await.unwrap();
// Deserialize the header, keyslots, etc from the encrypted file
let (header, _) = FileHeader::from_reader(&mut reader).await.unwrap();
// Decrypt the preview media
let media = header.decrypt_preview_media(password).await.unwrap();
println!("{:?}", media.expose());
}
#[tokio::main]
async fn main() {
encrypt().await;
decrypt_preview_media().await;
}
Reference in New Issue View Git Blame Copy Permalink