Gittes-archive/spacedrive
2
0
Fork 0
mirror of https://github.com/spacedriveapp/spacedrive.git synced 2025-12-11 20:15:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
spacedrive/crates/crypto/README.md
jake f487db254b [ENG-429] Crypto organization/refactor (#607) 
* update comment

* key manager feature gating

* update deps & more feature gating

* fix keyring feature gating

* add an `exhaustive_read` function for crypto/stream

* restructure STREAM module

* move tests+shared utils

* clean up stream decryption

* further cleanup

* impl to `GenericArray` for `Nonce`

* update examples

* update refs & `use`s

* fix `Nonce` -> `GenericArray` conversions

* better `Protected` conversions + remove `Password` type

* a work of art

* finishing touches

* some API changes

* rename `StreamX` to `X`

* fix everything else

* separate `primitives` from `types`

* update imports & fix build
2023-03-15 16:09:36 +00:00

1.8 KiB
Raw Blame History

Crypto

This crate contains Spacedrive's cryptographic modules.

This includes things such as:

  • The key manager
  • Encryption and decryption
  • Encrypted file header formats (with extremely fast serialization and deserialization)
  • Key hashing and derivation
  • Keyring interfaces to access native OS keystores

It has support for the following cryptographic functions:

  • Argon2id
  • Balloon hashing
  • BLAKE3 key derivation
  • XChaCha20-Poly1305
  • AES-256-GCM

It aims to be (relatively) lightweight, easy to maintain and platform-agnostic where possible. It does contain some platform-specific code, although it's only built if the target matches.

Features

A list of all features can be found below (NOTE: none of these features are enabled by default)

  • serde - provides integration with the serde and serde_json crates. this also enables header metadata
  • rspc - provides integration with the rspc crate
  • keymanager - provides an interface for handling the encryption, decryption, storage and derivation of passwords/keys. this enables the os-keyrings feature
  • os-keyrings - provides a unified interface for interacting with OS-keyrings (currently only supports MacOS/iOS and Gnome/KDE (via gnome-keyring and kwallet respectively))

Security Notice

This crate has NOT received any security audit - however, a couple of our upstream libraries (provided by RustCrypto) have.

You may find them below:

  • AES-GCM and XChaCha20-Poly1305 audit by NCC group (link)

Breaking changes are very likely! Use at your own risk - no stability or security is guaranteed.