mirror of
https://github.com/spacedriveapp/spacedrive
synced 2024-07-20 09:29:11 +00:00
.. | ||
assets | ||
benches | ||
examples | ||
src | ||
Cargo.toml | ||
README.md |
Crypto
This crate contains Spacedrive's cryptographic modules.
This includes things such as:
- The key manager
- Encryption and decryption
- Encrypted file header formats (with extremely fast serialization and deserialization)
- Key hashing and derivation
- Keyring interfaces to access native OS keystores
It has support for the following cryptographic functions:
Argon2id
Balloon
hashingBLAKE3
key derivationXChaCha20-Poly1305
AES-256-GCM-SIV
It aims to be (relatively) lightweight, easy to maintain and platform-agnostic where possible. It does contain some platform-specific code, although it's only built if the target matches.
Features
A list of all features can be found below (NOTE: none of these features are enabled by default)
serde
- provides integration withserde
andserde_json
tokio
- provides integration with thetokio
cratespecta
- provides integration with thespecta
cratebincode
- provides integration with thebincode
crate (this will likely become part of the crate)keyring
- provides a unified interface for interacting with OS-keyrings (currently only supports MacOS/iOS/Linuxkeyutils
).keyutils
is not persistent, so is best used in a headless server/docker environment, as keys are wiped on-reboot. The Secret Service API is not practically available in headless environments.secret-service
- enableskeyring
but also enables the Secret Service API (a persistent keyring targeted at Gnome/KDE (viagnome-keyring
andkwallet
respectively)). Is a pretty heavy dependency.
Security Notice
This crate has NOT received any security audit - however, a couple of our upstream libraries (provided by RustCrypto) have.
You may find them below:
- AES-GCM and XChaCha20-Poly1305 audit by NCC group (link)
Breaking changes are very likely! Use at your own risk - no stability or security is guaranteed.