Structs§
- KekParams
- KEK derivation parameters to be stored in
users/key_encryption_key_params.redbFor now this is a stub structure that you can later wire to Argon2id properly. - Secret
- Simple secret holder that zeroes memory on drop.
Functions§
- derive_
kek - Derive a Key Encryption Key (KEK) from a password using Argon2id. Returns the derived KEK and the salt used in the derivation. The KEK is suitable for AES-256 encryption. It’s not clear if this is all correct. See: https://docs.rs/argon2/latest/argon2/#key-derivation https://rustcrypto.org/key-derivation/index.html https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html#key-encryption-keys (last two are basically blank.)
- generate_
dek - TODO Stub: Generate DEK https://developers.google.com/tink/client-side-encryption
- open_
bytes - seal_
bytes - unwrap_
key - wrap_
key - TODO Stub AEAD wrappers: no-op “encryption”/“wrapping”.