encrypt-rs
| Crates.io | encrypt-rs |
| lib.rs | encrypt-rs |
| version | 0.3.7 |
| created_at | 2020-06-30 22:39:08.953589+00 |
| updated_at | 2020-07-24 02:17:36.204041+00 |
| description | Envelope encryption with secret-keepers |
| homepage | |
| repository | https://github.com/stevelr/secret-keeper/tree/master/examples/encrypt-rs |
| max_upload_size | |
| id | 260059 |
| size | 87,569 |
Steve Schoettler (stevelr)
documentation
README
Command-line envelope encryption with secret-keeper
Encryption and decryption using Secret Keeper
Install
cargo install encrypt-rs
Run
# Encrypt file
$ encrypt enc -o OUT [ -k KEEPER ] [ -c CIPHER ] FILE
# Decrypt file
$ encrypt dec -o OUT [ -k KEEPER ] [ -c CIPHER ] FILE
# View key envelope
$ encrypt key view [ -k KEEPER ] FILE
-k KEEPER options: (default: 'env:')
-
env:(EnvKeeper)env:- passphrase for deriving key is in environment var VAULT_PASSWORD.env:VARNAME- passphrase for deriving key is in environment variable VARNAME
# example: export PASSWORD="my-super-secret-passphrase" encrypt enc -o FILE.enc -k env:PASSWORD FILE -
prompt:(PromptKeeper)- user will be prompted on terminal for passphrase for deriving key
-
hashivault:(HashivaultKeeper)- key-encrypting-key is on hashivault transit server. See hashivault keeper doc for url syntax
# example: encrypt enc -o FILE.enc -k hashivault://my_key FILE -
cloudkms:(CloudKMSKeeper)# example: encrypt enc -o FILE.enc -k cloudkms:/PROJ/global/my_keyring/my_key FILE
-c CIPHER options: Default cipher is LZ4XChaCha20Poly1305, which combines LZ4 compression with XChaCha20-Poly1305. (Cipher algorithm implemented by RustCrypto
-
XChaCha20Poly1305(aliases:xchacha20,xchacha20poly1305) -
LZ4XChaCha20Poly1305(aliases:lz4,lz4xchacha20,lz4xchacha20poly1305) -
AesGcm256(aliases:aes,aesgcm,aesgcm256)
There are some additional usage examples in the test* shell scripts.
Random number generation
File nonces and keys are generated with the platform's OS CSRNG, using the rand crate.