pwsec
| Crates.io | pwsec |
| lib.rs | pwsec |
| version | 0.5.2 |
| created_at | 2024-10-30 17:27:50.855459+00 |
| updated_at | 2025-08-22 14:06:28.343821+00 |
| description | Support for password-based encryption. |
| homepage | |
| repository | https://github.com/emabee/pwsec |
| max_upload_size | |
| id | 1428879 |
| size | 62,902 |
Meinolf Block (emabee)
documentation
https://docs.rs/pwsec
README
pwsec - support for password-based encryption
Usage
Add pwsec to the dependencies section in your project's Cargo.toml:
[dependencies]
pwsec = "0.5"
Capabilities
pwsec uses an (optionally authenticated) encryption scheme.
Two closely related variants are provided currently, Chacha and ChachaB64.
Alternative variants with similar API and based on other encryption algorithms can be added on demand.
Example with ChachaB64 and storage in a file
const PBKDF2_ROUNDS: u32 = 172_234; // Choose some awkward high number
// Usecase: you have some secret data that you want to encrypt,
// so that you can store it to a file and decrypt them later.
let secret = b"this is some serialized form of the secret data";
// You also have an authentication tag, which is not secret,
// it is used to verify the integrity of the stored data.
// It can be a hash of the data, or some other summary.
// In this example, we use a simple string as the auth tag.
let auth_tag = b"arbitrary, nonconfidential text";
// You use a password to encrypt and decrypt the data, and you have to remember it
let password = "LOIUo98zkjhB";
Encryption
// Encrypt the secret and store the result
let storage = {
let cipher = ChachaB64::with_pbkdf2_rounds(PBKDF2_ROUNDS)
.encrypt_auth(secret, auth_tag, password)?
.to_string();
(cipher, auth_tag)
};
flowchart LR
A1{{Auth data}}
A2[/Auth data/]
C[/CipherB64:
salt+ciphertext+nonce/]
E[__ChachaB64::__
__encrypt_auth__
]
P{{Password}}
S{{Secret}}
style E fill:#AAf,stroke:#333,stroke-width:3px
subgraph File
C
A2
end
subgraph Application Data
A1
S
end
P
P --> E
S -- Serialization --> E
A1 -- Serialization --> E
E --> C
A1 -. Serialization .-> A2
Decryption
// Read the cipher and the auth_tag from whereever you stored them
let (cipher, auth_tag) = storage;
let cipher_b64 = CipherB64::parse(&cipher).context("bad decrypt")?;
// Provide the password and decrypt the secret
let decrypted_secret = ChachaB64::with_pbkdf2_rounds(PBKDF2_ROUNDS)
.decrypt_auth(cipher_b64, &auth_tag, password)?;
assert_eq!(*secret, *decrypted_secret);
flowchart RL
A1{{Auth data}}
A2[/Auth data/]
C[/CipherB64:
salt+ciphertext+nonce/]
D[__ChachaB64::
decrypt_auth__]
P{{Password}}
S{{Secret}}
style D fill:#AAf,stroke:#333,stroke-width:3px
subgraph File
C
A2
end
subgraph Application Data
A1
S
end
P
P --> D
D -- Deserialization --> S
A2 --> D
C --> D
A2 -. Deserialization .-> A1
Versions
See the change log for more details.
License
Licensed under either of:
- Apache License, Version 2.0
- MIT license
at your option.