Shared AES Encryption

A Rust library for shared-key AES encryption that combines two separate keys to create a derived encryption key using SHA3 hashing and bit manipulation techniques.

Features

• 🔐 Shared Key Encryption: Combines two keys to create a secure derived key
• 🔑 SHA3-256 Key Derivation: Uses cryptographic hashing with bit reversal for key derivation
• 📦 AES-256 ECB Encryption: Secure block cipher encryption with PKCS7 padding
• 🎲 Password Generation: Generate cryptographically secure random passwords
• 📋 Base64 Support: Automatic base64 encoding/decoding for encrypted data
• 🛡️ Memory-safe Rust: Built with Rust's memory safety guarantees

Installation

Add this to your Cargo.toml:

[dependencies]
shared-aes-enc = "0.3.7"

Usage

Basic Shared Key Encryption

The library's main feature is encrypting data using two separate keys that are combined:

use shared_aes_enc::*;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let key1 = "alice_secret_key";
    let key2 = "bob_secret_key";
    let message = "Hello, World!";
    
    // Encrypt string (returns base64-encoded result)
    let encrypted = shared_key_encrypt(key1, key2, message)?;
    println!("Encrypted: {}", encrypted);
    
    // Decrypt back to original string
    let decrypted = shared_key_decrypt(key1, key2, &encrypted)?;
    println!("Decrypted: {}", decrypted);
    
    assert_eq!(message, decrypted);
    Ok(())
}

Binary Data Encryption

For encrypting raw bytes without base64 encoding:

use shared_aes_enc::*;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let key1 = "user_key";
    let key2 = "server_key";
    let data = b"Binary data to encrypt";
    
    // Encrypt binary data
    let encrypted_bytes = shared_key_encrypt_bytes(key1, key2, data)?;
    
    // To decrypt, you'll need to use the lower-level decryption
    // (Note: The library currently only provides string decryption)
    
    Ok(())
}

Password Generation

Generate cryptographically secure random passwords:

use shared_aes_enc::*;

fn main() {
    // Generate a 16-character random password
    let password = generate_password(16);
    println!("Generated password: {}", password);
    
    // Generate a longer password
    let long_password = generate_password(32);
    println!("Long password: {}", long_password);
}

API Reference

Encryption Functions

• shared_key_encrypt(key1: &str, key2: &str, data: &str) -> Result<String, Box<dyn std::error::Error>>

  • Encrypts a string using two keys and returns base64-encoded result

• shared_key_encrypt_bytes(key1: &str, key2: &str, data: &[u8]) -> Result<Vec<u8>, Box<dyn std::error::Error>>

  • Encrypts binary data using two keys and returns raw encrypted bytes

• shared_key_decrypt(key1: &str, key2: &str, encrypted_b64: &str) -> Result<String, Box<dyn std::error::Error>>

  • Decrypts base64-encoded data back to the original string

Utility Functions

• generate_password(length: usize) -> String
  • Generates a random password of specified length using alphanumeric characters

How It Works

Key Derivation Process

1. Key Combination: The two input keys are padded and concatenated
2. Bit Reversal: The combined key undergoes bit reversal for additional security
3. SHA3 Hashing: The result is hashed using SHA3-256 to create the final AES key
4. AES Encryption: Data is encrypted using AES-256 in ECB mode with PKCS7 padding

Security Features

• Dual Key Requirement: Both keys are required for encryption/decryption
• Non-predictable Key Derivation: Bit reversal prevents predictable key patterns
• Cryptographic Hashing: SHA3-256 ensures derived keys are cryptographically secure
• Padding: PKCS7 padding handles variable-length data securely

Use Cases

This library is particularly useful for:

• Collaborative Encryption: Scenarios where two parties each contribute a key
• Multi-factor Security: Adding an extra layer by requiring two separate secrets
• Key Escrow: Splitting encryption capability between multiple parties
• CTF Challenges: Educational cryptography exercises (as suggested by the project path)

Security Considerations

⚠️ Important Security Notes:

• ECB Mode: This library uses ECB mode, which may reveal patterns in data. Consider this for your security requirements.
• Key Storage: Store both keys securely and separately
• Key Quality: Use high-entropy keys for better security
• Educational Use: This appears designed for educational/CTF purposes rather than production systems

Dependencies

• aes (0.7.5) - AES block cipher implementation
• block-modes (0.8.1) - Block cipher modes of operation
• sha3 (0.10.8) - SHA-3 cryptographic hash function
• rand (0.9.1) - Random number generation
• base64 (0.22.1) - Base64 encoding/decoding

License

This project is licensed under the MIT License.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Note: This library appears to be designed for educational purposes or CTF (Capture The Flag) challenges. For production cryptographic needs, consider using well-established libraries with authenticated encryption modes.