Crates.io | tink-hybrid |
lib.rs | tink-hybrid |
version | 0.3.0 |
source | src |
created_at | 2022-01-03 07:59:42.660259 |
updated_at | 2024-11-28 11:39:22.870077 |
description | Hybrid encryption functionality for Rust port of Google's Tink cryptography library |
homepage | |
repository | https://github.com/project-oak/tink-rust |
max_upload_size | |
id | 506933 |
size | 63,319 |
This crate provides hybrid encryption functionality, as described in the upstream Tink documentation.
fn main() -> Result<(), Box<dyn Error>> {
tink_hybrid::init();
let kh_priv = tink_core::keyset::Handle::new(
&tink_hybrid::ecies_hkdf_aes128_ctr_hmac_sha256_key_template(),
)?;
// NOTE: save the private keyset to a safe location. DO NOT hardcode it in source code.
// Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault. See
// https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets.
let kh_pub = kh_priv.public()?;
// NOTE: share the public keyset with the sender.
let enc = tink_hybrid::new_encrypt(&kh_pub)?;
let msg = b"this data needs to be encrypted";
let encryption_context = b"encryption context";
let ct = enc.encrypt(msg, encryption_context)?;
let dec = tink_hybrid::new_decrypt(&kh_priv)?;
let pt = dec.decrypt(&ct, encryption_context)?;
assert_eq!(msg[..], pt);
println!("Ciphertext: {}\n", hex::encode(&ct));
println!("Original plaintext: {}\n", String::from_utf8_lossy(msg));
println!("Decrypted plaintext: {}\n", String::from_utf8_lossy(&pt));
Ok(())
}
This is not an officially supported Google product.