tink-hybrid
| Crates.io | tink-hybrid |
| lib.rs | tink-hybrid |
| version | 0.2.5 |
| source | src |
| created_at | 2022-01-03 07:59:42.660259 |
| updated_at | 2023-03-14 07:53:39.479285 |
| description | Hybrid encryption functionality for Rust port of Google's Tink cryptography library |
| homepage | |
| repository | https://github.com/project-oak/tink-rust |
| max_upload_size | |
| id | 506933 |
| size | 63,183 |
David Drysdale (daviddrysdale)
documentation
https://docs.rs/tink-hybrid
README
Tink-Rust: Hybrid Encryption
This crate provides hybrid encryption functionality, as described in the upstream Tink documentation.
Usage
fn main() -> Result<(), Box<dyn Error>> {
tink_hybrid::init();
let kh_priv = tink_core::keyset::Handle::new(
&tink_hybrid::ecies_hkdf_aes128_ctr_hmac_sha256_key_template(),
)?;
// NOTE: save the private keyset to a safe location. DO NOT hardcode it in source code.
// Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault. See
// https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets.
let kh_pub = kh_priv.public()?;
// NOTE: share the public keyset with the sender.
let enc = tink_hybrid::new_encrypt(&kh_pub)?;
let msg = b"this data needs to be encrypted";
let encryption_context = b"encryption context";
let ct = enc.encrypt(msg, encryption_context)?;
let dec = tink_hybrid::new_decrypt(&kh_priv)?;
let pt = dec.decrypt(&ct, encryption_context)?;
assert_eq!(msg[..], pt);
println!("Ciphertext: {}\n", hex::encode(&ct));
println!("Original plaintext: {}\n", String::from_utf8_lossy(msg));
println!("Decrypted plaintext: {}\n", String::from_utf8_lossy(&pt));
Ok(())
}
License
Disclaimer
This is not an officially supported Google product.