tink-hybrid

Crates.iotink-hybrid
lib.rstink-hybrid
version0.3.0
sourcesrc
created_at2022-01-03 07:59:42.660259
updated_at2024-11-28 11:39:22.870077
descriptionHybrid encryption functionality for Rust port of Google's Tink cryptography library
homepage
repositoryhttps://github.com/project-oak/tink-rust
max_upload_size
id506933
size63,319
David Drysdale (daviddrysdale)

documentation

https://docs.rs/tink-hybrid

README

Tink-Rust: Hybrid Encryption

Docs MSRV

This crate provides hybrid encryption functionality, as described in the upstream Tink documentation.

Usage

fn main() -> Result<(), Box<dyn Error>> {
    tink_hybrid::init();
    let kh_priv = tink_core::keyset::Handle::new(
        &tink_hybrid::ecies_hkdf_aes128_ctr_hmac_sha256_key_template(),
    )?;

    // NOTE: save the private keyset to a safe location. DO NOT hardcode it in source code.
    // Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault.  See
    // https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets.

    let kh_pub = kh_priv.public()?;

    // NOTE: share the public keyset with the sender.

    let enc = tink_hybrid::new_encrypt(&kh_pub)?;

    let msg = b"this data needs to be encrypted";
    let encryption_context = b"encryption context";
    let ct = enc.encrypt(msg, encryption_context)?;

    let dec = tink_hybrid::new_decrypt(&kh_priv)?;

    let pt = dec.decrypt(&ct, encryption_context)?;
    assert_eq!(msg[..], pt);

    println!("Ciphertext: {}\n", hex::encode(&ct));
    println!("Original  plaintext: {}\n", String::from_utf8_lossy(msg));
    println!("Decrypted plaintext: {}\n", String::from_utf8_lossy(&pt));
    Ok(())
}

License

Apache License, Version 2.0

Disclaimer

This is not an officially supported Google product.

Commit count: 765

cargo fmt