Expand description
§Reach Encryption
This crate provides symmetric encryption using generic encrypt/decrypt traits for various data types
with XChaCha20-Poly1305 authenticated encryption (via the RustCrypto implementation).
For public key encryption, it supports multiple recipients using X-Wing Hybrid KEM
(eprint) construction that combines X25519 (via dalek) and ML-KEM (via
RustCrypto), implements SIGMA-I style authenticated encryption using
reach-signatures, and includes HMAC verification for verifying key authenticity.
§Core Traits
Encryptable: Types that can be encrypted with symmetric or public key encryptionDecryptable: Types that can be decrypted from ciphertext with nonce or key materialCiphertext: Types that contain encrypted dataNonce: Types that provide nonces for encryption/decryption operationsPublicKeyEncrypted: Types encrypted with the X-Wingy hybrid KEMParticipantSecretKeys: Provides access to EC and PQ secret keys for decryption
The crate is designed to work across different Reach components including Reaching Link, Reachable Secrets, and the Reach Attestant.
Traits§
- Authenticate
- Authenticates encrypted data using SIGMA-I-style verification.
- Authenticating
Wrapper From Parts - Construct type from a wrapped value and authentication components.
- Ciphertext
- Contains encrypted data.
- Decryptable
- Decryptable from data structures that include nonces.
- Decryptable
With Nonce - Decryptable when provided with an explicit nonce.
- Encryptable
- Encryptable using symmetric encryption.
- Hint
Taker - Secret keys that “take” (decrypt) hints using ECDH-OMR.
- Nonce
- Provides nonces for encryption/decryption operations.
- Participant
Secret Keys - Provides access to both elliptic curve and post-quantum secret keys.
- Public
KeyDecrypter - Decrypts public key encrypted data.
- Public
KeyEncryptable - Encryptable using SIGMA-I-style authenticated public key encryption.
- Public
KeyEncrypted - Encrypted with hybrid public key cryptography.
- Public
KeyEncrypted From Parts - Constructed type from public key encryption components.
- Verifiable
Mac - Generates and verifies HMAC tags for key authentication.
Functions§
- authenticated_
encrypt_ key - Encrypt a symmetric encryption key for multiple recipients using SIGMA-I-style authenticated encryption.
- binding_
digest - Cryptographic bind ephemeral material and participant keys.
- blind_
public_ key - Blind a participant’s public key.
- build_
envelope_ seed - Build an [
EnvelopeSeed] containing all components needed for secure message delivery. - cipher_
and_ material_ for - Generate cipher and cryptographic material for public key encryption.
- cipher_
with_ secrets - Create a cipher instance using secret keys and encrypted material.
- open_
envelope - Open and authenticate an envelope.