This crate provides a plugin for KyNc which derives a salted AEAD key from a high entropy user secret and seals the secret using the derived AEAD key and a random nonce.
Rawkey is useful if you have already have a (static) high-entropy secret that you want to use to protect your secret. Since Rawkey does not perform any kind of password strengthening for the user secret, it MUST NOT be used with normal passwords.
- Create a secure random 16 byte Blake2b-KDF
saltand a secure random 12 byte ChachaPoly-IETFnonce - Derive a ChachaPoly-IETF
aead_keyby using the Blake2b-KDF with theuser_secretas key andsaltas salt - Seal
secretusing ChachaPoly-IETF withaead_keyas key andnonceas nonce
Pseudocode:
// Create a random salt and key
uint8_t salt[16], nonce[12];
secure_random(salt);
secure_random(nonce);
// Derive the AEAD key
uint8_t aead_key[32];
blake2b_kdf(aead_key, /* The secret to derive the key from: */ user_secret, salt);
// Seal the key
uint8_t capsule[sizeof(key) + 16];
chachapoly_ietf(capsule, /* Secret to protect: */ secret, aead_key, nonce); The capsule format is a simple concatenation of the salt, nonce, ciphertext and the authentication
tag (|| denotes concatenation):
salt[16] || nonce[12] || chacha_ciphertext* || poly_tag[16]
Prerequisites: A working Rust toolchain >= 1.39 and a unix-like make
environment.
To build, test and install the library, use make, make check and make install respectively. To
add additional cargo-flags, use the CARGO_FLAGS environment variable for your make invocation.