|
1 | | -//! Password protected key envelope is a cryptographic building block that allows sealing a symmetric key |
2 | | -//! with a low entropy secret (password, PIN, etc.). |
| 1 | +//! Password protected key envelope is a cryptographic building block that allows sealing a |
| 2 | +//! symmetric key with a low entropy secret (password, PIN, etc.). |
3 | 3 | //! |
4 | | -//! It is implemented by using a KDF (Argon2ID) combined with secret key encryption (XChaCha20-Poly1305). |
5 | | -//! The KDF prevents brute-force by requiring work to be done to derive the key from the password. |
| 4 | +//! It is implemented by using a KDF (Argon2ID) combined with secret key encryption |
| 5 | +//! (XChaCha20-Poly1305). The KDF prevents brute-force by requiring work to be done to derive the |
| 6 | +//! key from the password. |
6 | 7 | //! |
7 | | -//! For the consumer, the output is an opaque blob that can be later unsealed with the same password. The |
8 | | -//! KDF parameters and salt are contained in the envelope, and don't need to be provided for unsealing. |
| 8 | +//! For the consumer, the output is an opaque blob that can be later unsealed with the same |
| 9 | +//! password. The KDF parameters and salt are contained in the envelope, and don't need to be |
| 10 | +//! provided for unsealing. |
9 | 11 | //! |
10 | | -//! Internally, the envelope is a CoseEncrypt object. The KDF parameters / salt are placed in the single |
11 | | -//! recipient's unprotected headers. The output from the KDF - "envelope key", is used to wrap the |
12 | | -//! symmetric key, that is sealed by the envelope. |
| 12 | +//! Internally, the envelope is a CoseEncrypt object. The KDF parameters / salt are placed in the |
| 13 | +//! single recipient's unprotected headers. The output from the KDF - "envelope key", is used to |
| 14 | +//! wrap the symmetric key, that is sealed by the envelope. |
13 | 15 |
|
14 | 16 | use std::{marker::PhantomData, num::TryFromIntError}; |
15 | 17 |
|
|
0 commit comments