bitwarden_crypto

Module safe

Source
Expand description

§Bitwarden-crypto safe module

The safe module provides high-level cryptographic tools for building secure protocols and features. When developing new features, use this module first before considering lower-level primitives from other parts of bitwarden-crypto.

Usage examples of all safe APIs are provided in the crate’s examples directory.

§Password-protected key envelope

Use the password protected key envelope to protect a symmetric key with a password. Examples include:

  • locking a vault with a PIN/Password
  • protecting exports with a password

Internally, the module uses a KDF to protect against brute-forcing, but it does not expose this to the consumer. The consumer only provides a password and key.

§Data envelope

Use the data envelope to protect a struct (document) of data. Examples include:

  • protecting a vault item
  • protecting metadata (name, etc.) of a collection
  • protecting a vault report

The serialization of the data and the creation of a content encryption key is handled internally. Calling the API with a decrypted struct, the content encryption key ID and the encrypted data are returned.

Modules§

data_envelope 🔒
data_envelope_namespace 🔒
password_protected_key_envelope 🔒
Password protected key envelope is a cryptographic building block that allows sealing a symmetric key with a low entropy secret (password, PIN, etc.).

Macros§

generate_versioned_sealable
Generates a versioned enum that implements SealableData.

Structs§

DataEnvelope
DataEnvelope allows sealing structs entire structs to encrypted blobs.
PasswordProtectedKeyEnvelope
A password-protected key envelope can seal a symmetric key, and protect it with a password. It does so by using a Key Derivation Function (KDF), to increase the difficulty of brute-forcing the password.

Enums§

DataEnvelopeError
Error type for DataEnvelope operations.
DataEnvelopeNamespace
Data envelopes are domain-separated within bitwarden, to prevent cross protocol attacks.
PasswordProtectedKeyEnvelopeError
Errors that can occur when sealing or unsealing a key with the PasswordProtectedKeyEnvelope.

Traits§

SealableData
Marker trait for data that can be sealed in a DataEnvelope.
SealableVersionedData
Marker trait for data that can be sealed in a DataEnvelope.