bitwarden_crypto::safe::password_protected_key_envelope

Struct PasswordProtectedKeyEnvelope

Source 
pub struct PasswordProtectedKeyEnvelope<Ids: KeyIds> {
    _phantom: PhantomData<Ids>,
    cose_encrypt: CoseEncrypt,
}
Expand description

A password-protected key envelope can seal a symmetric key, and protect it with a password. It does so by using a Key Derivation Function (KDF), to increase the difficulty of brute-forcing the password.

The KDF parameters such as iterations and salt are stored in the envelope and do not have to be provided.

Internally, Argon2 is used as the KDF and XChaCha20-Poly1305 is used to encrypt the key.

Fields§

§_phantom: PhantomData<Ids>§cose_encrypt: CoseEncrypt

Implementations§

Source§

impl<Ids: KeyIds> PasswordProtectedKeyEnvelope<Ids>

Source

pub fn seal( key_to_seal: Ids::Symmetric, password: &str, ctx: &KeyStoreContext<'_, Ids>, ) -> Result<Self, PasswordProtectedKeyEnvelopeError>

Seals a symmetric key with a password, using the current default KDF parameters and a random salt.

This should never fail, except for memory allocation error, when running the KDF.

Source

fn seal_ref( key_to_seal: &SymmetricCryptoKey, password: &str, ) -> Result<Self, PasswordProtectedKeyEnvelopeError>

Seals a key reference with a password. This function is not public since callers are expected to only work with key store references.

Source

fn seal_ref_with_settings( key_to_seal: &SymmetricCryptoKey, password: &str, kdf_settings: &Argon2RawSettings, ) -> Result<Self, PasswordProtectedKeyEnvelopeError>

Seals a key reference with a password and custom provided settings. This function is not public since callers are expected to only work with key store references, and to not control the KDF difficulty where possible.

Source

pub fn unseal( &self, target_keyslot: Ids::Symmetric, password: &str, ctx: &mut KeyStoreContext<'_, Ids>, ) -> Result<Ids::Symmetric, PasswordProtectedKeyEnvelopeError>

Unseals a symmetric key from the password-protected envelope, and stores it in the key store context.

Source

fn unseal_ref( &self, password: &str, ) -> Result<SymmetricCryptoKey, PasswordProtectedKeyEnvelopeError>

Source

pub fn reseal( &self, password: &str, new_password: &str, ) -> Result<Self, PasswordProtectedKeyEnvelopeError>

Re-seals the key with new KDF parameters (updated settings, salt), and a new password

Trait Implementations§

Source§

impl<Ids: KeyIds> Debug for PasswordProtectedKeyEnvelope<Ids>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de, Ids: KeyIds> Deserialize<'de> for PasswordProtectedKeyEnvelope<Ids>

Source§

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl<Ids: KeyIds> From<&PasswordProtectedKeyEnvelope<Ids>> for Vec<u8>

Source§

fn from(val: &PasswordProtectedKeyEnvelope<Ids>) -> Self

Converts to this type from the input type.
Source§

impl<Ids: KeyIds> From<PasswordProtectedKeyEnvelope<Ids>> for String

Source§

fn from(val: PasswordProtectedKeyEnvelope<Ids>) -> Self

Converts to this type from the input type.
Source§

impl<Ids: KeyIds> FromStr for PasswordProtectedKeyEnvelope<Ids>

Source§

type Err = PasswordProtectedKeyEnvelopeError

The associated error which can be returned from parsing.
Source§

fn from_str(s: &str) -> Result<Self, Self::Err>

Parses a string s to return a value of this type. Read more
Source§

impl<Ids: KeyIds> Serialize for PasswordProtectedKeyEnvelope<Ids>

Source§

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl<Ids: KeyIds> TryFrom<&Vec<u8>> for PasswordProtectedKeyEnvelope<Ids>

Source§

type Error = CoseError

The type returned in the event of a conversion error.
Source§

fn try_from(value: &Vec<u8>) -> Result<Self, Self::Error>

Performs the conversion.

Auto Trait Implementations§

§

impl<Ids> Freeze for PasswordProtectedKeyEnvelope<Ids>

§

impl<Ids> RefUnwindSafe for PasswordProtectedKeyEnvelope<Ids>
where Ids: RefUnwindSafe,

§

impl<Ids> Send for PasswordProtectedKeyEnvelope<Ids>
where Ids: Send,

§

impl<Ids> Sync for PasswordProtectedKeyEnvelope<Ids>
where Ids: Sync,

§

impl<Ids> Unpin for PasswordProtectedKeyEnvelope<Ids>
where Ids: Unpin,

§

impl<Ids> UnwindSafe for PasswordProtectedKeyEnvelope<Ids>
where Ids: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> CompatExt for T

§

fn compat(self) -> Compat<T>

Applies the [Compat] adapter by value. Read more
§

fn compat_ref(&self) -> Compat<&T>

Applies the [Compat] adapter by shared reference. Read more
§

fn compat_mut(&mut self) -> Compat<&mut T>

Applies the [Compat] adapter by mutable reference. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, UT> HandleAlloc<UT> for T
where T: Send + Sync,

§

fn new_handle(value: Arc<T>) -> Handle

Create a new handle for an Arc value Read more
§

unsafe fn clone_handle(handle: Handle) -> Handle

Clone a handle Read more
§

unsafe fn consume_handle(handle: Handle) -> Arc<T>

Consume a handle, getting back the initial Arc<> Read more
§

unsafe fn get_arc(handle: Handle) -> Arc<Self>

Get a clone of the Arc<> using a “borrowed” handle. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<I> IntoResettable<String> for I
where I: Into<String>,

§

fn into_resettable(self) -> Resettable<String>

Convert to the intended resettable type
§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,