9 releases (4 breaking)
| 0.5.0 | Oct 22, 2023 |
|---|---|
| 0.4.0 | Oct 15, 2023 |
| 0.2.4 | Oct 10, 2023 |
| 0.1.2 | Oct 7, 2023 |
| 0.0.0 | Apr 23, 2022 |
#1582 in Cryptography
110KB
2.5K
SLoC
tiny-encrypt-rs
IMPORTANT: To use tiny-encrypt, a Yubikey(https://www.yubico.com/products/) is required, the key MUST support PIV or OpenPGP.
Tiny encrypt for Rust
Specification: Tiny Encrypt Spec V1.1
Tiny encrypt rs is a Rust implementation of Tiny encrypt java https://git.hatter.ink/hatter/tiny-encrypt-java
Tiny encrypt spec see: https://github.com/OpenWebStandard/tiny-encrypt-format-spec
Repository address: https://git.hatter.ink/hatter/tiny-encrypt-rs mirror https://github.com/jht5945/tiny-encrypt-rs
Encrypt config ~/.tinyencrypt/config-rs.json:
{
"envelops": [
{
"type": "pgp",
"kid": "KID-1",
"desc": "this is key 001",
"publicPart": "----- BEGIN PUBLIC KEY ..."
},
{
"type": "ecdh",
"kid": "KID-2",
"desc": "this is key 002",
"publicPart": "04..."
}
],
"profiles": {
"default": [
"KID-1",
"KID-2"
],
"l2,leve2": [
"KID-2"
]
}
}
Supported PKI encryption types:
| Type | Algorithm | Description |
|---|---|---|
| pgp | PKCS1-v1.5 | OpenPGP Encryption Key |
| pgp-x25519 | ECDH(X25519) | OpenPGP Encryption Key |
| ecdh | ECDH(secp256r1) | PIV Slot |
| ecdh-p384 | ECDH(secp384r1) | PIV Slot |
Smart Card(Yubikey) protected ECDH Encryption description:
┌───────────────────┐ ┌───────────────────────────┐
│Tiny Encrypt │ │Smart Card (Yubikey) │
│ │ Get Public Key(P) │ │
│ │ ◄───────────────────┤ Private Key(d) │
│ │ │ P = dG │
│ │ Temp Private Key(k) │ │
└───────────────────┘ Q = kG └───────────────────────────┘
Shared Secret = kP = kdG
Store Q, Encrypt using derived key from Shared Secret
Send Q to Smart Card
───────────────────►
Shared Secret = dQ = kdG
Decrypt using derived key from restored Shared Secret
Dependencies
~23–34MB
~548K SLoC