Expand description
§Convergent Encryption with Brotli Compression
This crate provides convergent encryption for self-encrypting files for untrusted storage. It uses Blake3 for key derivation, AES-256-GCM for encryption, and optional Brotli compression.
§Key Features
- Convergent Encryption: Same content always produces the same ciphertext
- Content-Based Key Derivation: Encryption key is derived from file content using Blake3
- Optional Compression: Brotli compression reduces storage requirements
- Deterministic: Perfect for deduplication and integrity verification
- No Key Management: No need to store or manage encryption keys separately
§How It Works
- Compression (optional): Content is compressed with Brotli if it reduces size
- Key Derivation: File content is hashed with Blake3 to create a 32-byte encryption key
- Encryption: AES-256-GCM encrypts the data using the derived key as both key and nonce
- Metadata: Compression status, original size, and encryption key are tracked for decryption
§Usage Example
use zoe_encrypted_storage::{ConvergentEncryption, CompressionConfig};
// Basic encryption with default settings
let content = b"Hello, world!";
let (encrypted, info) = ConvergentEncryption::encrypt(content).unwrap();
let decrypted = ConvergentEncryption::decrypt(&encrypted, &info).unwrap();
assert_eq!(content, decrypted.as_slice());
// Custom compression settings
let config = CompressionConfig {
enabled: true,
quality: 8, // Higher compression (0-11)
min_size: 128, // Only compress files > 128 bytes
};
let (encrypted, info) = ConvergentEncryption::encrypt_with_compression_config(content, config).unwrap();§Security Considerations
- Convergent encryption reveals when identical files are stored
- The encryption key is derived from content, so knowledge of content allows decryption
- AES-256-GCM provides authenticated encryption
- Blake3 provides cryptographically secure hashing
This approach is ideal for:
- File deduplication systems
- Content-addressable storage
- Integrity verification
- Untrusted storage where you control the content
Structs§
- Compression
Config - Configuration for Brotli compression settings
- Convergent
Encryption - Convergent encryption using AES-256-GCM with Blake3 key derivation and Brotli compression
- Convergent
Encryption Info - Metadata about the encryption operation
Enums§
- Convergent
Encryption Error - Error types for convergent encryption operations
Type Aliases§
- Convergent
Encryption Key - Encryption key derived from source content for convergent encryption