openssl

Module symm

source
Expand description

High level interface to certain symmetric ciphers.

§Examples

Encrypt data in AES128 CBC mode

use openssl::symm::{encrypt, Cipher};

let cipher = Cipher::aes_128_cbc();
let data = b"Some Crypto Text";
let key = b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
let iv = b"\x00\x01\x02\x03\x04\x05\x06\x07\x00\x01\x02\x03\x04\x05\x06\x07";
let ciphertext = encrypt(
    cipher,
    key,
    Some(iv),
    data).unwrap();

assert_eq!(
    b"\xB4\xB9\xE7\x30\xD6\xD6\xF7\xDE\x77\x3F\x1C\xFF\xB3\x3E\x44\x5A\x91\xD7\x27\x62\x87\x4D\
      \xFB\x3C\x5E\xC4\x59\x72\x4A\xF4\x7C\xA1",
    &ciphertext[..]);

Encrypting an asymmetric key with a symmetric cipher

use openssl::rsa::{Padding, Rsa};
use openssl::symm::Cipher;

// Generate keypair and encrypt private key:
let keypair = Rsa::generate(2048).unwrap();
let cipher = Cipher::aes_256_cbc();
let pubkey_pem = keypair.public_key_to_pem_pkcs1().unwrap();
let privkey_pem = keypair.private_key_to_pem_passphrase(cipher, b"Rust").unwrap();
// pubkey_pem and privkey_pem could be written to file here.

// Load private and public key from string:
let pubkey = Rsa::public_key_from_pem_pkcs1(&pubkey_pem).unwrap();
let privkey = Rsa::private_key_from_pem_passphrase(&privkey_pem, b"Rust").unwrap();

// Use the asymmetric keys to encrypt and decrypt a short message:
let msg = b"Foo bar";
let mut encrypted = vec![0; pubkey.size() as usize];
let mut decrypted = vec![0; privkey.size() as usize];
let len = pubkey.public_encrypt(msg, &mut encrypted, Padding::PKCS1).unwrap();
assert!(len > msg.len());
let len = privkey.private_decrypt(&encrypted, &mut decrypted, Padding::PKCS1).unwrap();
let output_string = String::from_utf8(decrypted[..len].to_vec()).unwrap();
assert_eq!("Foo bar", output_string);
println!("Decrypted: '{}'", output_string);

Structs§

  • Represents a particular cipher algorithm.
  • Represents a symmetric cipher context.

Enums§

Functions§

  • Decrypts data in one go, and returns the decrypted data.
  • Like decrypt, but for AEAD ciphers such as AES GCM.
  • Encrypts data in one go, and returns the encrypted data.
  • Like encrypt, but for AEAD ciphers such as AES GCM.