ECIES on Twisted Edwards Curve25519 using AES-GCM and HKDF-SHA256.
ECIES can be used to encrypt data using a public key such that it can only be decrypted by the holder of the corresponding private key.
It uses the excellent curve25519-dalek library for ECC operations, and RustCrypto for HKDF-SHA256 / AES-GCM operation operations.
This project has not undergone a security audit. A 1.0 release will not happen until it does.
let mut csprng = rand::thread_rng();
let (secret, public) = ecies_ed25519::generate_keypair(&mut csprng);
let message = "I 💖🔒";
// Encrypt the message with the public key such that only the holder of the secret key can decrypt.
let encrypted = ecies_ed25519::encrypt(&public, message.as_bytes(), &mut csprng).unwrap();
// Decrypt the message with the secret key
let decrypted = ecies_ed25519::decrypt(&secret, &encrypted);The serde feature is provided for serializing / deserializing private and public keys.
By default this crate's dependencies will use software implementations of both AES and the POLYVAL universal hash function.
When targeting modern x86/x86_64 CPUs, use the following RUSTFLAGS to take advantage of high performance AES-NI and CLMUL CPU intrinsics:
RUSTFLAGS="-Ctarget-cpu=sandybridge -Ctarget-feature=+aes,+sse2,+sse4.1,+ssse3"
-
I will be making this crate generic over both the AEAD and HKDF implementation once const-generics is resolved.
-
Add support for AVX2 and AVX512
This project has not undergone a security audit. A 1.0 release will not happen until it does. Please contact me if you would like to fund or perform a security audit.
While this library has not undergone a security audit, some of its dependencies have. Dependency audits: