diff options
| author | Stuart Stock <stuart@int08h.com> | 2018-10-07 09:52:50 -0500 |
|---|---|---|
| committer | Stuart Stock <stuart@int08h.com> | 2018-10-07 15:48:23 -0500 |
| commit | 73bff435871edf500d15d63a1a486df5b56b27c0 (patch) | |
| tree | 73587147faa7e140cbe06fee005bd63d3e791cb6 | |
| parent | 0b924cc92418f9a210a6b78cef56e427dc9c9d1d (diff) | |
| download | roughenough-73bff435871edf500d15d63a1a486df5b56b27c0.zip | |
start work on envelope encryption for long-term seed
| -rw-r--r-- | src/bin/kms.rs | 2 | ||||
| -rw-r--r-- | src/key/envelope.rs | 31 | ||||
| -rw-r--r-- | src/key/mod.rs | 1 | ||||
| -rw-r--r-- | src/lib.rs | 1 |
4 files changed, 34 insertions, 1 deletions
diff --git a/src/bin/kms.rs b/src/bin/kms.rs index 311fbb5..724c4ad 100644 --- a/src/bin/kms.rs +++ b/src/bin/kms.rs @@ -50,7 +50,7 @@ pub fn main() { if cfg!(feature = "kms") { info!("KMS feature enabled"); let client = AwsKms::from_uri( - // your key here + "arn:aws:kms:us-east-2:927891522318:key/1c96fb2c-d417-48f4-bf24-8e7173a587f5" ).unwrap(); let ciphertext = client.encrypt("This is a test".as_ref()).unwrap(); diff --git a/src/key/envelope.rs b/src/key/envelope.rs new file mode 100644 index 0000000..3e54255 --- /dev/null +++ b/src/key/envelope.rs @@ -0,0 +1,31 @@ +// Copyright 2017-2018 int08h LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +extern crate hex; + +use ring::rand; +use ring::rand::SecureRandom; +use ring::aead::AES_256_GCM; +use key::awskms::AwsKms; + +pub struct EnvelopeEncryption; + +impl EnvelopeEncryption { + pub fn encrypt(kms: &AwsKms, plaintext: &[u8]) -> Vec<u8> { + let rng = rand::SystemRandom::new(); + let mut dek = [0u8; 16]; + rng.fill(&mut dek).unwrap(); + + } +} diff --git a/src/key/mod.rs b/src/key/mod.rs index a4af975..da18303 100644 --- a/src/key/mod.rs +++ b/src/key/mod.rs @@ -21,6 +21,7 @@ extern crate log; mod longterm; mod online; +mod envelope; pub use self::longterm::LongTermKey; pub use self::online::OnlineKey; @@ -55,6 +55,7 @@ extern crate yaml_rust; #[macro_use] extern crate log; +extern crate ring; mod error; mod message; |