Secure Cell passphrase API: RustThemis #630
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support of Secure Cell passphrase API to RustThemis. The API is described in RFC 3.8.
This only adds new API with its documentation. Existing API docs and tests for symmetric key API need an update to avoid using passphrases there. Since this PR is already massive, those changes will be submitted separately.
User notes
Passphrase-based interface of Secure Cell allows you to use short and memorable passphrases to secure your data. While symmetric keys are more secure, they are also longer and much harder for humans to remember.
Here is how you can use passphrases with Secure Cell in Rust:
Passphrase API accepts passphrases as relatively short strings, suitable for human memory. Master key API uses randomly generated, long binary keys, which are more suitable for machines to remember. However, they are also much more efficient and generally more secure due to considerable length. You should prefer to use keys over passphrases if there are no humans involved. The interface is almost the same:
Technical notes
There are no significant deviations from RFC 3.8.
The code sample is updated to be similar to other languages where it's a showcase for Secure Cell API rather than a copy of integration test tool. Secure Cell is not really designed for generic file encryption so we'd rather not give a wrong idea.
Checklist
Benchmark results are attached(only Core)