Hide data at run-time by encrypting it when it is not in use.
Encrust encrypts the underlying data directly, and only exposes the underlying data when needed. When the decrypted data goes out of scope it is encrypted until next time it is needed.
```rust use encrust::{Encrustable, Encrusted}; use zeroize::Zeroize;
// Data types used with encrust must implement Zeroize to make sure data // does not linger in memory after use.
struct SecretData (String, u64, Vec
// This must be mut, otherwise it is not possible to call decrust. let mut topsecret = Encrusted::newwithrandom( SecretData ("A string".tostring(), 1337, vec![1,2,3,4,5,6]), rand::thread_rng(), );
{ // Decrypt the data in topsecret to be able to read the data. let mut decrypted = topsecret.decrust(); asserteq!("A string", decrypted.0); // It is possible to modify decrypted values as DerefMut is implemented. decrypted.1 += 1; asserteq!(1338, decrypted.1); asserteq!(&[1,2,3,4,5,6], decrypted.2.asslice()); } // decrypted is now out of scope and the data in top_secret is now encrypted. ```
Encrust contains several macros for embedding encrypted values in executables. Encryption happens at compile-time, and the plain values are not included in the binary.
```rust use encrust::{encrust, encrustvec, encrustfilebytes, encrustfile_string};
// When encrusting numbers, the data type must be specified. let mut encryptedint = encrust!(1u32); asserteq!(*encryptedint.decrust(), 1u32); let mut encryptedstring = encrust!("Strings can also be encrusted."); asserteq!("Strings can also be encrusted.", encryptedstring.decrust().asstr()); let mut encryptedarray = encrust!([1u8,2u8,3u8]); asserteq!(&[1u8,2u8,3u8], encryptedarray.decrust().asslice()); let mut encryptedvec = encrustvec![3i32,2i32,1i32]; asserteq!(vec![3i32,2i32,1i32].asslice(), encryptedvec.decrust().as_slice());
// Read Cargo.toml for this crate into a String. let mut cargotoml = encrustfilestring!("Cargo.toml"); // Read Cargo.toml for this crate into a byte array. let mut cargotomlbytes = encrustfilestring!("Cargo.toml"); asserteq!(cargotoml.decrust().asbytes(), cargotomlbytes.decrust().as_bytes()); ```
Encrust currently only offers encryption of certain simple data structures actually containing data, most container types are not supported yet. Additionally, certain things are not encrypted at the moment. For vectors (and strings), the actual data stored is encrypted, but the pointer to the data, as well as the length and capacity fields are not.
License: MIT