snapper-box provides the CryptoBox type, a LSM backed, encrypted, namespaced document store, for the
snapper ecosystem.
CryptoBox uses one file per namespace, with each namespace using its own key, derived from a
shared root key.
The root key is randomly generated, and is stored at rest encrypted with the argon2 derivation of a user supplied password. Derived keys are derived using Blake3's key derivation mode.
XChaCha20 is used as the cipher, with Blake3 in HMAC mode used to provide integrity. The author intentionally does not use poly1305, as he has a deep distrust of polynomial MACs, and very much loves defense in depth.
TODO
This project uses nix for development. While it does use a nix
flake, the repository makes use of compatibility shims to allow
development and building without needing to be on unstableNix.
Once you have nix installed, simply run, if you have flakes and nix-command enabled:
shell
nix develop
or
shell
nix-shell
if you do not.
This project also has a .evnrc file, for use with direnv.
TODO
Take a look at CONTRIBUTING.md
Please take a look at the CHANEGLOG.md and the rustdoc.