68 lines
2.2 KiB
Markdown
68 lines
2.2 KiB
Markdown
# tiny-encrypt-rs
|
|
|
|
**IMPORTANT**: To use tiny-encrypt, a Yubikey(https://www.yubico.com/products/) or CanoKey(https://www.canokeys.org/) is
|
|
required, the Key NEED supports PIV or OpenPGP.
|
|
|
|
Tiny encrypt for Rust
|
|
|
|
> Tiny encrypt rs is a Rust implementation of Tiny encrypt java https://git.hatter.ink/hatter/tiny-encrypt-java <br>
|
|
> Tiny encrypt spec see: https://github.com/OpenWebStandard/tiny-encrypt-format-spec
|
|
|
|
Repository address: https://git.hatter.ink/hatter/tiny-encrypt-rs mirror https://github.com/jht5945/tiny-encrypt-rs
|
|
|
|
<br>
|
|
|
|
Encrypt config `~/.tinyencrypt/config-rs.json`:
|
|
|
|
```json
|
|
{
|
|
"envelops": [
|
|
{
|
|
"type": "pgp",
|
|
"kid": "KID-1",
|
|
"desc": "this is key 001",
|
|
"publicPart": "----- BEGIN OPENPGP ..."
|
|
},
|
|
{
|
|
"type": "ecdh",
|
|
"kid": "KID-2",
|
|
"desc": "this is key 002",
|
|
"publicPart": "04..."
|
|
}
|
|
],
|
|
"profiles": {
|
|
"default": [
|
|
"KID-1",
|
|
"KID-2"
|
|
],
|
|
"leve2": [
|
|
"KID-2"
|
|
]
|
|
}
|
|
}
|
|
```
|
|
|
|
Smart Card(Yubikey) protected ECDH Encryption description:
|
|
|
|
```text
|
|
┌───────────────────┐ ┌───────────────────────────┐
|
|
│Tiny Encrypt │ │Smart Card (Yubikey) │
|
|
│ │ Get Public Key(P) │ │
|
|
│ │ ◄───────────────────┤ Private Key(d) │
|
|
│ │ │ P = dG │
|
|
│ │ Temp Private Key(k) │ │
|
|
└───────────────────┘ Q = kG └───────────────────────────┘
|
|
|
|
Shared Secret = kP = kdG
|
|
|
|
Store Q, Encrypt using derived key from Shared Secret
|
|
|
|
|
|
Send Q to Smart Card
|
|
───────────────────►
|
|
Shared Secret = dQ = kdG
|
|
|
|
Decrypt using derived key from restored Shared Secret
|
|
```
|
|
|