ToxEncryptSave

Description:

This module is organized into two parts.

A simple API operating on plain text/cipher text data and a password to encrypt or decrypt it.
A more advanced API that splits key derivation and encryption into two separate function calls.

The first part is implemented in terms of the second part and simply calls the separate functions in sequence. Since key derivation is very expensive compared to the actual encryption, clients that do a lot of crypto should prefer the advanced API and reuse pass-key objects.

To use the second part, first derive an encryption key from a password with tox_pass_key_derive, then use the derived key to encrypt the data.

The encrypted data is prepended with a magic number, to aid validity checking (no guarantees are made of course). Any data to be decrypted must start with the magic number.

Clients should consider alerting their users that, unlike plain data, if even one bit becomes corrupted, the data will be entirely unrecoverable. Ditto if they forget their password, there is no way to recover the data.

Part 1

The simple API is presented first. If your code spends too much time using these functions, consider using the advanced functions instead and caching the generated pass-key.

Content:

Classes:

PassKey - This type represents a pass-key.

Enums:

Constants:

public const uint32 PASS_ENCRYPTION_EXTRA_LENGTH
The amount of additional data required to store any encrypted byte array. Encrypting an array of N bytes requires N + pass_encryption_extra_length bytes in the encrypted byte array.
public const uint32 PASS_KEY_LENGTH
The size of the key part of a pass-key.
public const uint32 PASS_SALT_LENGTH
The size of the salt part of a pass-key.

Functions:

public uint8[]? get_salt (uint8[] ciphertext, out ErrGetSalt error)
Retrieves the salt used to encrypt the given data.
public bool is_data_encrypted (uint8[] data)
Determines whether or not the given data is encrypted by this module.
public uint8[]? pass_decrypt (uint8[] ciphertext, uint8[]? passphrase, out ErrDecryption error)
Decrypts the given data with the given passphrase.
public uint8[]? pass_encrypt (uint8[] plaintext, uint8[]? passphrase, out ErrEncryption error)
Encrypts the given data with the given passphrase.
public uint32 pass_encryption_extra_length ()
The amount of additional data required to store any encrypted byte array. Encrypting an array of N bytes requires N + pass_encryption_extra_length bytes in the encrypted byte array.
public uint32 pass_key_length ()
The size of the key part of a pass-key.
public uint32 pass_salt_length ()
The size of the salt part of a pass-key.