Warning
Work in Progress
Warning
Might not compile on x86_64-pc-windows-gnu.
Crypto Layer is a comprehensive and flexible cryptographic library designed to provide a unified interface for various cryptographic operations and algorithms. It offers a wide range of functionalities, including encryption, decryption, signing, signature verification, and hashing, while supporting both symmetric and asymmetric cryptography.
-
Encryption Algorithms: Supports a variety of encryption algorithms, including:
- Asymmetric Encryption: RSA, ECC (Elliptic Curve Cryptography) with various curve types (P-256, P-384, P-521, secp256k1, Brainpool curves, Curve25519, Curve448, FRP256v1)
- Symmetric Block Ciphers: AES (GCM, CBC)
- Stream Ciphers: ChaCha20, XChaCha20
-
Hashing Algorithms: Supports a wide range of hashing algorithms, including:
- SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256)
- SHA-3 (SHA3-224, SHA3-256, SHA3-384, SHA3-512)
-
Key Management: Provides a unified interface for creating, loading, and managing cryptographic keys, supporting various key usages and algorithms.
-
Cross-Platform Support: Designed to work seamlessly across multiple platforms, including Android, Apple, Linux and Windows, with platform-specific implementations for key handling and security module integration.
-
Security Module Integration: Integrates with Hardware Security Modules (HSMs) and Trusted Platform Modules (TPMs) for secure key storage and cryptographic operations, ensuring enhanced security and compliance with industry standards.
-
Extensibility: The modular design of the Crypto Layer allows for easy extension and integration of additional cryptographic algorithms and security modules in the future.
- Providers are interfaces to native implemented secure storages like TPM, HSM, NKS and the fallback software provider.
- Key Pair Handles are interfaces for interacting and operating with a native key pair (P256).
- Key Handles are interfaces for interacting and operating with a native symmetric keys (AES).
- DH Exchanges are interfaces for executing a DH key exchange.
%% https://mermaid.js.org/syntax/classDiagram.html
classDiagram
direction LR
Provider "1" --> "0..*" KeyHandle : manages
Provider "1" --> "0..*" KeyPairHandle : manages
Provider "1" --> "0..*" DHExchange : creates ephemeral
KeyPairHandle "1" --> "1" DHExchange : creates
DHExchange "1" --> "1" KeyHandle : results in
class Provider {
<<Interface>>
}
note for Provider "is created by factory methods"
class KeyHandle {
<<Interface>>
}
class KeyPairHandle {
<<Interface>>
}
class DHExchange {
<<Interface>>
}
graph TB
subgraph cal[Crypto Layer]
provider(Provider)
androidprov[Android Provider]
linuxprov[Linux Provider]
windowsprov[Windows Provider]
appleprov[Apple Provider]
softwareprov[Software Provider]
end
subgraph software[Software]
encrypteddb[Encrypted DB]
metadatastore[Key Metadata Storage]
end
subgraph hardware[Hardware]
android[Strongbox Keystore]
apple[Apple Secure Enclave]
linux["TPM 2.0"]
windows[Cryptography API Next Generation]
end
provider --> androidprov
provider --> appleprov
provider --> windowsprov
provider --> softwareprov
provider--> linuxprov
cal --> metadatastore
softwareprov --> encrypteddb
androidprov --> android
appleprov --> apple
windowsprov --> windows
linuxprov --> linux
Add the library via cargo to your project:
cargo add https://github.com/nmshd/rust-crypto
Examples for the rust crate can be found in the example folder.
Contributions to the Crypto Layer are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request on the project's GitHub repository.
The library Crypto Layer is released under the MIT License.