CryptGuard Syntax Overhaul & Updates
CryptGuard - Post Quantum Cryptographic Crate
Overview
CryptGuard is a versatile cryptographic crate that provides encryption capabilities using AES or XChaCha20, along with Kyber key encapsulation. It supports key sizes of 512, 768, and 1024 bits and offers options for manual encryption to fully utilize the crate's capabilities. Users have the flexibility to select sha256 instead of the default HMAC, which employs sha512. Additionally, it includes functionalities for signing messages and creating detached signatures with falcon512, falcon1024, dilithium2, dilithium3, and dilithium5.
How It Works
The encryption process is streamlined once the desired algorithm is selected. It involves using a public key, a passphrase for HMAC, and the target data. The data is deliberately segmented into files and messages for user convenience. Upon encryption, the public key encapsulates the key details to generate a shared secret, which then serves as the final encryption key. The ciphertext, along with the shared secret, is provided to the recipient who decrypts it using their passphrase and secret key, and for XChaCha20, a nonce is required.
Encryption Syntax
// Creating a new key pair
let (public_key, secret_key) = KeyControlKyber1024::keypair().expect("Failed to generate keypair");
// Instantiating a new encryption object
let mut encryptor = Kyber::<Encryption, Kyber1024, File, AES>::new(public_key.clone(), None)?;
// Encrypting a message
let (encrypted_message, cipher) = encryptor.encrypt_msg(message.clone(), passphrase.clone())?;
// Encrypting a file
let (encrypted_message, cipher) = encryptor.encrypt_file(enc_path.clone(), passphrase.clone())?;
// Decrypting a message
let mut decryptor = Kyber::<Decryption, Kyber768, File, AES>::new(secret_key, None)?;
let decrypted_message = decryptor.decrypt_msg(encrypted_message.clone(), passphrase.clone(), cipher)?;
// Decrypting a file
let decrypted_file = decryptor.decrypt_file(enc_path.clone(), passphrase.clone(), cipher)?;
Signed Messages and Detached Signatures
Using Falcon1024 and Dilithium5, we have introduced robust post-quantum algorithms for key generation and signing processes. To create a signed message, the secret key is used along with the data to generate a verifiable signed version. Detached signatures serve to authenticate the creator of downloadable content. The verification process involves matching the public key, the signed data, and the original data.
Syntax for Signed Messages and Detached Signatures
// Creating a Falcon1024 key pair
let (public_key, secret_key) = Falcon1024::keypair().unwrap();
// Deciding between a signed message or a detached signature
let sign = Signature::<Falcon1024, Message>::new(); // For signed message
let sign = Signature::<Falcon1024, Detached>::new(); // For detached signature
// Using the signature function
let signature = sign.signature(data.clone(), secret_key)?;
// Opening a signed message
let opened_message = sign.open(signed_message, public_key)?;
// Verifying a detached signature
let is_valid = sign.verify(data, signature, public_key)?;
Logging
Logging Capabilities of CryptGuard
CryptGuard now features logging capabilities, designed to provide detailed tracking of encryption and decryption activities, thereby ensuring both security and transparency. The logging functionality does not compromise safety; instead, it documents which algorithm performed which action, including the specific date and time. For example, it records when a user initiates the generation of a new keypair, and when this process is completed, or notes when encryption of a file or message using AES begins, such as at 10:52 AM on 04/25/202X.
To enable logging, use the function activate_log("log.txt")
. This command specifies the path to the log file and simultaneously creates a log folder in the same directory as the log file. This folder contains split logs related to different processes, providing a focused overview of actions without revealing any sensitive data. Rest assured, encrypted information, data prior to encryption, keys, and file locations are not disclosed in the logs.
The logging mechanism is implemented using a custom macro that interacts with our lazy static logging structure, LOGGER. This structure features a function to add log entries, which activates only when logging is enabled, as indicated by a boolean within the structure. Once active, the function continuously writes to the main log file, appending each new entry. Each time we invoke another macro, it clears the string in our structure that stores process-related log messages, allowing us to complete and close out the current process log file stored in the log folder.
Manual Encryption with AES or XChaCha20
For those seeking in-depth control over the cryptographic processes, manual encryption using AES or XChaCha20 is available. This advanced method requires a good understanding of the cryptographic constructs involved.
// Start implementing CrytographicInformation struct
// But since it needs the CryptographicMetadata struct
// we start whith that one
let crypt_meta = CryptographicMetadata::from(
process: Process, // (enum)
encryption_type: CryptographicMechanism, // (enum)
key_type: KeyEncapMechanism, // (enum)
content_type: ContentType // (enum)
);
// If you want to encrypt a file add to CryptographicInformation, a filemetada at the last attribute and turn the boolean to true.
let file = FileMetadata::from(
location: PathBuf,
file_type: FileTypes, // (enum)
file_state: FileState // (enum)
);
// Finally implement the CryptographicInformation struct
let crypt_info = CryptographicInformation::from(
content: Vec<u8>,
passphrase: Vec<u8>,
metadata: crypt_meta, // CryptographicMetadata struct
safe: bool,
location: Some(file), // Option<FileMetadata>
)
// Now you can start encryption
// new(infos: CryptographicInformation)
let cipher = CipherAES::new(crypt_info);
let (data, ciphertext) = cipher.encrypt(public_key: Vec<u8>);
Enhancing Security Through Combined Techniques
For increased safety, the cryptographic algorithms provided allow for a combination of Key Encapsulation based encryption and Key Derivation for signature capabilities. Specifically, you can enhance security by signing the data in the same manner as creating signed messages before the encryption process. After signing, this data can be written into a file. Following this, the file is encrypted, and both the encrypted data and the ciphertext are converted to hex format and then concatenated. This concatenated format, containing both the encrypted data and the ciphertext, can be secured further by employing the method used for signing messages, adding an additional layer of security.
This approach eliminates the need to send ciphertext and encrypted data separately to the recipient of a message, thereby integrating robust security measures against potential interference by unauthorized entities.
Moreover, you can extend the use of these cryptographic techniques by encrypting data in segments using multiple encryption algorithms layered over each other. This stratified encryption enhances security further. While detailed instructions and examples are provided in the README.md and previous explanations, it is crucial to handle your data with care and ensure its integrity remains uncompromised. Always be vigilant about the security practices you implement to protect your information.
Subscribe to my newsletter
Read articles from M directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
M
M
Welcome to my blog on Hashnode! I am an avid programmer and technology enthusiast, specializing in the realms of Cybersecurity and Big Data. My journey in the tech world is driven by a deep passion for understanding and innovating in the field of information security and data analysis. My Expertise: Rust & Python Programming: I have honed my skills in Rust and Python, two powerful programming languages known for their efficiency and versatility. Rust's performance and safety features make it an excellent choice for system-level programming, while Python's simplicity and vast libraries allow me to handle complex data structures and algorithms with ease. Cybersecurity: In the ever-evolving landscape of digital security, I keep myself abreast of the latest trends and techniques. My focus is on developing robust security protocols and implementing measures to safeguard data against emerging threats. Big Data & Deep Learning: Leveraging the power of TensorFlow, I delve into the intricacies of Big Data and its applications in Deep Learning while learning about Data Science and AI. API Development with React & Next.js: Recognizing the importance of seamless and efficient web services, I also specialize in creating APIs using the powerful combination of React and Next.js. This approach allows me to build scalable, high-performance web applications that integrate smoothly with various backend services. My Projects: On this blog, you'll find regular updates on my latest projects and experiments in these areas. I believe in the power of sharing knowledge and experiences, and I hope my insights will be valuable to fellow enthusiasts and professionals in the field. Whether you're a seasoned programmer, a budding data scientist, or just someone with a keen interest in technology, I invite you to join me on this journey of exploration and discovery in the dynamic world of programming and cybersecurity.