cryptoids-0.0.0: Reversable and secure encoding of object ids as a bytestring

Data.CryptoID.Poly

Description

Given a value of a serializable type (like Int) we perform serialization and compute a cryptographic hash of the associated namespace (carried as a phantom type of kind Symbol). The serialized payload is then encrypted using the symmetric cipher in CBC mode using the hashed namespace as an initialization vector (IV).

The probability of detecting a namespace mismatch is thus $$1 - 2^{128-l}$$ where $$l$$ is the length of the serialized payload.

Synopsis

Documentation

newtype CryptoID namespace a :: Symbol -> * -> * #

Constructors

 CryptoID Fieldsciphertext :: a

Instances

This newtype ensures only keys of the correct length can be created

Use genKey to securely generate keys.

Use the Binary instance to save and restore values of CryptoIDKey across executions.

Instances

 Source # Does not actually show any key material MethodsshowList :: [CryptoIDKey] -> ShowS # Source # MethodsputList :: [CryptoIDKey] -> Put # Source # MethodswithByteArray :: CryptoIDKey -> (Ptr p -> IO a) -> IO a #

genKey :: MonadIO m => m CryptoIDKey Source #

Securely generate a new key using system entropy

When CryptoCipher accepts keys of varying lengths this function generates a key of the largest accepted size.

encrypt :: forall m namespace. (KnownSymbol namespace, MonadError CryptoIDError m) => CryptoIDKey -> ByteString -> m (CryptoID namespace ByteString) Source #

Encrypt an arbitrary serializable value

decrypt :: forall m namespace. (KnownSymbol namespace, MonadError CryptoIDError m) => CryptoIDKey -> CryptoID namespace ByteString -> m ByteString Source #

Decrypt an arbitrary serializable value

Error cases that can be encountered during encrypt and decrypt

Constructors

 AlgorithmError CryptoError One of the underlying cryptographic algorithms (CryptoHash or CryptoCipher) failed. NamespaceHashIsWrongLength ByteString The length of the digest produced by CryptoHash does not match the block size of CryptoCipher.The offending digest is included.This error should not occur and is included primarily for sake of totality. CiphertextConversionFailed The produced ByteString is the wrong length for conversion into a ciphertext. DeserializationError (ByteString, ByteOffset, String) The plaintext obtained by decrypting a ciphertext with the given CryptoIDKey in the context of the namespace could not be deserialized into a value of the expected payload-type.This is expected behaviour if the namespace or payload-type does not match the ones used during encryption or if the ciphertext was tempered with. InvalidNamespaceDetected We have determined that, allthough deserializion succeded, the ciphertext was likely modified during transit or created using a different namespace.

Instances

 Source # Methods Source # MethodsshowList :: [CryptoIDError] -> ShowS # Source # Methods

The symmetric cipher BlockCipher this module uses

type CryptoHash = SHAKE128 64 Source #

The cryptographic HashAlgorithm this module uses

We expect the block size of CryptoCipher to be exactly the size of the Digest generated by CryptoHash (since a Digest is used as an IV).

Violation of this expectation causes runtime errors.