License | BSD3 |
---|---|
Safe Haskell | None |
Language | Haskell2010 |
Given a value of an arbitrary serializable type (like Int
) we perform
serialization and compute a cryptographic hash of the associated namespace
(carried as a phantom type of kind Symbol
).
The serializedpayload is then encrypted using the symmetric cipher in CBC mode
using the hashed namespace as an initialization vector (IV).
Since the serialized payload is padded such that its length is an integer multiple of the block size we can detect namespace mismatches by checking that all bytes expected to have been inserted during padding are nil.
The probability of detecting a namespace mismatch is thus (1 - 2^{l text{mod} 64}) where \(l\) is the length of the serialized payload in bits.
- encrypt :: forall a m c namespace. (KnownSymbol namespace, MonadThrow m, Binary a) => (ByteString -> m (Maybe Int)) -> (ByteString -> m c) -> CryptoIDKey -> a -> m (CryptoID namespace c)
- decrypt :: forall a m c namespace. (KnownSymbol namespace, MonadThrow m, Binary a) => (c -> m ByteString) -> CryptoIDKey -> CryptoID namespace c -> m a
- module Data.CryptoID.ByteString
Documentation
:: (KnownSymbol namespace, MonadThrow m, Binary a) | |
=> (ByteString -> m (Maybe Int)) | Ensure the resulting ciphertext is of the provided length (needs to be a multiple of the block size of |
-> (ByteString -> m c) | |
-> CryptoIDKey | |
-> a | |
-> m (CryptoID namespace c) |
Encrypt a serialized value
decrypt :: forall a m c namespace. (KnownSymbol namespace, MonadThrow m, Binary a) => (c -> m ByteString) -> CryptoIDKey -> CryptoID namespace c -> m a Source #
Decrypt a serialized value
module Data.CryptoID.ByteString
Orphan instances
(MonadCrypto m, (~) * (MonadCryptoKey m) CryptoIDKey, KnownSymbol namespace, Binary a) => HasCryptoID namespace ByteString a m Source # | |