Lee Smet
@@ -83,4 +83,22 @@ impl SymmetricKey {
|
||||
.decrypt(nonce, ciphertext)
|
||||
.map_err(|_| CryptoError::DecryptionFailed)
|
||||
}
|
||||
|
||||
/// Derives a new symmetric key from a password.
|
||||
///
|
||||
/// Derivation is done using pbkdf2 with Sha256 hashing.
|
||||
pub fn derive_from_password(password: &str) -> Self {
|
||||
/// Salt to use for PBKDF2. This needs to be consistent accross runs to generate the same
|
||||
/// key. Additionally, it does not really matter what this is, as long as its unique.
|
||||
const SALT: &[u8; 10] = b"vault_salt";
|
||||
/// Amount of rounds to use for key generation. More rounds => more cpu time. Changing this
|
||||
/// also chagnes the generated keys.
|
||||
const ROUNDS: u32 = 100_000;
|
||||
|
||||
let mut key = [0; 32];
|
||||
|
||||
pbkdf2::pbkdf2_hmac::<sha2::Sha256>(password.as_bytes(), SALT, ROUNDS, &mut key);
|
||||
|
||||
Self(key)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user