Encryption

Rwf uses AES-128 for encrypting user sessions and private cookies. The same functionality is available through the rwf::crypto module to encrypt and decrypt arbitrary data.

Encrypt data

To encrypt data using AES-128 and the application secret key, you can use the encrypt function, for example:

use rwf::crypto::encrypt;

let data = serde_json::json!({
    "user": "test",
    "password": "hunter2"
});

// JSON is converted into a byte array.
let data = serde_json::to_vec(&data).unwrap();

// Data is encrypted with AES.
let encrypted = encrypt(&data).unwrap();

Any kind of data can be encrypted, as long as it's serializable to an array of bytes. Serialization can typically be achieved by using serde.

Encryption produces a base64-encoded UTF-8 string. You can save this string in the database or send it via an insecure medium like email.

Decrypt data

To decrypt the data, you can call the decrypt function on the string produced by the encrypt function. The decryption algorithm will automatically convert the base64-encoded string to bytes and decrypt those bytes using the secret key, for example:

use rwf::crypto::decrypt;

let decrypted = decrypt(&encrypted).unwrap();
let json = serde_json::from_slice(&decrypted).unwrap();

assert_eq!(json["user"], "test");