feat: age password encryption (instead of AES256)

2026-05-25 13:01:49 +00:00 · 2022-10-27 22:12:37 +02:00 · 2022-10-27 22:12:37 +02:00 · 6646e825c1
commit 6646e825c1
parent 162eed786d
1 changed files with 37 additions and 0 deletions
--- a/core/src/crypto.rs
+++ b/core/src/crypto.rs
@ -1,3 +1,4 @@
+use std::io::{Write, Read};
 use argon2::{
    Argon2, PasswordHasher as ArgonPasswordHasher, PasswordVerifier as ArgonPasswordVerifier,
 };
@ -39,6 +40,42 @@ pub fn hash_password(password_plaint_text: &str) -> Result<String, argon2::passw
    return Ok(hash.to_string());
 }

+// TODO: Async? Zatím pod spawn_blocking
+pub fn encrypt_password(password_plaint_text: &str, key: &str) -> Result<String, age::EncryptError> {
+    let encryptor = age::Encryptor::with_user_passphrase(age::secrecy::Secret::new(key.to_owned()));
+
+    let mut encrypt_buffer = Vec::new();
+    let mut encrypt_writer = encryptor.wrap_output(&mut encrypt_buffer)?;
+
+    encrypt_writer.write_all(password_plaint_text.as_bytes())?;
+
+    encrypt_writer.finish()?;
+    
+
+    Ok(base64::encode(encrypt_buffer))
+}
+
+pub fn decrypt_password(
+    password_encrypted: &str,
+    key: &str,
+) -> Result<String, Box<dyn std::error::Error>> {
+    let encrypted = base64::decode(password_encrypted)?;
+
+    let decryptor = match age::Decryptor::new(&encrypted[..])? {
+        age::Decryptor::Passphrase(d) => d,
+        _ => unreachable!(),
+    };
+
+    let mut decrypt_buffer = Vec::new();
+    let mut decrypt_writer = decryptor.decrypt(&age::secrecy::Secret::new(key.to_owned()), None)?;
+
+    decrypt_writer.read_to_end(&mut decrypt_buffer)?;
+
+    Ok(String::from_utf8(decrypt_buffer)?)
+}
+
+
+
 pub fn verify_password(
    password_plaint_text: &str,
    hash: &str,