Fact.Seam.FileReader.Encrypted.V1 (Fact v0.4.0)

View Source

Encrypted V1 implementation of Fact.Seam.FileReader.

Reads a file written by Fact.Seam.FileWriter.Encrypted.V1, parsing the header to extract the nonce and authentication tag, then decrypting the ciphertext.

The expected file format is:

<<nonce::12-bytes, auth_tag::16-bytes, ciphertext::binary>>

The Data Encryption Key (DEK) is retrieved from Fact.KeyRing at read time.

Options

  • :cipher - The cipher algorithm. Currently only :aes_gcm is supported. Defaults to :aes_gcm.

Summary

Functions

decrypt_binary(dek, binary)

Decrypts a binary that was written by Fact.Seam.FileWriter.Encrypted.V1.

validate_options(options, specs)

Functions

decrypt_binary(dek, binary)

(since 0.4.0) 
@spec decrypt_binary(dek :: binary(), encrypted :: binary()) ::
  {:ok, binary()} | {:error, term()}

Decrypts a binary that was written by Fact.Seam.FileWriter.Encrypted.V1.

This is used by the bootstrapper to decrypt the genesis record before the Fact.KeyRing process is started.

validate_options(options, specs)

(since 0.4.0)