At-rest encryption, byte-compatible with MailKite's WebCrypto envelope and every other MailKite SDK, so a value encrypted in one language decrypts in another.
A hybrid scheme: a fresh AES-256-GCM content key encrypts the data and is then
wrapped with RSA-OAEP (SHA-256). The serialized envelope is a compact JSON string
with base64 fields {v, keyAlg:"RSA-OAEP-256", fp, enc:"A256GCM", iv, wrappedKey, ciphertext}, where fp is the lowercase hex SHA-256 of the SPKI DER. Local only.
Summary
Functions
Decrypt a MailKite at-rest envelope (JSON string) with an RSA private key
(PKCS#8 PEM), returning {:ok, plaintext} or {:error, reason}.
Encrypt a UTF-8 plaintext to an RSA public key (SPKI PEM), returning the
at-rest envelope serialized as a compact JSON string.
Functions
Decrypt a MailKite at-rest envelope (JSON string) with an RSA private key
(PKCS#8 PEM), returning {:ok, plaintext} or {:error, reason}.
Encrypt a UTF-8 plaintext to an RSA public key (SPKI PEM), returning the
at-rest envelope serialized as a compact JSON string.