Expand description
Newtypes used for sensitive data This module contains newtype wrappers for sensitive values. There are several reasons for this:
- We can make sure the information (such as passwords and pins) is not logged or sent to the backend by mistake.
- We control the creation and deletion of the objects such that we can ensure passwords and
pins are non-empty, and also clear / [
zeroize] the values once they are Dropped. - We have control over the encrypt - decrypt lifetime of the password, making sure each value can only be used where it is explicitly intended to be used, and the encryption is only implemented and tested in one place.
In general the implementation follows this pattern:
- A
structthat (privately) wraps the underlying value is defined. - We derive [
zeroize::Zeroize] and [zeroize::ZeroizeOnDrop] to make sure the value is overwritten with their zero value onceDroped. - We implement
core::fmt::Debugthat does not print the value itself but rather a placeholder value. This ensures the value cannot be printed or logged. - We define (fallible) constructor functions that make sure the inner value is valid or return
an Error. Additionally
unsafeconstructors can be used for circumventing the validations (eg. for use in tests). - We define functions to get the inner value in safe ways (eg. as a [
secrecy::Secret], or functions to convert (eg. for the encrypt / decrypt methods) to other newtypes.
Structsยง
- Access
Token - Simple wrapper around a non-empty access token that cannot be printed or logged, and is automatically zeroized when dropped.
- Encrypted
Password - An encrypted password.
- Encryption
Pin - A non-empty pin used to encrypt the password.
- Encryption
Salt - A salt used in the encryption process. Should be unique for each encryption but is not a secret.
- Plain
Password - A password that is not encrypted and stored as plain text.