DMSCSecurityManager

dmsc::auth

Struct DMSCSecurityManager 

Source 
pub struct DMSCSecurityManager;
Expand description

Security utilities manager for DMSC.

This struct provides static methods for encryption, decryption, HMAC signing, and key management operations. It is designed as a singleton utility class with no instance state.

§Thread Safety

All methods are stateless and can be safely called concurrently from multiple threads.

§Usage

use dmsc::auth::security::DMSCSecurityManager;

// Encrypt sensitive data
let encrypted = DMSCSecurityManager::encrypt("secret data");

// Decrypt data
let decrypted = DMSCSecurityManager::decrypt(&encrypted);

// Sign data with HMAC
let signature = DMSCSecurityManager::hmac_sign("data to sign");

// Verify HMAC signature
let is_valid = DMSCSecurityManager::hmac_verify("data to verify", &signature);

Implementations§

Source§

impl DMSCSecurityManager

Source

pub fn encrypt(plaintext: &str) -> String

Encrypts plaintext data using AES-256-GCM.

This method encrypts the input string using AES-256-GCM (Galois/Counter Mode), which provides both confidentiality and authenticity. A random nonce is generated for each encryption operation, so the same plaintext produces different ciphertext each time it is encrypted.

§Output Format

The output is Base64-encoded and contains:

  • 12-byte nonce (randomly generated)
  • Encrypted data with authentication tag
§Parameters
  • plaintext: The text string to encrypt
§Returns

Base64-encoded encrypted data

§Examples
use dmsc::auth::security::DMSCSecurityManager;

let encrypted = DMSCSecurityManager::encrypt("sensitive data");
println!("Encrypted: {}", encrypted);
Source

pub fn decrypt(encrypted: &str) -> Option<String>

Decrypts encrypted data using AES-256-GCM.

This method decrypts data that was encrypted using the encrypt method. It verifies the authentication tag and returns the original plaintext.

§Failure Conditions

Returns None if:

  • The input is not valid Base64
  • The input is shorter than the nonce length
  • The authentication tag verification fails (wrong key or tampered data)
§Parameters
  • encrypted: Base64-encoded encrypted data
§Returns

Some(String) containing the decrypted plaintext, or None if decryption fails

§Examples
use dmsc::auth::security::DMSCSecurityManager;

let encrypted = DMSCSecurityManager::encrypt("secret");
let decrypted = DMSCSecurityManager::decrypt(&encrypted);

match decrypted {
    Some(text) => println!("Decrypted: {}", text),
    None => println!("Decryption failed!"),
}
Source

pub fn hmac_sign(data: &str) -> String

Signs data using HMAC-SHA256.

This method creates an HMAC signature using the configured HMAC key and SHA-256 hash algorithm. The signature is returned as a hex-encoded string.

§Security

HMAC provides message integrity and authenticity verification. Only parties with access to the HMAC key can create or verify signatures.

§Parameters
  • data: The data string to sign
§Returns

Hex-encoded HMAC signature

§Examples
use dmsc::auth::security::DMSCSecurityManager;

let data = "important message";
let signature = DMSCSecurityManager::hmac_sign(data);
println!("Signature: {}", signature);
Source

pub fn hmac_verify(data: &str, signature: &str) -> bool

Verifies an HMAC-SHA256 signature.

This method verifies that the provided signature matches the data using constant-time comparison to prevent timing attacks.

§Signature Format

The signature must be a valid hex-encoded string as produced by hmac_sign.

§Parameters
  • data: The original data that was signed
  • signature: The hex-encoded signature to verify
§Returns

true if the signature is valid, false otherwise

§Examples
use dmsc::auth::security::DMSCSecurityManager;

let data = "important message";
let signature = DMSCSecurityManager::hmac_sign(data);

if DMSCSecurityManager::hmac_verify(data, &signature) {
    println!("Signature is valid!");
} else {
    println!("Signature is invalid!");
}
Source

pub fn generate_encryption_key() -> String

Generates a new encryption key.

This method generates a cryptographically secure random 32-byte (256-bit) key suitable for AES-256 encryption. The key is returned as a hex-encoded string.

§Usage

This method can be used to generate keys for initial configuration or key rotation. Store the generated key securely and set it via the DMSC_ENCRYPTION_KEY environment variable.

§Returns

Hex-encoded 32-byte encryption key

§Examples
use dmsc::auth::security::DMSCSecurityManager;

let key = DMSCSecurityManager::generate_encryption_key();
println!("New encryption key: {}", key);
Source

pub fn generate_hmac_key() -> String

Generates a new HMAC key.

This method generates a cryptographically secure random 32-byte (256-bit) key suitable for HMAC-SHA256 signing. The key is returned as a hex-encoded string.

§Usage

This method can be used to generate keys for initial configuration or key rotation. Store the generated key securely and set it via theDMSC_HMAC_KEY` environment variable.

§Returns

Hex-encoded 32-byte HMAC key

§Examples
use dmsc::auth::security::DMSCSecurityManager;

let key = DMSCSecurityManager::generate_hmac_key();
println!("New HMAC key: {}", key);

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

impl<T> Ungil for T
where T: Send,