Struct RiSecurityManager 

pub struct RiSecurityManager;

Security utilities manager for Ri.

This struct provides static methods for encryption, decryption, HMAC signing, and key management operations. It is designed as a singleton utility class with no instance state.

Thread Safety

All methods are stateless and can be safely called concurrently from multiple threads.

Usage

use ri::auth::security::RiSecurityManager;

// Encrypt sensitive data
let encrypted = RiSecurityManager::encrypt("secret data");

// Decrypt data
let decrypted = RiSecurityManager::decrypt(&encrypted);

// Sign data with HMAC
let signature = RiSecurityManager::hmac_sign("data to sign");

// Verify HMAC signature
let is_valid = RiSecurityManager::hmac_verify("data to verify", &signature);

Implementations

impl RiSecurityManager

pub fn encrypt(plaintext: &str) -> String

Encrypts plaintext data using AES-256-GCM.

This method encrypts the input string using AES-256-GCM (Galois/Counter Mode), which provides both confidentiality and authenticity. A random nonce is generated for each encryption operation, so the same plaintext produces different ciphertext each time it is encrypted.

Output Format

The output is Base64-encoded and contains:

• 12-byte nonce (randomly generated)
• Encrypted data with authentication tag

Parameters

• plaintext: The text string to encrypt

Returns

Base64-encoded encrypted data

Examples

use ri::auth::security::RiSecurityManager;

let encrypted = RiSecurityManager::encrypt("sensitive data");
println!("Encrypted: {}", encrypted);

pub fn decrypt(encrypted: &str) -> Option<String>

Decrypts encrypted data using AES-256-GCM.

This method decrypts data that was encrypted using the encrypt method. It verifies the authentication tag and returns the original plaintext.

Failure Conditions

Returns None if:

• The input is not valid Base64
• The input is shorter than the nonce length
• The authentication tag verification fails (wrong key or tampered data)

Parameters

• encrypted: Base64-encoded encrypted data

Returns

Some(String) containing the decrypted plaintext, or None if decryption fails

Examples

use ri::auth::security::RiSecurityManager;

let encrypted = RiSecurityManager::encrypt("secret");
let decrypted = RiSecurityManager::decrypt(&encrypted);

match decrypted {
    Some(text) => println!("Decrypted: {}", text),
    None => println!("Decryption failed!"),
}

pub fn hmac_sign(data: &str) -> String

Signs data using HMAC-SHA256.

This method creates an HMAC signature using the configured HMAC key and SHA-256 hash algorithm. The signature is returned as a hex-encoded string.

Security

HMAC provides message integrity and authenticity verification. Only parties with access to the HMAC key can create or verify signatures.

Parameters

• data: The data string to sign

Returns

Hex-encoded HMAC signature

Examples

use ri::auth::security::RiSecurityManager;

let data = "important message";
let signature = RiSecurityManager::hmac_sign(data);
println!("Signature: {}", signature);

pub fn hmac_verify(data: &str, signature: &str) -> bool

Verifies an HMAC-SHA256 signature.

This method verifies that the provided signature matches the data using constant-time comparison to prevent timing attacks.

Signature Format

The signature must be a valid hex-encoded string as produced by hmac_sign.

Parameters

• data: The original data that was signed
• signature: The hex-encoded signature to verify

Returns

true if the signature is valid, false otherwise

Examples

use ri::auth::security::RiSecurityManager;

let data = "important message";
let signature = RiSecurityManager::hmac_sign(data);

if RiSecurityManager::hmac_verify(data, &signature) {
    println!("Signature is valid!");
} else {
    println!("Signature is invalid!");
}

pub fn generate_encryption_key() -> String

Generates a new encryption key.

This method generates a cryptographically secure random 32-byte (256-bit) key suitable for AES-256 encryption. The key is returned as a hex-encoded string.

Usage

This method can be used to generate keys for initial configuration or key rotation. Store the generated key securely and set it via the Ri_ENCRYPTION_KEY environment variable.

Returns

Hex-encoded 32-byte encryption key

Examples

use ri::auth::security::RiSecurityManager;

let key = RiSecurityManager::generate_encryption_key();
println!("New encryption key: {}", key);

pub fn generate_hmac_key() -> String

Generates a new HMAC key.

This method generates a cryptographically secure random 32-byte (256-bit) key suitable for HMAC-SHA256 signing. The key is returned as a hex-encoded string.

Usage

This method can be used to generate keys for initial configuration or key rotation. Store the generated key securely and set it via theRi_HMAC_KEY` environment variable.

Returns

Hex-encoded 32-byte HMAC key

Examples

use ri::auth::security::RiSecurityManager;

let key = RiSecurityManager::generate_hmac_key();
println!("New HMAC key: {}", key);

Trait Implementations

impl<'py> IntoPyObject<'py> for RiSecurityManager

type Target = RiSecurityManager

The Python output type

type Output = Bound<'py, <RiSecurityManager as IntoPyObject<'py>>::Target>

The smart pointer type to use.

type Error = PyErr

The type returned in the event of a conversion error.

fn into_pyobject( self, py: Python<'py>, ) -> Result<<Self as IntoPyObject<'_>>::Output, <Self as IntoPyObject<'_>>::Error>

Performs the conversion.

impl PyClass for RiSecurityManager

type Frozen = False

Whether the pyclass is frozen.

impl PyClassImpl for RiSecurityManager

const IS_BASETYPE: bool = false

#[pyclass(subclass)]

const IS_SUBCLASS: bool = false

#[pyclass(extends=…)]

const IS_MAPPING: bool = false

#[pyclass(mapping)]

const IS_SEQUENCE: bool = false

#[pyclass(sequence)]

const IS_IMMUTABLE_TYPE: bool = false

#[pyclass(immutable_type)]

const RAW_DOC: &'static CStr = /// ```

Docstring for the class provided on the struct or enum.

const DOC: &'static CStr

Fully rendered class doc, including the text_signature if a constructor is defined.

type BaseType = PyAny

Base class

type ThreadChecker = SendablePyClass<RiSecurityManager>

This handles following two situations:

type PyClassMutability = <<PyAny as PyClassBaseType>::PyClassMutability as PyClassMutability>::MutableChild

Immutable or mutable

type Dict = PyClassDummySlot

Specify this class has #[pyclass(dict)] or not.

type WeakRef = PyClassDummySlot

Specify this class has #[pyclass(weakref)] or not.

type BaseNativeType = PyAny

The closest native ancestor. This is PyAny by default, and when you declare #[pyclass(extends=PyDict)], it’s PyDict.

fn items_iter() -> PyClassItemsIter

fn lazy_type_object() -> &'static LazyTypeObject<Self>

fn dict_offset() -> Option<isize>

fn weaklist_offset() -> Option<isize>

impl PyClassNewTextSignature for RiSecurityManager

const TEXT_SIGNATURE: &'static str = "()"

impl PyMethods<RiSecurityManager> for PyClassImplCollector<RiSecurityManager>

fn py_methods(self) -> &'static PyClassItems

impl PyTypeInfo for RiSecurityManager

const NAME: &'static str = "RiSecurityManager"

Class name.

const MODULE: Option<&'static str> = ::core::option::Option::None

Module name, if any.

fn type_object_raw(py: Python<'_>) -> *mut PyTypeObject

Returns the PyTypeObject instance for this type.

fn type_object(py: Python<'_>) -> Bound<'_, PyType>

Returns the safe abstraction over the type object.

fn is_type_of(object: &Bound<'_, PyAny>) -> bool

Checks if object is an instance of this type or a subclass of this type.

fn is_exact_type_of(object: &Bound<'_, PyAny>) -> bool

Checks if object is an instance of this type.

impl DerefToPyAny for RiSecurityManager

impl ExtractPyClassWithClone for RiSecurityManager