Skip to content

ring#

An Example ECDH Key Exchange with HKDF and Authenticated Encryption in Rust

I recently created an example project which implements an ephemeral key exchange between a client and server over TCP. The program uses the Ring cryptography library to compute a shared secret using the X25519 algorithm. Two session keys are derived from the output of the key exchange using HKDF and then messages are encrypted and authenticated between the client and server using AES-GCM with a hash transcript to verify that both the client and the server are seeing exactly the same messages in the same order. In this post I walk through how I built the project and explain the reasoning and design considerations at each step.

Authenticated Encryption in Rust using Ring

Authenticated Encryption with Associated Data (AEAD) is a modern cryptography primitive that enables secure encryption and decryption of data using a symmetric key in a way that prevents it from being altered or tampered with. The Ring cryptography library implements the AES-GCM and ChaCha20-Poly1305 authenticated encryption algorithms which are two of the most commonly used schemes on the internet. In this post I show you how to use the ring::aead module to generate an encryption key, encrypt some data and then decrypt using the provided UnboundKey, SealingKey and OpeningKey types.

Ring by Example - Sample Code Cheatsheet

I have been writing about the Ring cryptography library for a while now and so in this post I am sharing a resource which I think will be a useful reference for developers implementing applications or protocols using the library.

This is basically a cheatsheet of example code showing how to use each of the cryptography primitives supported by Ring. I've tried to keep the examples as simple as possible in order to make the code samples easy to read through and as re-usable as possible. For a more detailed explanation on how to use each of the modules you can see my previous posts on each topic which are linked in the relevant sections below.

ECDH Key Agreement in Rust using Ring

In this post I show you how to implement an ECDH key exchange using the agreement module of the Rust cryptography library Ring. We will go through generating a public/private key pair, exchanging public keys with a peer and then using the agree_ephemeral function to securely compute a shared secret.

Introducing Fluent Hash - A Rust Hashing Library with a Fluent Interface

fluent-hash is a new open source Rust library which I recently published to crates.io (see here). I wanted to try creating and publishing a Rust library and so I thought I'd start with something simple and hopefully useful for other developers. It is a simple and lightweight hashing library which provides a fluent interface for creating and formatting hash values. It builds upon the foundations of the trusted cryptography library Ring (which is currently one of the most popular libraries in the Rust cryptography space), by providing a thin wrapper on top of Ring's digest module. See the Github link for the new project here.

In this post I will show you how to import the library into your Rust project and how to use the Hashing, Hash and HashContext types for creating hashes from various data types. I also show you how to format Hash values as bytes or hexadecimal using the provided convenience methods.

Deriving Cryptographic Keys with HKDF in Rust using Ring

Ring is a popular Rust cryptography library which has support for generating cryptographic keys from a single input key using HKDF, the HMAC-based Extract-and-Expand Key Derivation Function. As you will see in this post, the ring::hkdf module supports securely generating pseudorandom bytes using the Salt::extract and Prk::expand methods implemented in the library.