Implement at-rest encryption: AES-256-GCM VFS layer

Browse Source

- Added encrypted_fs.rs module for transparent file encryption
- EncryptedVfs wraps any VfsBackend with AES-256-GCM encryption
- Per-file key derivation from master key + file path (SHA-256)
- File format: MBE1 magic + version + nonce + original_size + ciphertext + tag
- EncryptedFile transparently decrypts on read, encrypts on flush
- 5 unit tests: roundtrip, different keys, key derivation, header format, password config

Tests: 457 markbase-core (+5 new), 201 smb-server (658 total)

...

This commit is contained in:

Warren

2026-06-24 00:57:53 +08:00

parent 57fd6a475f

commit 7c4476e19c

3 changed files with 345 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

BIN

data/auth.sqlite

Binary file not shown.