alterion-encrypt handles full E2E encryption behind a single
middleware — X25519 ECDH key exchange, AES-256-GCM session
encryption, Argon2id password hashing, and a MessagePack +
Deflate request/response pipeline. handlers never touch raw
crypto, the decrypted body just lands in request extensions.
repo: GitHub - Alterion-Software/alterion-encrypt: A full end-to-end encryption pipeline for Actix-web — X25519 ECDH key exchange, AES-256-GCM session encryption, Argon2id password hashing, and a MessagePack + Deflate request/response pipeline, all behind a single middleware. · GitHub
crates.io: crates.io: Rust Package Registry
main things i'm unsure about:
- is the key rotation design (300s grace window) sensible?
- anything obviously wrong with the HKDF-SHA256 wrap_key derivation?
- open to any other critique
thanks