Compile-time string encryption for Rust.
Regera turns string literals into encrypted blobs at build time and wires in tiny decrypt shims at runtime. Single-value macros return a zeroizing SecretStr; multi-value macros return owned Strings for ergonomic destructuring.
- Compile-time encrypted literals via proc macros (
jesko!,absolut!,sadair!,gamera!). - Multiple engines, tuned for different trade-offs:
jesko– ChaCha20 + BLAKE3 MAC + obfuscationabsolut– ASCON128 + KMAC256 + obfuscationsadair– AES-256-GCM + BLAKE3 MAC + obfuscationgamera– non-cryptographic XOR obfuscator (for low-risk data)
- Zeroizing secrets: single macros return
SecretStr, which wipes memory on drop. - Multi-string macros (
*ex!) for bundling several literals behind one engine call.
-
regera
Umbrella crate. Re-exports macros and core types for normal use. -
regera_macros
Proc-macro crate. Encrypts literals at compile time and emits decrypt shims. -
regera_core
Runtime core. Engines,Encryptortrait,SecretStr, and shared plumbing.
Using the umbrella crate:
[dependencies]
regera = "0.1.0"Or, if you want the pieces separately:
[dependencies]
regera_core = "0.1.0"
regera_macros = "0.1.0"Workspace / local development:
[dependencies]
regera = { path = "./regera" }
regera_core = { path = "./regera_core" }
regera_macros = { path = "./regera_macros" }use regera::{jesko, jeskoex};
fn main() {
// Single literal -> SecretStr (zeroizing wrapper)
let secret = jesko!("MySecretData");
// Multiple literals -> [String; 2]
let [k1, k2]: [String; 2] = jeskoex!("KeyOne", "KeyTwo");
println!("secret: {}", secret); // Display impl on SecretStr
println!("k1: {}", k1);
println!("k2: {}", k2);
}Security note:
jesko!/absolut!/sadair!returnSecretStrby default. The*ex!variants return[String; N]and intentionally do not zeroize; use them only for non-sensitive data or test fixtures.
| Macro | Engine | Notes |
|---|---|---|
jesko!() |
ChaCha20 + BLAKE3 MAC + keyed XOR obfuscation | Hardened, “stealth”-biased |
absolut!() |
ASCON-AEAD128 + KMAC256 + BLAKE3 MAC + obfuscation | Hardened, no_std-friendly |
sadair!() |
AES-256-GCM + BLAKE3 MAC + obfuscation | Hardened, AES-GCM profile |
gamera!() |
Deterministic XOR-based obfuscator | Non-crypto, fast, for low-risk literals |
Multi-string variants (jeskoex!, absolutex!, sadairex!, gameraex!) return [String; N].
If you need to drive engines yourself (e.g. for dynamic data), call them via regera_core:
use regera_core::{engines::sadair::Sadair, Encryptor};
let seed: u64 = 0xDEAD_BEEF_F00D_1234;
let (ct, tag32, frag, mask) = Sadair::encrypt(b"payload", seed);
let plaintext = Sadair::decrypt(&ct, &tag32, frag, mask, seed);
assert_eq!(&*plaintext, "payload"); // SecretStr -> &str via DerefSee the regera_core docs for full engine list and trait details.
A small diagnostic binary exercises each engine and prints human-readable output.
From the workspace root:
cargo run -p regera_specExample output:
============================================================
REGERA ENGINE DIAGNOSTIC
------------------------------------------------------------
[ JESKO ENGINE ]
Primary macro : jesko!(...)
Sample output : ...
[ ABSOLUT ENGINE ]
Primary macro : absolut!(...)
Sample output : ...
...
============================================================
DIAGNOSTIC RESULT : OK
============================================================
Run everything:
cargo test --workspaceFor just the spec/diagnostic crate:
cargo test -p regera_specRegera is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0). See LICENSE for the full text.
SPDX-License-Identifier: AGPL-3.0-or-later
Copyright © 2025 TITAN Softwork Solutions
Pull requests are welcome:
- Fork the repo.
- Branch with a clear name (
feature/add-foo,fix/sadair-mac-path, …). - Run
cargo fmtandcargo clippy --allbefore opening the PR. - Include tests or diagnostics that cover your changes.