Reduce the default IKM duration to 10 years and document it

This commit is contained in:
Rodolphe Bréard 2024-03-02 14:55:57 +01:00
parent bdfaf8adff
commit 4e40314c67

View file

@ -23,8 +23,14 @@ pub use kdf::KeyContext;
#[cfg(any(feature = "encryption", feature = "ikm-management"))] #[cfg(any(feature = "encryption", feature = "ikm-management"))]
pub use scheme::Scheme; pub use scheme::Scheme;
/// Default amount of time during which the input key material will be considered valid once it has been generated.
/// This value is expressed in seconds.
///
/// Considering that a day is composed of 86400 seconds (60×60×24) and a year is 365.24219 days (approximate value of the [mean tropical year][tropical_year]), this value is equivalent to 10 years.
///
/// [tropical_year]: https://en.wikipedia.org/wiki/Tropical_year
#[cfg(feature = "ikm-management")] #[cfg(feature = "ikm-management")]
const DEFAULT_IKM_DURATION: u64 = 60 * 60 * 24 * 7305; // In seconds, set to 7305 days (aprox. 20 years) pub const DEFAULT_IKM_DURATION: u64 = 315_569_252;
#[cfg(feature = "ikm-management")] #[cfg(feature = "ikm-management")]
const DEFAULT_SCHEME: Scheme = Scheme::XChaCha20Poly1305WithBlake3; const DEFAULT_SCHEME: Scheme = Scheme::XChaCha20Poly1305WithBlake3;