Implements part of #1 (configurable security tiers)
Changes to crypto.py
-
Add SecurityTier enum with values: standard, enhanced, max
-
Add iteration counts per tier (0, 100k, 600k)
-
Modify ZeroEnvCrypto.init to accept tier and salt parameters
-
Add _derive_key() method using cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC
-
Add generate_salt() static method (128-bit random salt)
-
Add salt_to_string() and string_to_salt() conversion methods
Add Testing
- Standard tier uses key directly (no derivation)
- Enhanced/paranoid tiers derive key with correct iteration count
- Salt is required for non-standard tiers
- Derived keys produce valid encryption/decryption
Implements part of #1 (configurable security tiers)
Changes to crypto.py
Add SecurityTier enum with values: standard, enhanced, max
Add iteration counts per tier (0, 100k, 600k)
Modify ZeroEnvCrypto.init to accept tier and salt parameters
Add _derive_key() method using cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC
Add generate_salt() static method (128-bit random salt)
Add salt_to_string() and string_to_salt() conversion methods
Add Testing