Struct KeyStore 

pub struct KeyStore { /* private fields */ }

Key store for managing Ed25519 keypairs

Uses the OS keyring for secure storage when available, with automatic fallback to encrypted file-based storage in ~/.aion/keys/.

Implementations

impl KeyStore

pub fn new() -> Self

Create a new key store

Automatically detects whether OS keyring is available and falls back to file-based storage if not.

pub fn file_based() -> Self

Create a key store that always uses file-based storage

Useful for testing or environments where keyring access is restricted.

pub const fn with_storage_dir(storage_dir: PathBuf) -> Self

Create a key store with a custom storage directory

Useful for testing with isolated storage.

pub fn generate_keypair( &self, author_id: AuthorId, ) -> Result<(SigningKey, VerifyingKey)>

Generate a new keypair and store it in the OS keyring

Errors

Returns error if keyring access fails

pub fn store_signing_key( &self, author_id: AuthorId, key: &SigningKey, ) -> Result<()>

Store a signing key

Uses OS keyring when available, otherwise falls back to encrypted file storage.

Errors

Returns error if storage fails

pub fn load_signing_key(&self, author_id: AuthorId) -> Result<SigningKey>

Load a signing key

Uses OS keyring when available, otherwise loads from encrypted file storage.

Errors

Returns error if key not found or access fails

pub fn delete_signing_key(&self, author_id: AuthorId) -> Result<()>

Delete a signing key

Errors

Returns error if key not found or access fails

pub fn has_signing_key(&self, author_id: AuthorId) -> bool

Check if a signing key exists

pub fn list_keys(&self) -> Result<Vec<AuthorId>>

List all stored key IDs (file-based storage only)

Returns author IDs for all keys stored in the keys directory. For keyring-based storage, returns an empty list.

pub fn export_encrypted( &self, author_id: AuthorId, password: &str, ) -> Result<Vec<u8>>

Export a signing key with password encryption

Returns encrypted bytes that can be written to a file for backup. Format: MAGIC (4) + VERSION (1) + SALT (16) + NONCE (12) + CIPHERTEXT (32+16)

Uses Argon2id for password-based key derivation (memory-hard, resistant to GPU/ASIC attacks) and ChaCha20-Poly1305 for authenticated encryption.

Errors

Returns error if key not found or encryption fails

pub fn import_encrypted( &self, author_id: AuthorId, password: &str, encrypted_data: &[u8], ) -> Result<SigningKey>

Import a signing key from password-encrypted bytes

Decrypts a key file created by export_encrypted and stores the key in the OS keyring.

Errors

Returns error if:

• File format is invalid (wrong magic, unsupported version)
• Decryption fails (wrong password, corrupted data)
• Key storage fails

Trait Implementations

impl Debug for KeyStore

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for KeyStore

fn default() -> Self

Returns the “default value” for a type.