Struct bdrck::crypto::keystore::KeyStore

source · 
pub struct KeyStore { /* private fields */ }
Expand description

A KeyStore is a structure which contains a single “master key”, wrapped with one or more other keys. This is useful in cases where we want to encrypt data with a single key, while allowing users to add or remove keys at will, without having to a) re-encrypt the data when the keys change, or b) store multiple copies of the plaintext encrypted with the various different keys.

For example, users may want to be able to access a resource with either a password or a hardware authentication key, and the data they want to encrypt is relatively large (so re-encryption is expensive).

A KeyStore essentially contains a set of one or more wrapped keys, which it automatically loads from / persists to disk.

Implementations§

source§

impl KeyStore

source

pub fn new() -> Result<Self>

Construct a new KeyStore. A new master key is generated from scratch.

Note that, before this KeyStore can be meaningfully persisted, you need to wrap the master key with at least one key, via add_key.

source

pub fn load_slice(data: &[u8]) -> Result<Self>

Load a previously-serialized (with to_vec) KeyStore from a byte slice.

source

pub fn load_read<R: Read>(rd: R) -> Result<Self>

Load a previously-serialized (with to_vec) KeyStore from a reader.

source

pub fn get_id(&self) -> String

Return a string which “uniquely” identifies this KeyStore.

(This is quote “unique” because KeyStores with identical master keys may return the same string here.) This string is mainly useful for debugging / logging purposes.

source

pub fn is_open(&self) -> bool

Return whether or not this KeyStore is open.

source

pub fn is_persistable(&self) -> bool

Return whether or not this KeyStore is meaningfully “persistable”. In other words, this returns whether or not this KeyStore has at least one wrapping key.

Because the master key is not persisted in plain text, if a KeyStore has no wrapping keys (yet), it is not useful to persist it, as it can never be opened again.

source

pub fn open<K: AbstractKey>(&mut self, key: &K) -> Result<()>

Open this KeyStore (attempt to unwrap the master key) using the given wrapping key. If this fails, the structure will still be in a valid state, so you could e.g. try again with a different wrapping key.

source

pub fn to_vec(&self) -> Result<Vec<u8>>

Serialize this KeyStore, so it can be persisted and then reloaded later.

source

pub fn get_master_key(&self) -> Result<&Key>

Return the unwrapped master key from this KeyStore. If this KeyStore has no master key (it was neither newly generated nor unwrapped), this will return an error instead.

source

pub fn add_key<K: AbstractKey>(&mut self, key: &K) -> Result<bool>

Add the given wrapping key to this KeyStore. When the KeyStore is opened in the future, this key can be used. Returns true if the key was successfully added, or false if it was already present in the KeyStore.

If this KeyStore has no master key (it was neither newly generated nor unwrapped), this will return an error instead.

source

pub fn remove_key<K: AbstractKey>(&mut self, key: &K) -> Result<bool>

Remove the given key from this KeyStore, so it can no longer be used to open the KeyStore. Returns true if the key was removed, or false if the given key wasn’t found in this KeyStore. It is an error to remove the last wrapping key from a KeyStore (doing so would leave it unopenable in the future).

Note that it is possible to do this even if the KeyStore has no unwrapped master key (e.g., even if it has not been opened).

source

pub fn iter_wrapped_keys(&self) -> impl Iterator<Item = &WrappedKey>

Return an immutable iterator over this KeyStore’s wrapped keys. This may be useful to figure out which key to try to open with, for example, by checking the keys’ signatures.

This works even if the KeyStore has no unwrapped master key (e.g., even if it has not been opened).

Trait Implementations§

source§

impl<'de> Deserialize<'de> for KeyStore

source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
source§

impl Serialize for KeyStore

source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> Instrument for T

source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

§

fn vzip(self) -> V

source§

impl<T> WithSubscriber for T

source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

impl<T> DeserializeOwned for Twhere T: for<'de> Deserialize<'de>,