Module key_backup

chie_crypto

Module key_backup 

Source
Expand description

Key backup and recovery mechanisms for secure key management.

This module provides secure backup and recovery of cryptographic keys using Shamir’s Secret Sharing for threshold-based recovery and encrypted backup files.

§Features

  • Shamir Secret Sharing Backup: Split keys into N shares requiring M to recover
  • Encrypted Backup: Password-based encryption for backup files
  • Multiple Key Types: Support for signing keys, encryption keys, and generic secrets
  • Versioning: Track backup versions for key rotation
  • Metadata: Include timestamps, labels, and key types in backups

§Example

use chie_crypto::key_backup::*;
use chie_crypto::signing::KeyPair;

// Create a signing key
let keypair = KeyPair::generate();

// Create a backup with 3-of-5 threshold
let backup_config = BackupConfig::new(3, 5)
    .with_label("my-signing-key")
    .with_description("Main signing key for node");

let shares = backup_key_shamir(&keypair, &backup_config).unwrap();

// Distribute shares to different locations/devices
// Later, recover with any 3 shares
let recovered_keypair = recover_key_shamir(&shares[0..3]).unwrap();

// Verify recovery
assert_eq!(keypair.public_key(), recovered_keypair.public_key());

Structs§

BackupConfig
Configuration for key backup
BackupShare
A single backup share with metadata
EncryptedBackup
Encrypted backup file containing a key

Enums§

BackupError
Errors that can occur during backup and recovery
KeyType
Type of key being backed up

Functions§

backup_key_encrypted
Create an encrypted backup of a key using password-based encryption
backup_key_shamir
Backup a key using Shamir’s Secret Sharing
backup_secret_encrypted
Create an encrypted backup of a generic secret
backup_secret_shamir
Backup a generic secret using Shamir’s Secret Sharing
recover_key_encrypted
Recover a key from an encrypted backup
recover_key_shamir
Recover a key from Shamir shares
recover_secret_encrypted
Recover a generic secret from an encrypted backup
recover_secret_shamir
Recover a generic secret from Shamir shares

Type Aliases§

BackupResult