Expand description
Secret hashing, key providers, domain separation, and key versioning (RFC-004).
Every persisted secret (code, session, form token) is stored only as a
keyed HMAC LookupKey, never in plaintext (INV-1). Lookup keys are
domain-separated so the same plaintext used in two roles derives two
different keys, and every derivation is tagged with the KeyVersion of
the key that produced it so keys can be rotated without an all-or-nothing
migration (RFC-004 §12.2).
§Derivation scheme (prefixing — RFC-004 §9.1 recommendation)
message = "codlet/v1/lookup" || 0x00 || domain_label || 0x00 || secret_bytes
LookupKey = lowercase_hex( HMAC-SHA256(key_bytes, message) )The fixed context string and 0x00 separators make the label and secret
unambiguous, so distinct domains cannot collide. This is intentionally
not the zinnias-ciao derivation (HMAC(pepper, value) with no domain
or prefix); the migration adapter (RFC-014) supplies a legacy mode for
existing rows.
Structs§
- Hmac
KeyRef - A borrowed HMAC key plus the version that identifies it.
- KeyVersion
- Identifier of the key version that produced a
LookupKey. Stored beside every lookup key (RFC-004 §12.2). Not secret. - Lookup
Key - A keyed lookup value: the lowercase-hex HMAC of a domain-separated message.
- Secret
Hasher - Derives
LookupKeys from secrets using aKeyProvider. - Static
KeyProvider - A key provider holding an active key and zero or more previous keys, in memory. Suitable for production when constructed from real secret material loaded at startup, and for tests/examples.
Enums§
- Secret
Domain - The role a secret plays. Part of the HMAC message, so it cross-namespaces lookup keys (RFC-004 §12.1).
Traits§
- KeyProvider
- Supplies HMAC key material. Synchronous, so key lookup does not couple to a web/runtime async model (RFC-004 §3.3). No fallback key exists: missing material is an error (INV-2, SR-29).