hardware-enclave 0.1.5

Hardware-backed key management — macOS Secure Enclave, Windows TPM 2.0, Linux TPM/keyring — plus in-process memory protection
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

// Copyright 2026 Jay Gowdy
// SPDX-License-Identifier: MIT

// The p256/elliptic-curve ecosystem uses deprecated generic-array APIs
// during the 0.14 -> 1.0 transition. Allow until upstream resolves this.
#![allow(
    dead_code,
    unused_imports,
    unused_qualifications,
    unreachable_patterns,
    deprecated
)]

//! Software-only key backend for Linux systems without hardware security.
//!
//! Keys are standard P-256 key pairs stored as files on disk with restrictive
//! permissions. This provides the same API as the hardware backends but without
//! hardware protection -- private keys exist in memory and on disk.
//!
//! Use this as a fallback when:
//! - Running on Linux without WSL (WSL should use the TPM bridge instead)
//! - Hardware security is not available or not required

mod key_storage;
pub mod meta_migration_marker;
pub mod meta_tag;

#[cfg(feature = "signing")]
mod sign;

#[cfg(feature = "encryption")]
mod encrypt;

#[cfg(feature = "signing")]
pub use sign::SoftwareSigner;

#[cfg(feature = "encryption")]
pub use encrypt::SoftwareEncryptor;

pub use key_storage::{has_keyring_feature, is_available, meta_hmac_key, meta_hmac_key_existing};