Crate lair_keystore_api
source ·Expand description
Secret lair private keystore API library.
This library crate contains most of the logic for dealing with lair.
- If you wish to run an in-process / in-memory keystore, or connect to an external lair keystore as a client, this is the library for you.
- If you want to run the canonical lair-keystore, see the lair_keystore crate.
- If you want to run a canonical lair-keystore in-process, using the canonical sqlcipher database, see the lair_keystore crate.
- See the lair_api module for information about the lair_keystore_api protocol.
- See LairClient for the client struct api.
§Establishing a client connection to a canonical ipc keystore binary:
use lair_keystore_api::prelude::*;
use lair_keystore_api::ipc_keystore::*;
// create a client connection
let client =
ipc_keystore_connect(connection_url, passphrase)
.await
.unwrap();
// create a new seed
let seed_info = client.new_seed(
"test-seed".into(),
None,
false,
).await.unwrap();
// sign some data
let sig = client.sign_by_pub_key(
seed_info.ed25519_pub_key.clone(),
None,
b"test-data".to_vec().into(),
).await.unwrap();
// verify the signature
assert!(seed_info.ed25519_pub_key.verify_detached(
sig,
b"test-data".to_vec(),
).await.unwrap());
Modules§
- Lair server configuration types. You only need this module if you are configuring a standalone or in-process lair keystore server.
- Re-exported dependencies.
- Helper types for dealing with serialization.
- An in-process keystore that manages the entire lair server life-cycle without needing to call out to an external process.
- Internal utility functions - note, the api for anything in this module is unstable and may change even for patch versions of this library.
- Client / server keystore items for dealing with ipc keystores, both unix domain sockets and windows named pipes.
- Lair api serialization types.
- Items for connecting and interacting with a lair keystore as a client.
- Items for acting as a lair keystore server.
- Items related to securely persisting keystore secrets (e.g. to disk).
- Lair in-memory store - This does not provide any peristance, and should generally only be used for testing.
- Re-export module of types generally used with lair.
- Libsodium secretstream Async reader / writer wrappers.
Structs§
- A lair keystore client handle. Use this to make requests of the keystore.
Constants§
- Lair Version
Functions§
- Connect to an IpcKeystoreServer instance via unix domain socket on linux/macOs or named pipe on windows. This constructor will first validate server authenticity, then unlock the connection with the supplied passphrase.
- Connect to an IpcKeystoreServer instance via unix domain socket on linux/macOs or named pipe on windows. This variant is identical to ipc_keystore_connect but allows additional less-used configuration options.
Type Aliases§
- Lair result type.