styrene-identity 0.3.1

Deterministic key hierarchy for Styrene mesh nodes — one root secret derives SSH, git signing, age, WireGuard, and agent delegation keys via HKDF-SHA256
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

//! Deterministic key hierarchy for Styrene mesh nodes.
//!
//! One 32-byte root secret derives all protocol-specific keys — RNS,
//! Yggdrasil, WireGuard, SSH, age, git signing, and per-agent delegation
//! — via HKDF-SHA256 with domain separation.
//!
//! # Usage
//!
//! ```rust
//! use styrene_identity::derive::{KeyDeriver, KeyPurpose};
//!
//! let root_secret = [0x42u8; 32]; // in practice, from a signer
//! let deriver = KeyDeriver::new(&root_secret);
//!
//! // Flat-purpose keys (7 protocols)
//! let git_seed = deriver.derive(KeyPurpose::GitSigning);
//! let age_key  = deriver.derive(KeyPurpose::Age);
//!
//! // Parameterized keys (two-level HKDF, structurally collision-free)
//! let github_ssh = deriver.derive_ssh_user_key("github").unwrap();
//! let agent_key  = deriver.derive_agent_key("omegon-primary").unwrap();
//! ```
//!
//! # Signer tiers
//!
//! The [`IdentitySigner`] trait abstracts over four storage backends.
//! All tiers produce the same root secret — they are different access
//! paths to the same identity.
//!
//! | Tier | Backend | Feature |
//! |------|---------|---------|
//! | A | YubiKey FIDO2 hmac-secret | `yubikey` |
//! | B | Platform secure element | — (planned) |
//! | C | Credential manager (Bitwarden, Keychain) | — (planned) |
//! | D | Encrypted file (argon2id + ChaCha20Poly1305) | `file-signer` (default) |
//!
//! [`SignerChain`] tries signers in tier order (A→D), using the first available.
//!
//! # Feature flags
//!
//! | Feature | Default | Enables |
//! |---------|---------|---------|
//! | `file-signer` | **yes** | `FileSigner`, `IdentityVault` |
//! | `signing` | via file-signer | `pubkey` module (ed25519, x25519) |
//! | `yubikey` | no | `YubiKeySigner` (FIDO2 hmac-secret) |
//! | `ssh-agent` | no | `StyreneAgent` (SSH agent protocol) |
//!
//! # Derivation hierarchy
//!
//! ```text
//! root_secret (32 bytes)
//!   HKDF-Extract(salt="styrene-identity-v1", IKM=root_secret) = PRK
//!//!   ├─ Expand("styrene-rns-encryption-v1")  → RNS X25519
//!   ├─ Expand("styrene-rns-signing-v1")     → RNS Ed25519 (canonical identity)
//!   ├─ Expand("styrene-yggdrasil-v1")       → Yggdrasil Ed25519
//!   ├─ Expand("styrene-wireguard-v1")       → WireGuard Curve25519
//!   ├─ Expand("styrene-ssh-host-v1")        → SSH host Ed25519
//!   ├─ Expand("styrene-age-v1")             → age X25519
//!   ├─ Expand("styrene-git-signing-v1")     → git signing Ed25519
//!//!   ├─ SSH user keys (two-level, salt="styrene-identity-ssh-user-v1")
//!   │   └─ Expand(label) → per-host SSH Ed25519
//!//!   └─ Agent keys (two-level, salt="styrene-identity-agent-v1")
//!       └─ Expand(name) → per-agent signing Ed25519
//! ```
//!
//! # Linkability warning
//!
//! **All keys derived from one root are cryptographically linked.** This is
//! by design for attribution and recovery, but it means derived keys cannot
//! provide anonymity or unlinkability. If you need an identity that cannot be
//! traced to your primary identity, use [`ephemeral()`](signer::RootSecret::ephemeral) or a
//! separate identity file. See `docs/unlinkability.md` for the full model.
//!
//! ```rust
//! use styrene_identity::signer::RootSecret;
//!
//! // Anonymous: independent CSPRNG root, no link to any persistent identity
//! let anon = RootSecret::ephemeral();
//! ```
//!
//! # Security
//!
//! - All secret material is zeroized on drop ([`RootSecret`], [`KeyDeriver`], [`DerivedKeys`])
//! - Passphrases and PINs are provided via traits, never environment variables
//! - File creation uses `O_EXCL` (no TOCTOU race)
//! - argon2id params exceed OWASP minimums (m=64MiB, t=3, p=1)
//!
//! [`IdentitySigner`]: signer::IdentitySigner
//! [`SignerChain`]: signer::SignerChain
//! [`RootSecret`]: signer::RootSecret
//! [`KeyDeriver`]: derive::KeyDeriver
//! [`DerivedKeys`]: derive::DerivedKeys

pub mod derive;
pub mod discover;
#[cfg(feature = "file-signer")]
pub mod file_signer;
#[cfg(feature = "keychain")]
pub mod keychain_signer;
#[cfg(feature = "signing")]
pub mod export;
#[cfg(feature = "signing")]
pub mod format;
#[cfg(feature = "signing")]
pub mod identity;
#[cfg(feature = "signing")]
pub mod pubkey;
pub mod signer;
#[cfg(feature = "ssh-agent")]
pub mod ssh_agent;
#[cfg(feature = "file-signer")]
pub mod vault;
#[cfg(feature = "yubikey")]
pub mod yubikey_signer;

pub use derive::{
    derive_key, derive_keys, validate_label, DeriveError, DerivedKeys, KeyDeriver, KeyPurpose,
};
pub use discover::{discover, DiscoveredIdentity};
#[cfg(feature = "signing")]
pub use export::AllPublicKeys;
#[cfg(feature = "signing")]
pub use identity::{
    identity_hash, identity_pubkey, identity_sign, identity_verify, IdentityInfo, PublicIdentity,
    SignedAttestation, IDENTITY_HASH_BYTES,
};
pub use signer::{IdentitySigner, SignerChain, SignerError, SignerTier};