Expand description
Network-backed block store that connects to a doublecrypt-server over TLS.
Uses the 4-byte little-endian length-prefixed protobuf protocol defined in
proto/blockstore.proto. The connection is synchronous (matching the
BlockStore trait) but supports:
- Request pipelining —
read_blocksandwrite_blockssend a full batch of requests before reading any responses, eliminating per-block round-trip latency. - Automatic reconnection — a single retry on I/O failure with a fresh TLS handshake (re-authenticates automatically).
- Configurable timeouts — connect, read, and write deadlines.
- Key-derived authentication — after the TLS handshake, the client sends
an
Authenticaterequest containing a token derived from the master key via HKDF (seederive_auth_token). This proves possession of the encryption key without revealing it.
§Quick start
use std::path::Path;
use doublecrypt_core::network_store::NetworkBlockStore;
use doublecrypt_core::block_store::BlockStore;
let master_key = [0u8; 32];
let store = NetworkBlockStore::connect(
"127.0.0.1:9100",
"localhost",
Path::new("certs/ca.pem"),
&master_key,
).expect("connect to server");
let data = store.read_block(0).expect("read block 0");§Builder
use std::time::Duration;
use doublecrypt_core::network_store::{NetworkBlockStore, NetworkBlockStoreConfig};
use doublecrypt_core::block_store::BlockStore;
let master_key = [0u8; 32];
let store = NetworkBlockStore::from_config(
NetworkBlockStoreConfig::new("10.0.0.5:9100", "block-server")
.ca_cert("certs/ca.pem")
.auth_token(&master_key)
.connect_timeout(Duration::from_secs(5))
.io_timeout(Duration::from_secs(60)),
).expect("connect to server");Structs§
- Network
Block Store - A
BlockStorebacked by a remotedoublecrypt-serverreached over TLS with key-derived authentication. - Network
Block Store Config - Connection parameters for a
NetworkBlockStore.