pub trait RecoveryStrategy: Send + Sync {
// Required methods
fn backup(
&self,
key: &WrappedKey,
secret: Option<&[u8]>,
) -> Result<BackupBundle>;
fn restore(
&self,
bundle: &BackupBundle,
secret: &[u8],
) -> Result<WrappedKey>;
fn recovery_type(&self) -> RecoveryType;
}Expand description
Strategy for backing up and restoring a WrappedKey.
Recovery is independent of the TEE backend — any strategy can be used with any backend (TPM, TDX, SEV, etc.).
Required Methods§
Sourcefn backup(
&self,
key: &WrappedKey,
secret: Option<&[u8]>,
) -> Result<BackupBundle>
fn backup( &self, key: &WrappedKey, secret: Option<&[u8]>, ) -> Result<BackupBundle>
Create an encrypted backup of key.
secret is strategy-specific input:
- Passphrase: the user’s passphrase
- RecoveryKey: ignored (a random key is generated internally)
Sourcefn restore(&self, bundle: &BackupBundle, secret: &[u8]) -> Result<WrappedKey>
fn restore(&self, bundle: &BackupBundle, secret: &[u8]) -> Result<WrappedKey>
Restore a WrappedKey from a backup.
secret is strategy-specific input:
- Passphrase: the user’s passphrase
- RecoveryKey: the recovery key that was displayed at backup time
Sourcefn recovery_type(&self) -> RecoveryType
fn recovery_type(&self) -> RecoveryType
Return the recovery type identifier.