Expand description
Crypt zone keys and per-member wraps (ADR-038, Crypt.md).
Each Crypt zone has one random AES-256-GCM key. Per-member access is granted by wrapping that key under a KEK derived from a pairwise X25519 ECDH between the granter’s identity and the recipient’s identity (ADR-038, JOY-0157-86). Going through identity material that is stable across passphrase rotation (ADR-039) means passphrase changes do not invalidate Crypt access.
Wrap format on disk: hex-encoded
granter_verify_key (32 bytes) || nonce (12) || ciphertext || tag (16).
Self-wrap (auto-create on joy crypt add) is the special case where
granter and recipient are the same member; the wrap format is
identical so the unwrap path is uniform.
Structs§
- ZoneKey
- 32-byte AES-256-GCM key for a Crypt zone.
Constants§
- DEFAULT_
ZONE - Conventional name of the implicit default zone.
- FILTER_
MAGIC - Magic prefix for Crypt-encrypted file blobs (Git filter format).
- FILTER_
VERSION - On-disk blob format version. Bump on incompatible changes.
Functions§
- active_
zone_ key - Look up an active zone key. Used by joy-core’s read path when decrypting a JOYCRYPT blob.
- clear_
active_ zone_ keys - Wipe the thread-local active zone-keys. Call at the end of a command to ensure no plaintext key material outlives the process (Drop in main.rs covers normal exit).
- decrypt_
blob - Inverse of
encrypt_blob. Returns(zone_name, plaintext). - encrypt_
blob - Encrypt content for a zone in the Git-filter blob format (JOY-014B-09):
- has_
active_ zone_ keys - Whether any zone key is currently active. Useful for joy-cli to decide whether to prompt for passphrase before reading items.
- looks_
like_ blob - Quick check for whether a byte slice begins with the Crypt blob magic. Read paths use this to short-circuit when content is already plaintext (item not encrypted, or file outside any zone).
- set_
active_ zone_ keys - Replace the thread-local active zone-keys with the given map. Typically called once per joy command after passphrase verification.
- unwrap_
for_ member - Unwrap a zone key. Reads the granter’s verify_key from the wrap header, derives the same pairwise KEK on the recipient side, and decrypts the inner blob.
- wrap_
for_ member - Wrap a zone key for a recipient. The granter contributes their X25519 secret (derived from their identity seed); the recipient is addressed by their Ed25519 verify_key. Self-wrap is a special case where granter and recipient identify the same member.
- wrap_
for_ self - Convenience wrapper: self-wrap produced by a member for themselves.