Expand description
Wrapped-seed identity helpers (ADR-039).
Each member holds a randomly generated 32-byte seed. The Ed25519
identity keypair derives from this seed. The seed is stored in
project.yaml as two AES-256-GCM ciphertexts:
seed_wrap_passphrase: encrypted under a KEK derived frompassphrase + kdf_noncevia Argon2id.seed_wrap_recovery: encrypted under a KEK derived from a recovery key via Argon2id (samekdf_nonce).
Either wrap unlocks the same seed; the keypair stays stable across
passphrase rotation. The recovery key itself is displayed once at
joy auth init and stored externally by the user.
Structs§
- Recovery
Key - 32-byte recovery key. Displayed once at
joy auth init. Stored externally by the user; never persisted by Joy. - Seed
- 32-byte identity seed. The Ed25519 keypair derives from this value.
Functions§
- unwrap_
seed_ with_ passphrase - Unwrap a seed via the passphrase KEK. Returns the 32-byte seed on success; AES-GCM auth failure indicates wrong passphrase.
- unwrap_
seed_ with_ recovery - Unwrap a seed via the recovery KEK. AES-GCM auth failure indicates wrong recovery key.
- wrap_
seed_ for_ migration - Lazy-migration wrap (ADR-039 §“Migration is non-disruptive”): when the legacy Argon2id-derived KEK already equals the seed (because the pre-wrapped-seed model used the KEK directly as the Ed25519 seed), wrap the seed under itself. Subsequent passphrase changes decouple the KEK from the seed naturally.
- wrap_
seed_ with_ passphrase - Derive the passphrase KEK and wrap a seed under it. Returns the
hex-encoded
nonce || ciphertext || tag. - wrap_
seed_ with_ recovery - Derive the recovery KEK and wrap a seed under it. Returns hex.