Crate lair_keystore_api

source ·
Expand description

Secret lair private keystore API library.

Project Forum Chat

License: MIT License: Apache-2.0

This library crate contains most of the logic for dealing with lair.

  • If you wish to run an in-process / in-memory keystore, or connect to an external lair keystore as a client, this is the library for you.
  • If you want to run the canonical lair-keystore, see the lair_keystore crate.
  • If you want to run a canonical lair-keystore in-process, using the canonical sqlcipher database, see the lair_keystore crate.
  • See the lair_api module for information about the lair_keystore_api protocol.
  • See LairClient for the client struct api.
§Establishing a client connection to a canonical ipc keystore binary:
use lair_keystore_api::prelude::*;
use lair_keystore_api::ipc_keystore::*;

// create a client connection
let client =
    ipc_keystore_connect(connection_url, passphrase)
        .await
        .unwrap();

// create a new seed
let seed_info = client.new_seed(
    "test-seed".into(),
    None,
    false,
).await.unwrap();

// sign some data
let sig = client.sign_by_pub_key(
    seed_info.ed25519_pub_key.clone(),
    None,
    b"test-data".to_vec().into(),
).await.unwrap();

// verify the signature
assert!(seed_info.ed25519_pub_key.verify_detached(
    sig,
    b"test-data".to_vec(),
).await.unwrap());

Modules§

  • config
    Lair server configuration types. You only need this module if you are configuring a standalone or in-process lair keystore server.
  • dependencies
    Re-exported dependencies.
  • encoding_types
    Helper types for dealing with serialization.
  • in_proc_keystore
    An in-process keystore that manages the entire lair server life-cycle without needing to call out to an external process.
  • internal
    Internal utility functions - note, the api for anything in this module is unstable and may change even for patch versions of this library.
  • ipc_keystore
    Client / server keystore items for dealing with ipc keystores, both unix domain sockets and windows named pipes.
  • lair_api
    Lair api serialization types.
  • lair_client
    Items for connecting and interacting with a lair keystore as a client.
  • lair_server
    Items for acting as a lair keystore server.
  • lair_store
    Items related to securely persisting keystore secrets (e.g. to disk).
  • mem_store
    Lair in-memory store - This does not provide any peristance, and should generally only be used for testing.
  • prelude
    Re-export module of types generally used with lair.
  • sodium_secretstream
    Libsodium secretstream Async reader / writer wrappers.

Structs§

  • LairClient
    A lair keystore client handle. Use this to make requests of the keystore.

Constants§

Functions§

  • ipc_keystore_connect
    Connect to an IpcKeystoreServer instance via unix domain socket on linux/macOs or named pipe on windows. This constructor will first validate server authenticity, then unlock the connection with the supplied passphrase.
  • ipc_keystore_connect_options
    Connect to an IpcKeystoreServer instance via unix domain socket on linux/macOs or named pipe on windows. This variant is identical to ipc_keystore_connect but allows additional less-used configuration options.

Type Aliases§