Crate lair_keystore_api

source · []
Expand description

Secret lair private keystore API library.

Project Forum Chat

License: MIT License: Apache-2.0

This library crate contains most of the logic for dealing with lair.

  • If you wish to run an in-process / in-memory keystore, or connect to an external lair keystore as a client, this is the library for you.
  • If you want to run the canonical lair-keystore, see the lair_keystore crate.
  • If you want to run a canonical lair-keystore in-process, using the canonical sqlcipher database, see the lair_keystore crate.
  • See the lair_api module for information about the lair_keystore_api protocol.
  • See LairClient for the client struct api.
Establishing a client connection to a canonical ipc keystore binary:
use lair_keystore_api::prelude::*;
use lair_keystore_api::ipc_keystore::*;

// create a client connection
let client =
    ipc_keystore_connect(connection_url, passphrase)
        .await
        .unwrap();

// create a new seed
let seed_info = client.new_seed(
    "test-seed".into(),
    None,
    false,
).await.unwrap();

// sign some data
let sig = client.sign_by_pub_key(
    seed_info.ed25519_pub_key.clone(),
    None,
    b"test-data".to_vec().into(),
).await.unwrap();

// verify the signature
assert!(seed_info.ed25519_pub_key.verify_detached(
    sig,
    b"test-data".to_vec(),
).await.unwrap());

Modules

config

Lair server configuration types. You only need this module if you are configuring a standalone or in-process lair keystore server.

dependencies

Re-exported dependencies.

encoding_types

Helper types for dealing with serialization.

in_proc_keystore

An in-process keystore that manages the entire lair server life-cycle without needing to call out to an external process.

internal

Internal utility functions - note, the api for anything in this module is unstable and may change even for patch versions of this library.

ipc_keystore

Client / server keystore items for dealing with ipc keystores, both unix domain sockets and windows named pipes.

lair_api

Lair api serialization types.

lair_client

Items for connecting and interacting with a lair keystore as a client.

lair_server

Items for acting as a lair keystore server.

lair_store

Items related to securely persisting keystore secrets (e.g. to disk).

mem_store

Lair in-memory store - This does not provide any peristance, and should generally only be used for testing.

prelude

Re-export module of types generally used with lair.

sodium_secretstream

Libsodium secretstream Async reader / writer wrappers.

Structs

LairClient

A lair keystore client handle. Use this to make requests of the keystore.

Constants

LAIR_VER

Lair Version

Functions

ipc_keystore_connect

Connect to an IpcKeystoreServer instance via unix domain socket on linux/macOs or named pipe on windows. This constructor will first validate server authenticity, then unlock the connection with the supplied passphrase.

ipc_keystore_connect_options

Connect to an IpcKeystoreServer instance via unix domain socket on linux/macOs or named pipe on windows. This variant is identical to ipc_keystore_connect but allows additional less-used configuration options.

Type Definitions

LairResult

Lair result type.