Skip to main content

Crate mdk_sqlite_storage

Crate mdk_sqlite_storage 

Source
Expand description

SQLite-based storage implementation for MDK.

This module provides a SQLite-based storage implementation for MDK (Marmot Development Kit). It implements the MdkStorageProvider trait, allowing it to be used as a persistent storage backend.

SQLite-based storage is persistent and will be saved to a file. It’s useful for production applications where data persistence is required.

§Encryption

This crate uses SQLCipher for transparent encryption of MLS state at rest with keys stored securely in the platform’s native keyring (Keychain, Keystore, etc.).

§Setup (Required First)

Before using MDK, the host application must initialize a platform-specific keyring store:

// macOS/iOS
use apple_native_keyring_store::AppleStore;
keyring_core::set_default_store(AppleStore::new());

// Windows
use windows_native_keyring_store::WindowsStore;
keyring_core::set_default_store(WindowsStore::new());

// Linux
use linux_keyutils_keyring_store::KeyutilsStore;
keyring_core::set_default_store(KeyutilsStore::new());
use mdk_sqlite_storage::MdkSqliteStorage;

// MDK handles key generation and storage automatically
let storage = MdkSqliteStorage::new(
    "/path/to/db.sqlite",
    "com.example.myapp",      // Service identifier
    "mdk.db.key.default"      // Key identifier
)?;

§Direct Key Management (Advanced)

If you need to manage encryption keys yourself:

use mdk_sqlite_storage::{EncryptionConfig, MdkSqliteStorage};

let key = [0u8; 32]; // Your securely stored key
let config = EncryptionConfig::new(key);
let storage = MdkSqliteStorage::new_with_key("/path/to/db.sqlite", config)?;

§Security Recommendations

  • Use MdkSqliteStorage::new: It handles key generation and secure storage automatically
  • Never log encryption keys: The EncryptionConfig debug output redacts the key
  • Use unique keys per database: Don’t reuse keys across different databases

Re-exports§

pub use self::encryption::EncryptionConfig;

Modules§

encryption
SQLCipher encryption support for SQLite storage.
error
Error types for the SQLite storage implementation.
keyring
Keyring integration for secure encryption key storage.

Structs§

MdkSqliteStorage
A SQLite-based storage implementation for MDK.

Functions§

verify_permissions
Verifies that a file or directory has appropriately restrictive permissions.