Expand description
In order to support a variety of cryptographically capable hardware we maintain loose coupling between our protocols and how a specific building block is invoked in a specific hardware. This is achieved using an abstract Vault trait.
A concrete implementation of the Vault trait is called an Ockam Vault. Over time, and with help from the Ockam open source community, we plan to add vaults for several TEEs, TPMs, HSMs, and Secure Enclaves.
This crate provides a software-only Vault implementation that can be used when no cryptographic hardware is available. The primary Ockam crate uses this as the default Vault implementation.
The main [Ockam][main-ockam-crate-link] has optional dependency on this crate.
Modules§
Structs§
- Aead
Secret - AEAD Secret.
- Aead
Secret KeyHandle - Handle to an AES-256 Secret Key.
- Aes256
GcmSecret KeyHandle - Handle to an AES-256 Secret Key.
- Buffer
Secret - Buffer with sensitive data, like HKDF output.
- ECDSASH
A256 Curve P256 Public Key - A Curve P-256 Public Key that is only used for ECDSA SHA256 signatures.
- ECDSASH
A256 Curve P256 Secret Key - ECDSASHA256CurveP256 Secret Key.
- ECDSASH
A256 Curve P256 Signature - An ECDSA Signature using SHA256 and Curve P-256.
- EdDSA
Curve25519 Public Key - A Curve25519 Public Key that is only used for EdDSA signatures.
- EdDSA
Curve25519 Secret Key - EdDSACurve25519 Secret Key.
- EdDSA
Curve25519 Signature - An EdDSA Signature using Curve25519.
- Handle
ToSecret - Implementation-specific arbitrary vector of bytes that allows a concrete Vault implementation to address a specific secret that it stores.
- Hash
Output - Hash used for Noise handshake.
- Hkdf
Output - HKDF Output.
- Secret
Buffer Handle - A handle to a secret Buffer (like an HKDF output).
- Sha256
Hkdf Output - SHA-256 HKDF Output.
- Sha256
Output - SHA-256 Output.
- Software
Vault ForSecure Channels - [
SecureChannelVault] implementation using software - Software
Vault ForSigning - [
SigningVault] implementation using software - Software
Vault ForVerifying Signatures - [
VaultForSigning] implementation using software - X25519
Public Key - X25519 Public Key is used for ECDH.
- X25519
Secret Key - X25519 Secret Key.
- X25519
Secret KeyHandle - A handle to a X25519 Secret Key.
Enums§
- HKDF
Number OfOutputs - Possible number of outputs of HKDF.
- Signature
- A cryptographic signature.
- Signing
KeyType - Key type for Signing. See
super::signatures::Signature. - Signing
Secret - Signing secret binary
- Signing
Secret KeyHandle - A handle to signing secret key inside a vault.
- Vault
Error - Represents the failures that can occur in an Ockam vault
- Verifying
Public Key - A public key for verifying signatures.
Constants§
- AEAD_
SECRET_ LENGTH - AEAD Secret Length.
- AEAD_
TYPE - AEAD type string.
- AES256_
SECRET_ LENGTH - AES256 private key length.
- AES_
NONCE_ LENGTH - AES-GCM nonce length
- ECDSA_
SHA256_ CURVE P256_ PUBLIC_ KEY_ LENGTH - NIST P256 public key length.
- ECDSA_
SHA256_ CURVE P256_ SECRET_ KEY_ LENGTH - NIST P256 private key length.
- ECDSA_
SHA256_ CURVE P256_ SIGNATURE_ LENGTH - ECDSASHA256CurveP256 signature length.
- EDDSA_
CURV E25519_ PUBLIC_ KEY_ LENGTH - Ed25519 public key length.
- EDDSA_
CURV E25519_ SECRET_ KEY_ LENGTH - Ed25519 private key length.
- EDDSA_
CURV E25519_ SIGNATURE_ LENGTH - EdDSACurve25519 signature length.
- SHA256_
LENGTH - SHA256 digest length
- X25519_
PUBLIC_ KEY_ LENGTH - X25519 public key length.
- X25519_
SECRET_ KEY_ LENGTH - X25519 private key length.
Traits§
- Vault
ForSecure Channels - Vault for running a Secure Channel
- Vault
ForSigning - Vault for signing data.
- Vault
ForVerifying Signatures - Vault for verifying signatures and computing SHA-256.
Type Aliases§
- Aead
Secret KeyHandle Type - Handle to a AEAD Secret Key.