radicle-keystore aims to become the sole abstraction over storage of key
material in the Radicle ecosystem.
Radicle employs two kinds of keys: ones which may leave your device (e.g.
onto an HSM), and ones that shouldn’t. For the first kind, we will
eventually provide an implementation of
Keystore which interfaces
directly with system keychains or hardware devices, while for the second
kind matters are a bit more complicated: we recommend to use the
file::FileStorage implementation, which stores keys in encrypted form on
the filesystem. This is to discourage (accidental) key sharing via backup or
cross-device syncing setups the user might have.
The choice of
crypto::Crypto (and relatedly
however be used to store the passphrase for a key-derivation scheme (as
crypto::Pwhash) in some system keychain, or offload
encryption entirely to an external system (such as GPG, or a password
Named pair of public / secret key.
Type alias for a vector that stores just bytes