Expand description
Sequoia’s key store.
Sequoia’s key store is a service, which manages and multiplexes access to secret key material. Conceptually, keys live on devices, and devices are managed by backends. A device may be as simple as an on-disk file (a soft key), it may be a smartcard, or it could be another key store server that is accessed over the network. The key store manages all of these devices, and provides a common, higher-level interface.
The key store is a server. It normally lives in a separate process, but it may be co-located with the application. Using a separate process improves security, because secret key material isn’t exposed to the application, which can help prevent Heartbleed-style bugs. It also means that the state can be shared, which improves usability. For instance, the server can cache passwords. Sometimes, a separate process is not desirable, or awkward, e.g., when using the key store from an initrd. In these cases, the co-located key store is better.
Re-exports§
pub use sequoia_ipc;pub use sequoia_directories;
Structs§
- Backend
- A handle to a backend.
- Context
- A
Contextfor Sequoia. - Device
- A handle to a Device.
- Inaccessible
Decryption Key - Information about key that could not be used for decryption.
- Key
- A handle to a key.
- Keystore
- A handle to the key store.
Enums§
- Error
- Errors returned from the keystore.
- Import
Status - The result of an import operation.
- Password
Source - How the password is obtained.
- Protection
- How secret key material is protected.
Type Aliases§
- Result
- Result type.