sequoia_keystore_backend/protection.rs
1/// How secret key material is protected.
2#[derive(Debug)]
3pub enum Protection {
4 // keystore_protocol.capnp Protection:
5
6 /// The secret key material is unlocked.
7 Unlocked,
8
9 /// The key store is not able to determine if the secret key
10 /// material is protected.
11 ///
12 /// It is, however, safe to try a secret key operation (e.g., the
13 /// retry counter will not be decremented). Trying an operation
14 /// may trigger an external event, like a system pin entry dialog.
15 UnknownProtection(Option<String>),
16
17 /// The secret key material is protected by a password. It can
18 /// be unlocked using the unlock interface.
19 ///
20 /// The string is an optional hint for the user.
21 Password(Option<String>),
22
23 /// The secret key material is protected, and can only be unlocked
24 /// using an external terminal.
25 ///
26 /// The string is an optional hint for the user.
27 ///
28 /// Note: some devices don't provide a mechanism to determine if
29 /// the secret key material is currently locked. For instance,
30 /// some smart cards can be configured to require the user to
31 /// enter a pin on an external keypad before their first use, but
32 /// not require it as long as the smart card remains attached to
33 /// the host, and also not provide a mechanism for the host to
34 /// determine the current policy. Such devices should still
35 /// report `Protection::ExternalPassword`, and should phrase the
36 /// hint appropriately.
37 ExternalPassword(Option<String>),
38
39 /// The secret key material is protected, and can only be unlocked
40 /// if the user touches the device.
41 ///
42 /// The string is an optional hint for the user.
43 ExternalTouch(Option<String>),
44
45 /// The secret key material is protected, and can only be unlocked
46 /// externally.
47 ///
48 /// The string is an optional hint for the user, e.g., "Please connect
49 /// to the VPN."
50 ExternalOther(Option<String>),
51}