Struct KeyMaterial 

pub struct KeyMaterial { /* private fields */ }

Raw 32-byte SQLCipher key. Always wrapped in Zeroizing so the underlying bytes are wiped when the value drops.

The struct is Clone (each clone produces its own zeroized buffer) but deliberately does NOT impl Copy — that would defeat zeroization.

Implementations

impl KeyMaterial

pub fn derive(passphrase: &str, salt: &[u8; 16]) -> Result<Self>

Derive a 32-byte SQLCipher key from a UTF-8 passphrase + 16-byte salt.

Argon2id with the parameters specified in ADR-0003 §P8-F. Takes ~500 ms on a modern laptop — call this once at daemon startup, never per-write.

pub fn fresh_salt() -> Result<[u8; 16]>

Generate a fresh cryptographically random 16-byte salt for first-run setup. Persist in solo.config.toml alongside the database.

pub fn as_hex(&self) -> Zeroizing<String>

Raw 32-byte key as 64-character lowercase hex, wrapped in Zeroizing so the underlying buffer is wiped on drop. Used to build the PRAGMA key = "x'<hex>'" statement on every fresh SQLCipher connection.

Callers should hold the returned value just long enough to build the PRAGMA, then let it drop. The PRAGMA string itself isn’t wrapped — once it’s been formatted into a static prefix + dynamic hex + static suffix, the resulting String doesn’t zeroize on its own. That’s a known v0.2 hardening item; for now the smaller Zeroizing<String> from this method is the cleanest boundary.

Trait Implementations

impl Clone for KeyMaterial

fn clone(&self) -> Self

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for KeyMaterial

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.