Struct FileKeyStore

Source

pub struct FileKeyStore { /* private fields */ }

Expand description

File-based key storage in ~/.txgate/keys/.

This implementation stores encrypted keys as individual files with the .enc extension. Each key is encrypted using the encryption module’s ChaCha20-Poly1305 AEAD encryption with Argon2id key derivation.

§Security

Directory permissions are set to 0700 (owner only)
File permissions are set to 0600 (owner read/write only)
Atomic writes prevent corruption on crash
Key names are validated to prevent path traversal attacks

§Example

use txgate_crypto::store::{KeyStore, FileKeyStore};

// Use the default path (~/.txgate/keys/)
let store = FileKeyStore::new().expect("failed to create key store");

// Or use a custom path
use std::path::PathBuf;
let custom_store = FileKeyStore::with_path(PathBuf::from("/custom/path"))
    .expect("failed to create key store");

Implementations§

Source §

impl FileKeyStore

Source

pub fn new() -> Result<Self, StoreError>

Create a new FileKeyStore with the default path (~/.txgate/keys/).

§Errors

StoreError::IoError if the home directory cannot be determined
StoreError::IoError if directory creation fails
StoreError::PermissionDenied if permissions cannot be set

§Example

use txgate_crypto::store::FileKeyStore;

let store = FileKeyStore::new().expect("failed to create key store");

Source

pub fn with_path(keys_dir: PathBuf) -> Result<Self, StoreError>

Create a FileKeyStore with a custom path.

This is useful for testing or when you want to store keys in a non-standard location.

§Arguments

keys_dir - The directory to store keys in

§Errors

StoreError::IoError if directory creation fails
StoreError::PermissionDenied if permissions cannot be set

§Example

use txgate_crypto::store::FileKeyStore;
use std::path::PathBuf;

let store = FileKeyStore::with_path(PathBuf::from("/tmp/test-keys"))
    .expect("failed to create key store");

Source