Module auth

Expand description

Auth blob encryption and master-key resolution.

Auth blobs are AES-256-GCM ciphertexts of opaque cookie/storage state. The key is local to the host (encryption is not portable across machines). Resolution order on the daemon:

OS keyring (keyring crate) under service "vibesurfer", account "default".
Fallback: a 32-byte file at ~/.vibesurfer/key.

Tests skip the keyring (it would prompt the user) and pass keys explicitly via MasterKey::from_bytes.

Structs§

EncryptedBlob: One ciphertext + its 12-byte GCM nonce.
MasterKey: A 32-byte AES-256 master key.

Constants§

KEYRING_ACCOUNT: Account name used for the OS keyring.
KEYRING_SERVICE: Service name used for the OS keyring.

Functions§

decrypt: Decrypt a previously encrypted blob.
encrypt: Encrypt plaintext under key. The returned blob is suitable for inserting into auth_blobs.ciphertext (with nonce as a sibling column).

Module auth

Module auth Copy item path

Structs§

Constants§

Functions§

Module auth