Skip to main content

Crate yb_core

Crate yb_core 

Source
Expand description

Core library for yb — secure blob storage on a YubiKey.

§Quick start

use yb_core::{store::Store, orchestrator, Context, ContextOptions, OutputOptions};

let ctx = Context::new(ContextOptions { pin: Some("123456".into()), ..Default::default() }, Box::new(|| Ok(None)), Box::new(|_, _| Ok(None)), OutputOptions::default())?;
let store = Store::from_device(&ctx.reader, ctx.piv.as_ref())?;
for blob in orchestrator::list_blobs(&store) {
    println!("{} ({} bytes)", blob.name, blob.plain_size);
}
let data = orchestrator::fetch_blob(
    &store, ctx.piv.as_ref(), &ctx.reader, "my-secret", ctx.require_pin()?.as_deref(), false,
)?;

§Features

FeaturePurposeDefault
chronoBlobInfo::mtime_local() convenience methodNo
virtual-pivVirtualPiv in-memory backend for testingNo
integration-testsvsmartcard + piv-authenticator testsNo
hardware-testsReal YubiKey destructive testsNo

§Security note

Private key material on the YubiKey is never extracted. ECDH key agreement is performed on-card via the PIV GENERAL AUTHENTICATE command.

Re-exports§

pub use context::parse_ec_public_key_from_cert_der;
pub use context::Context;
pub use context::ContextOptions;
pub use context::DevicePicker;
pub use context::OutputOptions;
pub use nvm::scan_nvm;
pub use nvm::NvmUsage;
pub use orchestrator::chunks_needed;
pub use orchestrator::collect_blob_chain;
pub use orchestrator::fetch_blob;
pub use orchestrator::list_blobs;
pub use orchestrator::remove_blob;
pub use orchestrator::store_blob;
pub use orchestrator::BlobInfo;
pub use orchestrator::Compression;
pub use orchestrator::Encryption;
pub use orchestrator::StoreOptions;
pub use piv::hardware::HardwarePiv;
pub use piv::DeviceInfo;
pub use piv::FlashHandle;
pub use piv::PivBackend;

Modules§

auxiliaries
Auxiliary helpers: TLV parsing, default-credential checks, PIN-protected management-key retrieval.
context
Runtime context shared across all CLI commands.
crypto
Hybrid encryption/decryption (ECDH + HKDF + AES-256-GCM).
nvm
NVM free-space measurement.
orchestrator
High-level blob operations: store, fetch, remove, list.
piv
PIV backend trait and implementations.
store
Binary store: serialization / deserialization of PIV objects.