crypto::keystore+x86_64 +linux

keystore: Best-effort/defense-in-depth security for storing keys in memory

The keystore module provides a means of securely storing private information, ideally through the assistance of operating system key storage facilities. The purpose of this feature is to store private data without keeping it in the process's address space, so that bugs which can lead to reading process memory cannot recover the key while it's not actively in use.

On platforms without a suitable feature, a fallback implementation stores the secrets in the process heap, providing no security. This is an opportunistic API which allows your program to take advantage of these features if available.

This is a low-level module which implements cryptographic primitives. Direct use of cryptographic primitives is not recommended for non-experts, as incorrect use of these primitives can easily lead to the introduction of security vulnerabilities. Non-experts are advised to use the high-level operations available in the top-level crypto:: module.

Be advised that Hare's cryptography implementations have not been audited.

Index

Types

// Undocumented types:
type key = keyctl::serial;

Functions

fn destroy(key: key) void;
fn newkey(buf: []u8, name: str) (key | nomem | errors::error);
fn read(key: key, buf: []u8) size;

Types

type key[permalink] [source]

Show undocumented member 
type key = keyctl::serial;

Functions

fn destroy[permalink] [source]

fn destroy(key: key) void;

Destroys a secure key.

fn newkey[permalink] [source]

fn newkey(buf: []u8, name: str) (key | nomem | errors::error);

Creates a new secure key. The caller should clear the secret buffer with bytes::zero after initialization.

fn read[permalink] [source]

fn read(key: key, buf: []u8) size;

Reads secret data from a secure key. When the caller is done using the secret buffer, they should use bytes::zero to securely wipe the buffer memory.