crypto::keystore +linux +x86_64

The keystore module provides a means of securely storing private information, ideally through the assistance of operating system key storage facilities. The purpose of this feature is to store private data without keeping it in the process's address space, so that bugs which can lead to reading process memory cannot recover the key while it's not actively in use.

On platforms without a suitable feature, a fallback implementation stores the secrets in the process heap, providing no security. This is an opportunistic API which allows your program to take advantage of these features if available.

This is a low-level module which implements cryptographic primitives. Direct use of cryptographic primitives is not recommended for non-experts, as incorrect use of these primitives can easily lead to the introduction of security vulnerabilities. Non-experts are advised to use the high-level operations available in the top-level crypto module.

Be advised that Hare's cryptography implementations have not been audited.



// Undocumented types:
type key;


fn destroy(key) void;
fn newkey([]u8, str) (key | errors::error);
fn read(key, []u8) size;


type key[link]

Show undocumented member
type key = keyctl::serial;


fn destroy[link]

fn destroy(key: key) void;

Destroys a secure key.

fn newkey[link]

fn newkey(buf: []u8, name: str) (key | errors::error);

Creates a new secure key. The caller should clear the secret buffer with bytes::zero after initialization.

fn read[link]

fn read(key: key, buf: []u8) size;

Reads secret data from a secure key. When the caller is done using the secret buffer, they should use bytes::zero to securely wipe the buffer memory.