Radicle Keystore

Common interfaces for key management in the Radicle stack.

License

GPLv3.

lib.rs:

radicle-keystore aims to become the sole abstraction over storage of key material in the Radicle ecosystem.

Radicle employs two kinds of keys: ones which may leave your device (e.g. onto an HSM), and ones that shouldn't. For the first kind, we will eventually provide an implementation of Keystore which interfaces directly with system keychains or hardware devices, while for the second kind matters are a bit more complicated: we recommend to use the file::FileStorage implementation, which stores keys in encrypted form on the filesystem. This is to discourage (accidental) key sharing via backup or cross-device syncing setups the user might have.

The choice of crypto::Crypto (and relatedly pinentry::Pinentry) may however be used to store the passphrase for a key-derivation scheme (as employed by crypto::Pwhash) in some system keychain, or offload encryption entirely to an external system (such as GPG, or a password manager).