5 releases (3 breaking)
|0.4.0||Oct 31, 2023|
|0.3.0||Oct 2, 2023|
|0.2.1||Sep 5, 2023|
|0.2.0||Aug 1, 2023|
|0.1.0||Jun 30, 2023|
#970 in Cryptography
1,061 downloads per month
Used in 9 crates (3 directly)
Code to fetch, store, and update keys.
Likely to change
The APIs exposed by this crate (even without the
are new and are likely to change rapidly.
We'll therefore often be making semver-breaking changes
(and will update the crate version accordingly).
This crate provides the following key store implementations:
- Arti key store: an on-disk store that stores keys in OpenSSH format.
- (not yet implemented) C Tor key store: an on-disk store that is backwards-compatible with C Tor (new keys are stored in the format used by C Tor, and any existing keys are expected to be in this format too).
In the future we plan to also support HSM-based key stores.
Key specifiers and key types
A "key specifier" identifies a group of equivalent keys, each of a different type (algorithm). It is used to determine the path of the key within the key store (minus the extension).
KeyType::arti_extension are joined
to form the path of the key on disk (relative to the root dir of the key store).
This enables the key stores to have multiple keys with the same role (i.e. the
KeySpecifier::arti_path), but different key types (i.e. different
KeySpecifier implementers must specify:
arti_path: the location of the key in the Arti key store. This also serves as a unique identifier for a particular instance of a key.
ctor_path: the location of the key in the C Tor key store (optional).
Experimental and unstable features
Note that the APIs enabled by these features are NOT covered by semantic versioning[^1] guarantees: we might break them or remove them between patch versions.
keymgr-- build with full key manager support. Disabling this feature causes
tor-keymgrto export a no-op, placeholder implementation.
[^1]: Remember, semantic versioning is what makes various
features work reliably. To be explicit: if you want
to only make safe changes, then you cannot enable these