C0ffeeCode
6e811c85c2
This adds support for encrypting and decrypting secrets. It implements the APIs required for unsealing. The APIs are not complete or compliant. Reviewed-on: #1 Squashed commit of the following: commitd77237aefeAuthor: C0ffeeCode <ritters_werth@outlook.com> Date: Wed Apr 2 18:59:33 2025 +0200 Refactor: Secret struct and feature-gates - Shamir and its dependencies behind a default feature - Secret has its own struct commit6eb02c8412Author: C0ffeeCode <ritters_werth@outlook.com> Date: Wed Apr 2 08:28:28 2025 +0200 Feat (sealing): Shamir Secret Sharing scheme commit5de9e1d74eAuthor: C0ffeeCode <ritters_werth@outlook.com> Date: Thu Mar 27 22:13:57 2025 +0100 Fix (sealing): Simple sealing with random nonce commit88ed714e22Author: C0ffeeCode <ritters_werth@outlook.com> Date: Thu Mar 27 17:13:48 2025 +0100 Feat (sealing): Simple Password sealing Password is generated on first startup. The password given to the user is not same as the one used to encrypt secrets commit4d342e8b99Author: C0ffeeCode <ritters_werth@outlook.com> Date: Wed Mar 26 21:51:27 2025 +0100 Feat (kv2): Support Sealing commit1accd45648Author: C0ffeeCode <ritters_werth@outlook.com> Date: Wed Mar 26 21:49:59 2025 +0100 WIP feat (sealing): Implement basic sealing functionality Currently, the key is just stored plainly in the database commit7949d64649Author: C0ffeeCode <ritters_werth@outlook.com> Date: Wed Mar 26 21:39:07 2025 +0100 Chore: Rename `DatabaseDriver` to `DbPool` and add a custom serde serializer `serialize_reject_none` as a utility
8 lines
209 B
SQL
8 lines
209 B
SQL
-- Sealing Key
|
|
|
|
CREATE TABLE root_key (
|
|
version INTEGER PRIMARY KEY CHECK ( version = 1 ),
|
|
encrypted_key BLOB NOT NULL,
|
|
nonce BLOB,
|
|
type TEXT NOT NULL CHECK ( type IN ('dev_only', 'simple', 'shamir') )
|
|
);
|