Expand description
Lease-scoped key and ciphertext store for grafOS.
This crate provides epoch-based encryption key management and encrypted blob storage, with keys tied to fabric memory leases. When a lease expires, the key is destroyed and decryption becomes impossible — enforcing fail-closed semantics.
§Architecture
-
KeyEpochManagermanages encryption key epochs. Each epoch has a TTL and stores its key material in agrafos_locator::locator::MemRegionLocator. Key rotation creates a new active epoch and marks the previous one asEpochStatus::Rotating. -
EncryptedBlobStoreencrypts and decrypts blobs using the active epoch key from aKeyEpochManager. Ciphertext is stored with its epoch ID, nonce, and AAD so the correct key can be resolved at decryption time. -
Crypto operations are abstracted behind the
CryptoBackendtrait. AMockCryptoBackend(XOR-based, NOT secure) is provided for testing. Real crypto requires thecrypto-aes-gcmfeature flag.
§Fail-closed semantics
If a key’s epoch is expired or missing, EncryptedBlobStore::get returns
an error rather than attempting decryption with stale or unknown key material.
Structs§
- BlobId
- Unique identifier for an encrypted blob.
- Blob
Info - Metadata for an encrypted blob, including the epoch used for encryption and the cryptographic parameters needed for decryption.
- Encrypted
Blob Store - Encrypted blob store that uses epoch-scoped keys for encryption.
- EpochId
- Unique identifier for a key epoch.
- Epoch
Info - Metadata for a single key epoch.
- KeyEpoch
Manager - Manages encryption key epochs with lease-scoped lifecycle.
- Mock
Crypto Backend - XOR-based mock crypto backend for testing.
Enums§
- Epoch
Status - Lifecycle status of a key epoch.
- Secure
Store Error - Errors returned by secure store operations.
Traits§
- Crypto
Backend - Trait abstracting symmetric encryption operations.