diff options
Diffstat (limited to 'lockchain-core/src/crypto/secrets.rs')
| -rw-r--r-- | lockchain-core/src/crypto/secrets.rs | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/lockchain-core/src/crypto/secrets.rs b/lockchain-core/src/crypto/secrets.rs new file mode 100644 index 0000000..87e2c13 --- /dev/null +++ b/lockchain-core/src/crypto/secrets.rs @@ -0,0 +1,25 @@ + +/// Specifies the type of secret that's used to derive a vault user secret +pub enum SecretType { + /// A simple password + Plain, + /// A keyfile that allows asymetric trust operations + Keyfile, + /// Signing a user password with the id of a yubikey + Combine, +} + +/// The backing secret for user authentication +/// +/// This is _always_ in a non-recoverable form, i.e. a hash +/// and salted password. **However** it does reveal something +/// about the user setup, i.e. the type of secret used. +/// +/// Depending on what secret is used, there are other operations that +/// might be supported to verify operations. For example, a `Keyfile` +/// secret can deposit the entire public key in the `content` field, +/// then use asymmetric operations to verify operations more thoroughly. +pub struct UserSecret { + type: SecretType, + content: String, +} |