diff options
Diffstat (limited to 'lockchain-core/src/lib.rs')
| -rw-r--r-- | lockchain-core/src/lib.rs | 78 |
1 files changed, 66 insertions, 12 deletions
diff --git a/lockchain-core/src/lib.rs b/lockchain-core/src/lib.rs index cb02caf..a7b5b0c 100644 --- a/lockchain-core/src/lib.rs +++ b/lockchain-core/src/lib.rs @@ -1,27 +1,81 @@ -//! Common library types used in lockchain crates -#![feature(external_doc)] -#![doc(include = "../README.md")] +//! A common set of functions & types for the `lockchain` ecosystem. +//! +//! This crate by itself doesn't do much. It is meant to be used as the central +//! adapter between a variety of other crates from the `lockchain` ecosystem, +//! that all plug and interact with types and functions defined in this library. +//! +//! This documentation is meant as an outline of what the core crate does and how +//! you can use it, in combination with other libraries, in your application. +//! +//! ## Overview +//! +//! At it's centre, `lockchain-core` defines storage traits. These come in a few +//! forms, from `Vault`, being a very generic interface over what is meant as a +//! secure storage collection, to `Record`, being an individual record in such a +//! system. This means that both the nature of `Vault` and `Record` are generic +//! implementation details, left to you to pick for your application, depending on +//! what fits your needs. +//! +//! Additionally there are of course crypto primitives. `lockchain-core` exposes the +//! `keybob` API for generation and verification of clear text secrets that can be +//! padded to generate AES encryption keys. It adds a user management layer that provides +//! login, permissions as well as second-factor authentication (such as a yubikey). And it +//! provides an easy to use keystore, which binds encrypted keys to user identities, so that +//! encryption never has to be done outside of the users scope. +//! +//! --- +//! +//! ## Usage +//! +//! This means that there's no one way of using `lockchain-core`, instead there are other crates +//! that plug into it. Following is a list of crates, maintained by the `lockchain` team that +//! were designed to work seemlessly with `lockchain-core`. +//! +//! - `lockchain-crypto` is an adapter layer that adds the ability to stream-decrypt records from +//! any kind of vault +//! - `lockchain-files` is a storage adapter which implements a file-storage layer for a vault +//! - `lockchain-memory` is a storage adapter which implements a vault only in memory +//! - `lockchain-client` provides a shim layer between a common client interface and several server-facing +//! communication interfaces, such as `http` or `unix-sockets` +//! - `lockchain-http` provides an http shim on top of the core lockchain API's +//! - `lockchain-unix` provides a unix socket API shim, similar to the http layer +//! +//! The core principle behind lockchain's design was that the server can store encrypted files, without +//! having the capability of being made to decrypt them. That means that the code required +//! is physically not contained in the binary. +//! +//! Primarily this means that crypto is always done on the "client side", however this is up to _you_ to define. +//! Your application might have different needs than were envisioned for lockchain, and as such you can pick +//! and choose from features across the entire `lockchain` ecosystem to which fit your usecase best. +//! +//! ## Something missing? +//! +//! This crate ecosystem is still in active development. There are several projects that aim to use +//! the `lockchain` ecosystem for secure storage needs. As such, we hope to have covered most use cases +//! already. +//! +//! If we missed something, please let us know! #[macro_use] extern crate serde_derive; -extern crate serde_json; -extern crate serde; -extern crate chrono; -extern crate bcrypt; extern crate base64; +extern crate bcrypt; extern crate blake2; -extern crate rand; +extern crate chrono; extern crate keybob; extern crate nix; extern crate pam_auth; +extern crate rand; +extern crate serde; +extern crate serde_json; -pub mod errors; -pub mod traits; pub mod crypto; -pub mod users; +pub mod errors; mod meta; mod record; +pub mod traits; +pub mod users; pub use self::crypto::PackedData; -pub use self::record::{Header, Payload, Record, EncryptedBody}; pub use self::meta::{MetaDomain, VaultMetadata}; +pub use self::record::{EncryptedBody, Header, Payload, Record}; |