diff options
Diffstat (limited to 'lockchain-core/src/users/secrets.rs')
-rw-r--r-- | lockchain-core/src/users/secrets.rs | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/lockchain-core/src/users/secrets.rs b/lockchain-core/src/users/secrets.rs new file mode 100644 index 0000000..8210a09 --- /dev/null +++ b/lockchain-core/src/users/secrets.rs @@ -0,0 +1,32 @@ +use traits::AutoEncoder; + +/// Specifies the type of secret that's used to derive a vault user secret +#[derive(Serialize, Deserialize)] +pub enum SecretType { + /// A simple password + Plain, + /// A keyfile that allows asymetric trust operations + Keyfile, + /// Signing a user password with the id of a yubikey + Combine, +} + +impl AutoEncoder for SecretType {} + +/// The backing secret for user authentication +/// +/// This is _always_ in a non-recoverable form, i.e. a hash +/// and salted password. **However** it does reveal something +/// about the user setup, i.e. the type of secret used. +/// +/// Depending on what secret is used, there are other operations that +/// might be supported to verify operations. For example, a `Keyfile` +/// secret can deposit the entire public key in the `content` field, +/// then use asymmetric operations to verify operations more thoroughly. +#[derive(Serialize, Deserialize)] +pub struct UserSecret { + tt: SecretType, + content: String, +} + +impl AutoEncoder for UserSecret {} |