๐Ÿงฑ Vault Crate Architecture 1. VaultStore Purpose: Central manager for all keyspaces. Responsibilities: Maintain metadata about keyspaces. Provide interfaces to create, load, and manage keyspaces. Ensure each keyspace is encrypted with its own password. 2. KeySpace Purpose: Isolated environment containing multiple keypairs. Responsibilities: Securely store and manage keypairs. Provide cryptographic operations like signing and encryption. Handle encryption/decryption using a password-derived key. 3. KeyPair Purpose: Represents an individual cryptographic keypair. Responsibilities: Perform cryptographic operations such as signing and verification. Support key export and import functionalities. 4. Symmetric Encryption Module Purpose: Provides encryption and decryption functionalities. Responsibilities: Encrypt and decrypt data using algorithms like ChaCha20Poly1305. Derive encryption keys from passwords using PBKDF2. 5. SessionManager Purpose: Manages the active context for cryptographic operations, simplifying API usage. Responsibilities: Maintain the currently selected keypair. Provide simplified methods for cryptographic operations without repeatedly specifying the keypair. ๐Ÿ” Security Model Per-KeySpace Encryption: Each keyspace is encrypted independently using a key derived from its password. VaultStore Metadata: Stores non-sensitive metadata about keyspaces, such as their names and creation dates. This metadata can be stored in plaintext or encrypted based on security requirements. ๐Ÿงช API Design VaultStore rust Copy Edit pub struct VaultStore { // Internal fields } impl VaultStore { pub fn new() -> Self; pub fn load() -> Result; pub fn save(&self) -> Result<(), VaultError>; pub fn list_keyspaces(&self) -> Vec; pub fn create_keyspace(&mut self, name: &str, password: &str) -> Result<(), VaultError>; pub fn delete_keyspace(&mut self, name: &str) -> Result<(), VaultError>; pub fn rename_keyspace(&mut self, old_name: &str, new_name: &str) -> Result<(), VaultError>; pub fn load_keyspace(&self, name: &str, password: &str) -> Result; } KeySpace rust Copy Edit pub struct KeySpace { // Internal fields } impl KeySpace { pub fn new(name: &str, password: &str) -> Result; pub fn save(&self) -> Result<(), VaultError>; pub fn list_keypairs(&self) -> Vec; pub fn create_keypair(&mut self, name: &str) -> Result<(), VaultError>; pub fn delete_keypair(&mut self, name: &str) -> Result<(), VaultError>; pub fn rename_keypair(&mut self, old_name: &str, new_name: &str) -> Result<(), VaultError>; pub fn get_keypair(&self, name: &str) -> Result; pub fn sign(&self, keypair_name: &str, message: &[u8]) -> Result, VaultError>; pub fn verify(&self, keypair_name: &str, message: &[u8], signature: &[u8]) -> Result; } KeyPair rust Copy Edit pub struct KeyPair { // Internal fields } impl KeyPair { pub fn new() -> Self; pub fn from_private_key(private_key: &[u8]) -> Result; pub fn public_key(&self) -> Vec; pub fn private_key(&self) -> Vec; pub fn sign(&self, message: &[u8]) -> Result, VaultError>; pub fn verify(&self, message: &[u8], signature: &[u8]) -> Result; } SessionManager (Optional) rust Copy Edit pub struct SessionManager { keyspace: KeySpace, active_keypair: String, } impl SessionManager { pub fn new(keyspace: KeySpace, keypair_name: &str) -> Result; pub fn sign(&self, message: &[u8]) -> Result, VaultError>; pub fn verify(&self, message: &[u8], signature: &[u8]) -> Result; pub fn switch_keypair(&mut self, keypair_name: &str) -> Result<(), VaultError>; } ๐Ÿ“ฆ Storage Structure Copy Edit vault_store/ โ”œโ”€โ”€ metadata.json โ””โ”€โ”€ keyspaces/ โ”œโ”€โ”€ alice.ksp โ”œโ”€โ”€ bob.ksp โ””โ”€โ”€ ... metadata.json: Contains metadata about each keyspace, such as name and creation date. keyspaces/: Directory containing encrypted keyspace files. ๐Ÿ”„ Integration with kvstore Native Environment Storage Backend: Utilize the local filesystem or a persistent database (e.g., SQLite) for storing VaultStore and KeySpace data. Usage: Initialize VaultStore and load existing keyspaces. Perform cryptographic operations using KeySpace and KeyPair. Persist changes to disk or database. Browser Environment (WASM) Storage Backend: Use browser storage APIs like localStorage or IndexedDB for persisting data. Usage: Compile the vault crate to WebAssembly. Interact with the vault API through JavaScript bindings. Store and retrieve encrypted keyspaces using browser storage.