 |
Signet Forge 0.1.1
C++20 Parquet library with AI-native extensions
|
DEMO |
|
Signet Forge 0.1.1
C++20 Parquet library with AI-native extensions
|
DEMO |
File-based local key store — IKmsClient implementation for on-premise deployments. More...
#include "signet/crypto/hkdf.hpp"#include "signet/crypto/hsm_client_stub.hpp"#include "signet/crypto/key_metadata.hpp"#include "signet/error.hpp"#include <array>#include <chrono>#include <cerrno>#include <cstdint>#include <cstdio>#include <cstring>#include <fstream>#include <mutex>#include <string>#include <sys/stat.h>#include <unordered_map>#include <vector>Go to the source code of this file.
Classes | |
| class | signet::forge::crypto::LocalKeyStore |
| File-based local key store for on-premise deployments. More... | |
| struct | signet::forge::crypto::LocalKeyStore::Config |
Namespaces | |
| namespace | signet |
| namespace | signet::forge |
| namespace | signet::forge::crypto |
File-based local key store — IKmsClient implementation for on-premise deployments.
Stores AES-256 master keys on disk, wrapped under a passphrase-derived KEK. Key derivation: passphrase → HKDF-Extract(salt, passphrase) → KEK Key wrapping: AES Key Wrap (RFC 3394) under the KEK
Storage layout: <keystore_path>/ keys/ — Individual wrapped key files audit.log — Append-only key access log
NOT suitable for high-security environments — use cloud KMS or HSM for production deployments handling regulated data. This adapter is designed for on-premise, air-gapped, or development environments.
References:
Definition in file kms_local.hpp.
1.9.8