Expand description
Client API traits for the SecureDrop protocol.
This module defines the shared API surface for both source and journalist
clients. The Api trait provides common operations such as key fetching,
signature verification, and message submission. The JournalistApi trait
extends Api with journalist-specific operations like enrollment and
ephemeral key management.
§Trust model
Key verification follows a chain of trust:
- The FPF signing key is a trust anchor (pre-distributed out of band).
- The newsroom’s verifying key is signed by FPF. (This is not yet verified by
handle_journalist_key_response().) - Each journalist’s signing key is signed by the newsroom.
- Each journalist’s key bundles are self-signed.
Traits§
- Api
- Common API shared by sources and journalists.
Apiusers must provide a Client implementation (local storage abstraction). All users use the same API, but hax does not support default trait implementations (cryspen/hax/issues/888) so the trait is defined separately. - Client
- Clients hold a reference to the newsroom
VerifyingKeyof the instance they are interacting with. - Journalist
Api - Journalist-specific API operations.