Guide
Local Self-Storage
Encrypt files for your own identity — at-rest protection against disk theft or backup leakage. The trick is to encrypt envelopes to yourself.
Pattern
var me = new Client();
// Encrypt a secret for at-rest storage
string envelope = await me.EncryptEnvelopeAsync(
recipient: me.Name, // <- yourself
body: File.ReadAllText("secret.txt"));
File.WriteAllText("secret.enc", envelope);
// Decrypt later (even on a different machine bound to the same identity)
string blob = File.ReadAllText("secret.enc");
var msg = await me.DecryptEnvelopeAsync(blob);
Console.WriteLine(msg.Body);What this gives you
- Quantum-resistant at-rest encryption — same V4 trapdoor as on-wire.
- Identity-bound — only your machine token + hexaeight.mac can decrypt.
- No key management — you don't keep a symmetric key around to lose.
Important
Losing your
hexaeight.mac means losing the data. There is no recovery path
by design — that's the security property. Back up the mac file to a separate identity
license or to an offline copy.
See also
- Cache persistence — same primitive applied to the ASK cache.