Reference implementation of the DeRec Protocol in Rust.
This repository provides the Rust SDK and supporting crates required to build applications that implement the DeRec protocol, including native Rust environments and WebAssembly targets.
Typical applications include:
- Cryptocurrency wallets
- Digital identity systems
- Secure backup and recovery systems
- Key management infrastructure
This repository contains multiple crates forming the Rust implementation of DeRec.
lib-derec/
├── protobufs # Generated protobuf message types
├── cryptography # Cryptographic primitives used by the protocol
├── library # Main SDK exposed to application developers
├── bindings/ # Example bindings and integration samples
├── packages/ # Package wrappers for each SDK supportedMost developers should interact only with derec-library crate. Other crates are internal components used by the SDK.
See DEVELOPMENT.md for instructions on setting up the development environment.
Add the crate to your project via cargo:
cargo add derec-libraryOr manually in your Cargo.toml
[dependencies]
derec-library = "0.0.1-alpha.8"Warning
Note: this is a pre-release version. APIs may change until 0.1.0.
Build all crates in the workspace:
cargo build --workspaceRun tests:
cargo test --workspaceThe derec-library crate supports WebAssembly builds for both Node.js and browser environments.
From the library/ directory run:
makeThis produces two wasm-bindgen packages:
library/target/pkg-nodejs
library/target/pkg-weblibrary/target/pkg-nodejsOptimized for Node.js and may rely on built-in modules such as:
fspathutil
library/target/pkg-webTargeted for browser environments and avoids Node-specific modules.
Front-end applications should import from this directory to prevent bundlers from including Node-only dependencies.
End-to-end smoke tests live under bindings/ and exercise every primitive
flow plus the high-level DeRecProtocol orchestrator (Owner↔Helper pair,
ProtectSecret, Discovery, Recovery, replica secret sync) across every SDK:
bindings/rust— Rust primitive + protocol tests. Run withcargo run -p derec-rust-binding-smoke-test.bindings/nodejs— Node.js WASM tests.cd bindings/nodejs && npm install && npx tsc && node index.js.bindings/web— Browser WASM tests.cd bindings/web && npm install && npm run buildand open vianpm run dev.bindings/dotnet— .NET P/Invoke tests against the C ABI, including the orchestrator.cd bindings/dotnet && dotnet run.
Replicas mirror an Owner's secret onto a second device so the same secrets
remain reachable after device loss. Pairings are unidirectional — one
side runs as SenderKind::ReplicaSource (owns the secret), the other as
SenderKind::ReplicaDestination (receives it). After a fingerprint
cross-confirmation, the Source includes the Destination as a
ProtectSecret target alongside helpers. Helpers receive the usual VSS
share; the Destination receives the full Secret + per-helper
share map and surfaces it as a typed ReplicaSecretReceived event. Each
SDK README has a focused "Replica flows" section with a runnable example.
Contributions are welcome.
Development guidelines, publishing procedures, and workspace structure are
documented in CONTRIBUTING.md.
Licensed under the Apache License, Version 2.0.
See the LICENSE file for details.
The DeRec Alliance is an open initiative focused on creating standards for decentralized secret recovery.
More information at https://derecalliance.org