Cryptographic technology in Craft Store¶
Craft Store uses cryptographic processes to send files between devices and endpoints through the internet. It does not directly implement its own cryptography, but it does depend on external libraries to do so.
Authentication¶
Craft Store uses macaroons, as an authentication mechanism, which are processed by the macaroonbakery library. This library validates and manages macaroons as returned by stores and simplifies the inclusion of macaroons in further requests to stores.
Credentials may additionally be stored on-disk using the keyring library, which will use the keyring service
provided by the host operating system. If the host does not have a keyring service, they
will instead be stored in a plain text file called credentials.json under the
application’s data storage directory. A warning is issued to the terminal when this
behavior is triggered. This behavior is available to ease the usage of Craft Store
inside virtual machines and containers, but is generally discouraged.
Network connectivity¶
Craft Store handles URLs using urllib. The use of this library both simplifies and hardens the parsing of URLs provided by consuming applications.
Connections over the internet are mediated by the requests or httpx libraries. These libraries handle cryptographic operations such as the TLS handshake that are standard requirements for modern internet connections. These are configured to always attempt HTTPS connections first, but have the ability to communicate over HTTP as a fallback. Canonical storefronts do not support HTTP, but this capability is retained to aid with local testing. Between these two libraries, Craft Store will use whichever of the two is invoked by the consuming application.