+++
title = "LockWire"
description = "LockWire is secure-by-default, batteries-included security infrastructure for Rust: TLS with no warnings, PKI, passkeys, signed updates, and tamper-evident audit — wired correctly out of the box."

[extra]
hero_sub = "LockWire is batteries-included security infrastructure for Rust: TLS with no warnings, PKI, passkeys, signed updates, and tamper-evident audit — wired correctly out of the box, with fail-loud guards that turn an insecure setup into a build-time error."

[[extra.cards]]
title = "A web server"
body = "Serve HTTPS that browsers trust, on loopback or the LAN, with mTLS when you need it."

[[extra.cards]]
title = "A desktop app"
body = "Call remote services from macOS, Windows, or Linux with pinned, revocation-checked TLS."

[[extra.cards]]
title = "Login & identity"
body = "Passkeys and OIDC without rolling your own auth — the most common way apps get hurt."

[[extra.cards]]
title = "Something airgapped"
body = "Your own DNS, time, CA, and timestamping when there is no internet to lean on."

[[extra.evidence]]
title = "Threat models"
body = "Authored, versioned, and shipped in every repository — read them before you trust us."

[[extra.evidence]]
title = "SSDL, self-audited"
body = "An IEC 62443-4-1–based development process, audited in the open — not a certification we claim."

[[extra.evidence]]
title = "Traceability"
body = "Every security requirement links to the code that satisfies it and the test that proves it."

[[extra.evidence]]
title = "SBOMs, per release"
body = "A software bill of materials ships with every release — audit the whole dependency set, not just our code."

[[extra.evidence]]
title = "FIPS-only crypto"
body = "Routed through AWS-LC FIPS. No home-rolled primitives, no curve step-downs."

[[extra.evidence]]
title = "Apache-2.0 core"
body = "The security tier is permanently open source, and every tier is published through crates.io, not behind a portal."
+++
