Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This avoids duplication of both logic and error-prone values, such as the salt. Grouping all hsm encryption logic into a public API will also allow us to fuzz it. Signed-off-by: Antoine Poinsot <darosior@protonmail.com>