app-server: add Windows device key provider

Device keys need to prove possession with non-exportable key material on every accepted signing flow. Windows should use the platform TPM-backed key provider instead of a software secret store or keyring-style storage, so the private key stays behind the OS crypto boundary.

- Wire the device-key crate's default provider to a Windows-specific implementation on Windows.
- Create and open persistent ECDSA P-256 keys with CNG's Microsoft Platform Crypto Provider.
- Export the public key as SPKI DER by converting the CNG ECC public blob to SEC1 form.
- Sign the accepted payload digest with NCrypt and return DER-encoded ECDSA signatures.
- Preserve the hardware TPM protection class and fail create/load/sign when the platform provider or key is unavailable.

- cargo test -p codex-device-key
- cargo check -p codex-device-key --target x86_64-pc-windows-msvc
- just fix -p codex-device-key
- git diff --check

codex-rs/Cargo.lock

@@ -842,6 +842,12 @@ dependencies = [
  "windows-link",
 ]
 
+[[package]]
+name = "base16ct"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
+
 [[package]]
 name = "base64"
 version = "0.21.7"
@@ -2115,6 +2121,22 @@ dependencies = [
  "serde_json",
 ]
 
+[[package]]
+name = "codex-device-key"
+version = "0.0.0"
+dependencies = [
+ "base64 0.22.1",
+ "p256",
+ "pretty_assertions",
+ "rand 0.9.3",
+ "serde",
+ "serde_json",
+ "sha2",
+ "thiserror 2.0.18",
+ "url",
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "codex-exec"
 version = "0.0.0"
@@ -3711,6 +3733,18 @@ version = "0.2.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5"
 
+[[package]]
+name = "crypto-bigint"
+version = "0.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76"
+dependencies = [
+ "generic-array",
+ "rand_core 0.6.4",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "crypto-common"
 version = "0.1.7"
@@ -4415,6 +4449,20 @@ version = "1.0.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555"
 
+[[package]]
+name = "ecdsa"
+version = "0.16.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
+dependencies = [
+ "der",
+ "digest",
+ "elliptic-curve",
+ "rfc6979",
+ "signature",
+ "spki",
+]
+
 [[package]]
 name = "ed25519"
 version = "2.2.3"
@@ -4448,6 +4496,26 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "elliptic-curve"
+version = "0.13.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
+dependencies = [
+ "base16ct",
+ "crypto-bigint",
+ "digest",
+ "ff",
+ "generic-array",
+ "group",
+ "pem-rfc7468",
+ "pkcs8",
+ "rand_core 0.6.4",
+ "sec1",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "ena"
 version = "0.14.3"
@@ -4701,6 +4769,16 @@ dependencies = [
  "simd-adler32",
 ]
 
+[[package]]
+name = "ff"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393"
+dependencies = [
+ "rand_core 0.6.4",
+ "subtle",
+]
+
 [[package]]
 name = "fiat-crypto"
 version = "0.2.9"
@@ -6095,6 +6173,17 @@ dependencies = [
  "system-deps",
 ]
 
+[[package]]
+name = "group"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
+dependencies = [
+ "ff",
+ "rand_core 0.6.4",
+ "subtle",
+]
+
 [[package]]
 name = "gzip-header"
 version = "1.0.0"
@@ -8571,6 +8660,18 @@ dependencies = [
  "supports-color 3.0.2",
 ]
 
+[[package]]
+name = "p256"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
+dependencies = [
+ "ecdsa",
+ "elliptic-curve",
+ "primeorder",
+ "sha2",
+]
+
 [[package]]
 name = "parking"
 version = "2.2.1"
@@ -9000,6 +9101,15 @@ dependencies = [
  "syn 2.0.114",
 ]
 
+[[package]]
+name = "primeorder"
+version = "0.13.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6"
+dependencies = [
+ "elliptic-curve",
+]
+
 [[package]]
 name = "proc-macro-crate"
 version = "3.4.0"
@@ -9938,6 +10048,16 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1e061d1b48cb8d38042de4ae0a7a6401009d6143dc80d2e2d6f31f0bdd6470c7"
 
+[[package]]
+name = "rfc6979"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
+dependencies = [
+ "hmac",
+ "subtle",
+]
+
 [[package]]
 name = "ring"
 version = "0.17.14"
@@ -10397,6 +10517,20 @@ version = "3.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "490dcfcbfef26be6800d11870ff2df8774fa6e86d047e3e8c8a76b25655e41ca"
 
+[[package]]
+name = "sec1"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
+dependencies = [
+ "base16ct",
+ "der",
+ "generic-array",
+ "pkcs8",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "seccompiler"
 version = "0.5.0"

codex-rs/Cargo.toml

@@ -24,6 +24,7 @@ members = [
     "collaboration-mode-templates",
     "connectors",
     "config",
+    "device-key",
     "shell-command",
     "shell-escalation",
     "skills",
@@ -283,6 +284,7 @@ os_info = "3.12.0"
 owo-colors = "4.3.0"
 path-absolutize = "3.1.1"
 pathdiff = "0.2"
+p256 = "0.13.2"
 portable-pty = "0.9.0"
 predicates = "3"
 pretty_assertions = "1.4.1"

codex-rs/device-key/BUILD.bazel

@@ -0,0 +1,6 @@
+load("//:defs.bzl", "codex_rust_crate")
+
+codex_rust_crate(
+    name = "device-key",
+    crate_name = "codex_device_key",
+)

codex-rs/device-key/Cargo.toml

@@ -0,0 +1,27 @@
+[package]
+name = "codex-device-key"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+
+[lints]
+workspace = true
+
+[dependencies]
+base64 = { workspace = true }
+p256 = { workspace = true, features = ["ecdsa", "pkcs8"] }
+rand = { workspace = true }
+serde = { workspace = true, features = ["derive"] }
+serde_json = { workspace = true }
+thiserror = { workspace = true }
+url = { workspace = true }
+
+[target.'cfg(windows)'.dependencies]
+sha2 = { workspace = true }
+windows-sys = { version = "0.52", features = [
+    "Win32_Foundation",
+    "Win32_Security_Cryptography",
+] }
+
+[dev-dependencies]
+pretty_assertions = { workspace = true }

codex-rs/device-key/src/platform.rs

@@ -0,0 +1,68 @@
+use crate::DeviceKeyProvider;
+use std::sync::Arc;
+
+#[cfg(windows)]
+mod windows;
+
+#[cfg(windows)]
+pub(crate) fn default_provider() -> Arc<dyn DeviceKeyProvider> {
+    Arc::new(windows::WindowsDeviceKeyProvider)
+}
+
+#[cfg(not(windows))]
+pub(crate) fn default_provider() -> Arc<dyn DeviceKeyProvider> {
+    Arc::new(unsupported::UnsupportedDeviceKeyProvider)
+}
+
+#[cfg(not(windows))]
+mod unsupported {
+    use crate::DeviceKeyBinding;
+    use crate::DeviceKeyError;
+    use crate::DeviceKeyInfo;
+    use crate::DeviceKeyProtectionClass;
+    use crate::DeviceKeyProvider;
+    use crate::ProviderCreateRequest;
+    use crate::ProviderSignature;
+
+    #[derive(Debug)]
+    pub(crate) struct UnsupportedDeviceKeyProvider;
+
+    impl DeviceKeyProvider for UnsupportedDeviceKeyProvider {
+        fn create(
+            &self,
+            request: ProviderCreateRequest<'_>,
+        ) -> Result<DeviceKeyInfo, DeviceKeyError> {
+            let _ = request.key_id_for(DeviceKeyProtectionClass::HardwareTpm);
+            let _ = request
+                .protection_policy
+                .allows(DeviceKeyProtectionClass::HardwareTpm);
+            let _ = request.binding;
+            Err(DeviceKeyError::HardwareBackedKeysUnavailable)
+        }
+
+        fn get_public(
+            &self,
+            _key_id: &str,
+            _protection_class: DeviceKeyProtectionClass,
+        ) -> Result<DeviceKeyInfo, DeviceKeyError> {
+            Err(DeviceKeyError::KeyNotFound)
+        }
+
+        fn binding(
+            &self,
+            _key_id: &str,
+            _protection_class: DeviceKeyProtectionClass,
+        ) -> Result<DeviceKeyBinding, DeviceKeyError> {
+            Err(DeviceKeyError::KeyNotFound)
+        }
+
+        fn sign(
+            &self,
+            _key_id: &str,
+            _protection_class: DeviceKeyProtectionClass,
+            _payload: &[u8],
+        ) -> Result<ProviderSignature, DeviceKeyError> {
+            Err(DeviceKeyError::KeyNotFound)
+        }
+    }
+}

codex-rs/device-key/src/platform/windows.rs

@@ -0,0 +1,416 @@
+use crate::DeviceKeyAlgorithm;
+use crate::DeviceKeyBinding;
+use crate::DeviceKeyError;
+use crate::DeviceKeyInfo;
+use crate::DeviceKeyProtectionClass;
+use crate::DeviceKeyProvider;
+use crate::ProviderCreateRequest;
+use crate::ProviderSignature;
+use crate::sec1_public_key_to_spki_der;
+use p256::ecdsa::Signature;
+use serde::Deserialize;
+use serde::Serialize;
+use sha2::Digest;
+use sha2::Sha256;
+use std::fs;
+use std::mem::size_of;
+use std::path::PathBuf;
+use std::ptr;
+use windows_sys::Win32::Foundation::NTE_BAD_KEYSET;
+use windows_sys::Win32::Foundation::NTE_EXISTS;
+use windows_sys::Win32::Security::Cryptography::BCRYPT_ECCKEY_BLOB;
+use windows_sys::Win32::Security::Cryptography::BCRYPT_ECCPUBLIC_BLOB;
+use windows_sys::Win32::Security::Cryptography::BCRYPT_ECDSA_PUBLIC_P256_MAGIC;
+use windows_sys::Win32::Security::Cryptography::MS_PLATFORM_CRYPTO_PROVIDER;
+use windows_sys::Win32::Security::Cryptography::NCRYPT_ECDSA_P256_ALGORITHM;
+use windows_sys::Win32::Security::Cryptography::NCRYPT_HANDLE;
+use windows_sys::Win32::Security::Cryptography::NCRYPT_KEY_HANDLE;
+use windows_sys::Win32::Security::Cryptography::NCRYPT_PROV_HANDLE;
+use windows_sys::Win32::Security::Cryptography::NCRYPT_SILENT_FLAG;
+use windows_sys::Win32::Security::Cryptography::NCryptCreatePersistedKey;
+use windows_sys::Win32::Security::Cryptography::NCryptExportKey;
+use windows_sys::Win32::Security::Cryptography::NCryptFinalizeKey;
+use windows_sys::Win32::Security::Cryptography::NCryptFreeObject;
+use windows_sys::Win32::Security::Cryptography::NCryptOpenKey;
+use windows_sys::Win32::Security::Cryptography::NCryptOpenStorageProvider;
+use windows_sys::Win32::Security::Cryptography::NCryptSignHash;
+use windows_sys::core::HRESULT;
+
+#[derive(Debug)]
+pub(crate) struct WindowsDeviceKeyProvider;
+
+impl DeviceKeyProvider for WindowsDeviceKeyProvider {
+    fn create(&self, request: ProviderCreateRequest<'_>) -> Result<DeviceKeyInfo, DeviceKeyError> {
+        if !request
+            .protection_policy
+            .allows(DeviceKeyProtectionClass::HardwareTpm)
+        {
+            return Err(DeviceKeyError::DegradedProtectionNotAllowed {
+                available: DeviceKeyProtectionClass::HardwareTpm,
+            });
+        }
+
+        let key_id = request.key_id_for(DeviceKeyProtectionClass::HardwareTpm);
+        let provider = open_platform_provider()?;
+        let name = key_name(&key_id);
+        if let Some(key) = open_key(&provider, &name)? {
+            let info = key_info(&key_id, &key)?;
+            store_binding(&key_id, request.binding)?;
+            return Ok(info);
+        }
+
+        let key = create_or_open_key(&provider, &name)?;
+        let info = key_info(&key_id, &key)?;
+        store_binding(&key_id, request.binding)?;
+        Ok(info)
+    }
+
+    fn get_public(
+        &self,
+        key_id: &str,
+        protection_class: DeviceKeyProtectionClass,
+    ) -> Result<DeviceKeyInfo, DeviceKeyError> {
+        require_hardware_tpm(protection_class)?;
+        let provider = open_platform_provider()?;
+        let key = open_key(&provider, &key_name(key_id))?.ok_or(DeviceKeyError::KeyNotFound)?;
+        key_info(key_id, &key)
+    }
+
+    fn binding(
+        &self,
+        key_id: &str,
+        protection_class: DeviceKeyProtectionClass,
+    ) -> Result<DeviceKeyBinding, DeviceKeyError> {
+        require_hardware_tpm(protection_class)?;
+        load_binding(key_id)
+    }
+
+    fn sign(
+        &self,
+        key_id: &str,
+        protection_class: DeviceKeyProtectionClass,
+        payload: &[u8],
+    ) -> Result<ProviderSignature, DeviceKeyError> {
+        require_hardware_tpm(protection_class)?;
+        let provider = open_platform_provider()?;
+        let key = open_key(&provider, &key_name(key_id))?.ok_or(DeviceKeyError::KeyNotFound)?;
+        let digest = Sha256::digest(payload);
+        let signature = sign_hash(&key, &digest)?;
+        let signature = Signature::from_slice(&signature)
+            .map_err(|err| DeviceKeyError::Crypto(err.to_string()))?;
+        Ok(ProviderSignature {
+            signature_der: signature.to_der().as_bytes().to_vec(),
+            algorithm: DeviceKeyAlgorithm::EcdsaP256Sha256,
+        })
+    }
+}
+
+fn require_hardware_tpm(protection_class: DeviceKeyProtectionClass) -> Result<(), DeviceKeyError> {
+    if protection_class != DeviceKeyProtectionClass::HardwareTpm {
+        return Err(DeviceKeyError::KeyNotFound);
+    }
+    Ok(())
+}
+
+#[derive(Debug)]
+struct ProviderHandle(NCRYPT_PROV_HANDLE);
+
+impl Drop for ProviderHandle {
+    fn drop(&mut self) {
+        unsafe {
+            NCryptFreeObject(self.0 as NCRYPT_HANDLE);
+        }
+    }
+}
+
+#[derive(Debug)]
+struct KeyHandle(NCRYPT_KEY_HANDLE);
+
+impl Drop for KeyHandle {
+    fn drop(&mut self) {
+        unsafe {
+            NCryptFreeObject(self.0 as NCRYPT_HANDLE);
+        }
+    }
+}
+
+fn open_platform_provider() -> Result<ProviderHandle, DeviceKeyError> {
+    let mut provider = 0;
+    let status = unsafe {
+        NCryptOpenStorageProvider(
+            &mut provider,
+            MS_PLATFORM_CRYPTO_PROVIDER,
+            /*dwflags*/ 0,
+        )
+    };
+    if status != 0 {
+        return Err(DeviceKeyError::HardwareBackedKeysUnavailable);
+    }
+    Ok(ProviderHandle(provider))
+}
+
+fn open_key(provider: &ProviderHandle, name: &[u16]) -> Result<Option<KeyHandle>, DeviceKeyError> {
+    let mut key = 0;
+    let status = unsafe {
+        NCryptOpenKey(
+            provider.0,
+            &mut key,
+            name.as_ptr(),
+            /*dwlegacykeyspec*/ 0,
+            NCRYPT_SILENT_FLAG,
+        )
+    };
+    if status == NTE_BAD_KEYSET {
+        return Ok(None);
+    }
+    if status != 0 {
+        return Err(DeviceKeyError::Platform(format_hresult(
+            "NCryptOpenKey",
+            status,
+        )));
+    }
+    Ok(Some(KeyHandle(key)))
+}
+
+fn create_or_open_key(
+    provider: &ProviderHandle,
+    name: &[u16],
+) -> Result<KeyHandle, DeviceKeyError> {
+    match create_key(provider, name) {
+        Ok(key) => Ok(key),
+        Err(KeyCreationError::AlreadyExists) => {
+            open_key(provider, name)?.ok_or(DeviceKeyError::KeyNotFound)
+        }
+        Err(KeyCreationError::Failed(err)) => Err(err),
+    }
+}
+
+enum KeyCreationError {
+    AlreadyExists,
+    Failed(DeviceKeyError),
+}
+
+fn create_key(provider: &ProviderHandle, name: &[u16]) -> Result<KeyHandle, KeyCreationError> {
+    let mut key = 0;
+    let status = unsafe {
+        NCryptCreatePersistedKey(
+            provider.0,
+            &mut key,
+            NCRYPT_ECDSA_P256_ALGORITHM,
+            name.as_ptr(),
+            /*dwlegacykeyspec*/ 0,
+            NCRYPT_SILENT_FLAG,
+        )
+    };
+    if status == NTE_EXISTS {
+        return Err(KeyCreationError::AlreadyExists);
+    }
+    if status != 0 {
+        return Err(KeyCreationError::Failed(DeviceKeyError::Platform(
+            format_hresult("NCryptCreatePersistedKey", status),
+        )));
+    }
+
+    let key = KeyHandle(key);
+    let status = unsafe { NCryptFinalizeKey(key.0, NCRYPT_SILENT_FLAG) };
+    if status != 0 {
+        return Err(KeyCreationError::Failed(DeviceKeyError::Platform(
+            format_hresult("NCryptFinalizeKey", status),
+        )));
+    }
+    Ok(key)
+}
+
+fn key_info(key_id: &str, key: &KeyHandle) -> Result<DeviceKeyInfo, DeviceKeyError> {
+    Ok(DeviceKeyInfo {
+        key_id: key_id.to_string(),
+        public_key_spki_der: export_public_key_spki_der(key)?,
+        algorithm: DeviceKeyAlgorithm::EcdsaP256Sha256,
+        protection_class: DeviceKeyProtectionClass::HardwareTpm,
+    })
+}
+
+fn export_public_key_spki_der(key: &KeyHandle) -> Result<Vec<u8>, DeviceKeyError> {
+    let blob = ncrypt_export_key(key, BCRYPT_ECCPUBLIC_BLOB)?;
+    let header_len = size_of::<BCRYPT_ECCKEY_BLOB>();
+    if blob.len() < header_len {
+        return Err(DeviceKeyError::Platform(
+            "NCryptExportKey returned a truncated ECC public key header".to_string(),
+        ));
+    }
+
+    let header = unsafe { ptr::read_unaligned(blob.as_ptr() as *const BCRYPT_ECCKEY_BLOB) };
+    if header.dwMagic != BCRYPT_ECDSA_PUBLIC_P256_MAGIC {
+        return Err(DeviceKeyError::Platform(format!(
+            "NCryptExportKey returned unsupported ECC public key magic {}",
+            header.dwMagic
+        )));
+    }
+
+    let coordinate_len =
+        usize::try_from(header.cbKey).map_err(|err| DeviceKeyError::Platform(err.to_string()))?;
+    let expected_len = header_len + coordinate_len * 2;
+    if blob.len() != expected_len {
+        return Err(DeviceKeyError::Platform(format!(
+            "NCryptExportKey returned ECC public key length {}, expected {expected_len}",
+            blob.len()
+        )));
+    }
+
+    let mut sec1 = Vec::with_capacity(1 + coordinate_len * 2);
+    sec1.push(0x04);
+    sec1.extend_from_slice(&blob[header_len..]);
+    sec1_public_key_to_spki_der(&sec1)
+}
+
+fn sign_hash(key: &KeyHandle, digest: &[u8]) -> Result<Vec<u8>, DeviceKeyError> {
+    let mut len = 0;
+    let status = unsafe {
+        NCryptSignHash(
+            key.0,
+            ptr::null(),
+            digest.as_ptr(),
+            digest.len() as u32,
+            ptr::null_mut(),
+            /*cbsignature*/ 0,
+            &mut len,
+            NCRYPT_SILENT_FLAG,
+        )
+    };
+    if status != 0 {
+        return Err(DeviceKeyError::Platform(format_hresult(
+            "NCryptSignHash",
+            status,
+        )));
+    }
+
+    let mut signature = vec![0; len as usize];
+    let status = unsafe {
+        NCryptSignHash(
+            key.0,
+            ptr::null(),
+            digest.as_ptr(),
+            digest.len() as u32,
+            signature.as_mut_ptr(),
+            signature.len() as u32,
+            &mut len,
+            NCRYPT_SILENT_FLAG,
+        )
+    };
+    if status != 0 {
+        return Err(DeviceKeyError::Platform(format_hresult(
+            "NCryptSignHash",
+            status,
+        )));
+    }
+    signature.truncate(len as usize);
+    Ok(signature)
+}
+
+fn ncrypt_export_key(key: &KeyHandle, blob_type: *const u16) -> Result<Vec<u8>, DeviceKeyError> {
+    let mut len = 0;
+    let status = unsafe {
+        NCryptExportKey(
+            key.0,
+            /*hexportkey*/ 0,
+            blob_type,
+            ptr::null(),
+            ptr::null_mut(),
+            /*cboutput*/ 0,
+            &mut len,
+            NCRYPT_SILENT_FLAG,
+        )
+    };
+    if status != 0 {
+        return Err(DeviceKeyError::Platform(format_hresult(
+            "NCryptExportKey",
+            status,
+        )));
+    }
+
+    let mut blob = vec![0; len as usize];
+    let status = unsafe {
+        NCryptExportKey(
+            key.0,
+            /*hexportkey*/ 0,
+            blob_type,
+            ptr::null(),
+            blob.as_mut_ptr(),
+            blob.len() as u32,
+            &mut len,
+            NCRYPT_SILENT_FLAG,
+        )
+    };
+    if status != 0 {
+        return Err(DeviceKeyError::Platform(format_hresult(
+            "NCryptExportKey",
+            status,
+        )));
+    }
+    blob.truncate(len as usize);
+    Ok(blob)
+}
+
+fn key_name(key_id: &str) -> Vec<u16> {
+    format!("CodexDeviceKey.{key_id}")
+        .encode_utf16()
+        .chain(std::iter::once(0))
+        .collect()
+}
+
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct StoredBinding {
+    account_user_id: String,
+    client_id: String,
+}
+
+fn store_binding(key_id: &str, binding: &DeviceKeyBinding) -> Result<(), DeviceKeyError> {
+    let path = binding_path(key_id)?;
+    let parent = path
+        .parent()
+        .ok_or_else(|| DeviceKeyError::Platform("binding path has no parent".to_string()))?;
+    fs::create_dir_all(parent).map_err(|err| DeviceKeyError::Platform(err.to_string()))?;
+    let stored = StoredBinding {
+        account_user_id: binding.account_user_id.clone(),
+        client_id: binding.client_id.clone(),
+    };
+    let bytes =
+        serde_json::to_vec(&stored).map_err(|err| DeviceKeyError::Platform(err.to_string()))?;
+    fs::write(path, bytes).map_err(|err| DeviceKeyError::Platform(err.to_string()))
+}
+
+fn load_binding(key_id: &str) -> Result<DeviceKeyBinding, DeviceKeyError> {
+    let path = binding_path(key_id)?;
+    let bytes = fs::read(path).map_err(|err| {
+        if err.kind() == std::io::ErrorKind::NotFound {
+            DeviceKeyError::KeyNotFound
+        } else {
+            DeviceKeyError::Platform(err.to_string())
+        }
+    })?;
+    let stored: StoredBinding =
+        serde_json::from_slice(&bytes).map_err(|err| DeviceKeyError::Platform(err.to_string()))?;
+    Ok(DeviceKeyBinding {
+        account_user_id: stored.account_user_id,
+        client_id: stored.client_id,
+    })
+}
+
+fn binding_path(key_id: &str) -> Result<PathBuf, DeviceKeyError> {
+    let data_dir = std::env::var_os("LOCALAPPDATA")
+        .or_else(|| std::env::var_os("APPDATA"))
+        .ok_or_else(|| {
+            DeviceKeyError::Platform("LOCALAPPDATA and APPDATA are not set".to_string())
+        })?;
+    Ok(PathBuf::from(data_dir)
+        .join("OpenAI")
+        .join("Codex")
+        .join("device-keys")
+        .join("windows")
+        .join(format!("{key_id}.binding.json")))
+}
+
+fn format_hresult(function: &str, status: HRESULT) -> String {
+    format!("{function} failed with HRESULT 0x{:08x}", status as u32)
+}