Struct KeyMaterial 

pub struct KeyMaterial {
    pub key: Vec<u8>,
    pub nonce: Vec<u8>,
    pub salt: Vec<u8>,
    pub algorithm: EncryptionAlgorithm,
    pub created_at: DateTime<Utc>,
    pub expires_at: Option<DateTime<Utc>>,
}

Key material for encryption/decryption operations with secure memory management

This struct contains all cryptographic material needed for encryption and decryption operations. It implements secure memory management through the Zeroize trait to ensure sensitive data is properly cleared from memory when no longer needed.

Security Features

• Automatic Zeroization: Keys are securely wiped from memory on drop
• Expiration Support: Keys can have expiration times for security policies
• Algorithm Binding: Keys are bound to specific algorithms
• Timestamp Tracking: Creation time tracking for audit and compliance

Key Material Components

• Key: The actual encryption/decryption key
• Nonce: Unique number used once per encryption operation
• Salt: Random data used in key derivation
• Algorithm: The encryption algorithm this key is for
• Created At: When the key material was generated
• Expires At: Optional expiration time for key rotation

Examples

Memory Security

The key material implements Zeroize to ensure sensitive data is securely cleared from memory:

Serialization

Key material can be serialized for storage, but care must be taken to:

• Encrypt serialized key material
• Use secure storage mechanisms
• Implement proper access controls
• Follow key management best practices

Fields

key: Vec<u8>

The encryption/decryption key (sensitive data)

nonce: Vec<u8>

Nonce/initialization vector for encryption operations

salt: Vec<u8>

Salt used in key derivation (if applicable)

algorithm: EncryptionAlgorithm

The encryption algorithm this key material is for

created_at: DateTime<Utc>

When this key material was created (RFC3339 format)

expires_at: Option<DateTime<Utc>>

Optional expiration time for key rotation (RFC3339 format)

Implementations

impl KeyMaterial

pub fn len(&self) -> usize

pub fn is_empty(&self) -> bool

pub fn new( key: Vec<u8>, nonce: Vec<u8>, salt: Vec<u8>, algorithm: EncryptionAlgorithm, ) -> Self

impl KeyMaterial

pub fn with_expiration(self, expires_at: DateTime<Utc>) -> Self

Sets expiration time

pub fn is_expired(&self) -> bool

Checks if key material is expired

pub fn clear(&mut self)

Securely clears key material

pub fn key_size(&self) -> usize

Gets key size in bytes

pub fn nonce_size(&self) -> usize

Gets nonce size in bytes

pub fn salt_size(&self) -> usize

Gets salt size in bytes

Trait Implementations

impl Clone for KeyMaterial

fn clone(&self) -> KeyMaterial

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for KeyMaterial

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for KeyMaterial

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Drop for KeyMaterial

fn drop(&mut self)

Executes the destructor for this type.

impl Serialize for KeyMaterial

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Zeroize for KeyMaterial

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

impl ZeroizeOnDrop for KeyMaterial