Expand description
§age‑setup – Simple, Secure X25519 Key Pair Generation for Age
This crate provides a one‑function API for generating X25519 key pairs compatible with the age encryption tool. Every generated key pair is automatically validated and protected by memory‑zeroisation, so you can focus on encrypting data without worrying about cryptographic details or secret leakage.
§Design
The crate is organised into small, focused modules:
| Module | Responsibility |
|---|---|
generator | The main entry point – generates a fresh KeyPair. |
keypair | The KeyPair struct that holds a PublicKey and a SecretKey. |
public_key | A validated wrapper for age public keys (prefix age1). |
secret_key | A validated wrapper for age secret keys, with zeroisation on drop. |
security | Low‑level memory‑zeroisation helpers (public, reusable). |
validation | Internal sanity checks used by PublicKey and SecretKey. |
errors | All error types returned by the crate. |
§Quick start
use age_setup::build_keypair;
fn main() -> age_setup::Result<()> {
let kp = build_keypair()?;
println!("Public key: {}", kp.public); // age1...
println!("Secret key: {}", kp.secret); // [REDACTED]
Ok(())
}§Feature flags
This crate does not expose any feature flags itself; it inherits the
default TLS backend from the age crate (rustls). You can switch to
native‑TLS by enabling the corresponding feature in age.
Re-exports§
pub use errors::Error;pub use errors::GenerationError;pub use errors::Result;pub use errors::ValidationError;pub use generator::build_keypair;pub use keypair::KeyPair;pub use public_key::PublicKey;pub use secret_key::SecretKey;
Modules§
- errors
- Error types for the
age-setupcrate. - generator
- Key pair generation.
- keypair
- Age key pair.
- public_
key - Age public key type.
- secret_
key - Age secret key type.
- security
- Memory security utilities.
- validation
- Lightweight validation for age public keys.