pub struct SignedEnvelope {
pub cert_chain: CertChain,
pub recipient: Recipient,
pub nonce: [u8; 24],
pub sequence: u64,
pub payload_cid: [u8; 32],
pub payload: ByteBuf,
pub agent_sig: SerdeSig,
}Expand description
A wire envelope, signed by the sender’s agent key.
Fields, in the order they’re produced by Self::new:
cert_chain— proves the sender’s agent identity.recipient— addressing tag.nonce— 24 random bytes; replay-protection scope.sequence— monotonic per-session counter.payload_cid— BLAKE3 ofpayload.payload— opaque bytes (the actual message).agent_sig— signature overENVELOPE_TAG || recipient_bytes || nonce || seq || payload_cid.
Fields§
§cert_chain: CertChain§recipient: Recipient§nonce: [u8; 24]§sequence: u64§payload_cid: [u8; 32]§payload: ByteBuf§agent_sig: SerdeSigImplementations§
Source§impl SignedEnvelope
impl SignedEnvelope
Sourcepub fn new(
sender: &AgentKey,
recipient: Recipient,
sequence: u64,
payload: Vec<u8>,
) -> Self
pub fn new( sender: &AgentKey, recipient: Recipient, sequence: u64, payload: Vec<u8>, ) -> Self
Build and sign a new envelope.
The 24-byte nonce is drawn from rand::thread_rng; callers
don’t manage it. The sequence is supplied by the caller —
it’s session-scoped state, not crate state.
Sourcepub fn new_with_signer<S: MeshSigner + ?Sized>(
signer: &S,
cert_chain: CertChain,
recipient: Recipient,
sequence: u64,
payload: Vec<u8>,
) -> Self
pub fn new_with_signer<S: MeshSigner + ?Sized>( signer: &S, cert_chain: CertChain, recipient: Recipient, sequence: u64, payload: Vec<u8>, ) -> Self
Build and sign a new envelope using an explicit MeshSigner and a
matching CertChain.
This is the seam that lets a non-exportable / platform key (a phone
keystore) sign an envelope without the raw seed: the signer
produces the signature, and the cert_chain carries the provenance
(issued via AgentKey::delegate_external).
For the wire envelope to verify, the signer’s
verifying_key must equal
cert_chain.agent_pubkey — verification checks the signature against the
pubkey in the cert, so a mismatched signer simply yields a
MeshError::BadSignature at verify time.
new is a thin wrapper over this, passing the AgentKey
as both signer and cert source.
Sourcepub fn verify(&self) -> Result<()>
pub fn verify(&self) -> Result<()>
Verify the envelope end-to-end:
- Cert chain is valid (user sig over agent metadata).
payload_cidmatches the actualpayloadBLAKE3.- Agent signature is valid over
(recipient, nonce, sequence, payload_cid).
Sourcepub fn sender_agent_fp(&self) -> Fingerprint
pub fn sender_agent_fp(&self) -> Fingerprint
Fingerprint of the sending agent.
Sourcepub fn sender_user_fp(&self) -> Fingerprint
pub fn sender_user_fp(&self) -> Fingerprint
Fingerprint of the user the sender belongs to.
Trait Implementations§
Source§impl Clone for SignedEnvelope
impl Clone for SignedEnvelope
Source§fn clone(&self) -> SignedEnvelope
fn clone(&self) -> SignedEnvelope
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more