Skip to main content

PrivateKeyMaterial

anp

Enum PrivateKeyMaterial 

Source 
pub enum PrivateKeyMaterial {
    Secp256k1(SigningKey),
    Secp256r1(SigningKey),
    Ed25519(SigningKey),
    X25519(StaticSecret),
}

Variants§

§

Secp256k1(SigningKey)

§

Secp256r1(SigningKey)

§

Ed25519(SigningKey)

§

X25519(StaticSecret)

Implementations§

Source§

impl PrivateKeyMaterial

Source

pub fn public_key(&self) -> PublicKeyMaterial

Examples found in repository?
examples/proof_example.rs (line 11)
8fn main() {
9    let secp256k1_private =
10        PrivateKeyMaterial::Secp256k1(k256::ecdsa::SigningKey::random(&mut rand::rngs::OsRng));
11    let secp256k1_public = secp256k1_private.public_key();
12    let agent_claim = json!({
13        "id": "did:wba:example.com:agents:alice",
14        "type": "AgentIdentityClaim",
15        "name": "Agent Alice",
16        "capabilities": ["search", "booking", "payment"],
17    });
18    let signed_claim = generate_w3c_proof(
19        &agent_claim,
20        &secp256k1_private,
21        "did:wba:example.com:agents:alice#key-1",
22        ProofGenerationOptions::default(),
23    )
24    .expect("secp256k1 proof generation should succeed");
25    println!(
26        "secp256k1 verification: {}",
27        verify_w3c_proof(
28            &signed_claim,
29            &secp256k1_public,
30            ProofVerificationOptions::default()
31        )
32    );
33
34    let ed25519_private =
35        PrivateKeyMaterial::Ed25519(ed25519_dalek::SigningKey::generate(&mut rand::rngs::OsRng));
36    let ed25519_public = ed25519_private.public_key();
37    let credential = json!({
38        "id": "did:wba:example.com:credential:bob",
39        "type": ["VerifiableCredential", "AgentCapabilityCredential"],
40        "issuer": "did:wba:issuer.example.com",
41        "credentialSubject": {
42            "id": "did:wba:example.com:agents:bob",
43            "capability": "hotel-booking",
44        }
45    });
46    let signed_credential = generate_w3c_proof(
47        &credential,
48        &ed25519_private,
49        "did:wba:issuer.example.com#key-1",
50        ProofGenerationOptions {
51            proof_type: Some(PROOF_TYPE_DATA_INTEGRITY.to_string()),
52            cryptosuite: Some(CRYPTOSUITE_EDDSA_JCS_2022.to_string()),
53            domain: Some("example.com".to_string()),
54            ..ProofGenerationOptions::default()
55        },
56    )
57    .expect("Ed25519 proof generation should succeed");
58    println!(
59        "ed25519 verification: {}",
60        verify_w3c_proof(
61            &signed_credential,
62            &ed25519_public,
63            ProofVerificationOptions {
64                expected_domain: Some("example.com".to_string()),
65                ..ProofVerificationOptions::default()
66            },
67        )
68    );
69}
Source

pub fn sign_message(&self, message: &[u8]) -> Result<Vec<u8>, KeyMaterialError>

Examples found in repository?
examples/interop_cli.rs (line 77)
45fn run_verify_key_fixture(args: &[String]) {
46    let fixture_path = read_option(args, "--fixture").expect("--fixture is required");
47    let content = std::fs::read_to_string(&fixture_path).expect("fixture should be readable");
48    let fixture: serde_json::Value =
49        serde_json::from_str(&content).expect("fixture should be valid JSON");
50    let keys = fixture["keys"]
51        .as_object()
52        .expect("keys should be an object");
53    for (fragment, key_pair) in keys {
54        let private_pem = key_pair["private_key_pem"]
55            .as_str()
56            .expect("private_key_pem should be a string");
57        let public_pem = key_pair["public_key_pem"]
58            .as_str()
59            .expect("public_key_pem should be a string");
60        assert!(
61            private_pem.starts_with("-----BEGIN PRIVATE KEY-----"),
62            "{fragment} private key must be PKCS#8 PEM"
63        );
64        assert!(
65            public_pem.starts_with("-----BEGIN PUBLIC KEY-----"),
66            "{fragment} public key must be SPKI PEM"
67        );
68        assert!(!private_pem.contains("ANP "));
69        assert!(!public_pem.contains("ANP "));
70
71        let private_key = PrivateKeyMaterial::from_pem(private_pem)
72            .expect("private key should parse as standard PEM");
73        let public_key =
74            PublicKeyMaterial::from_pem(public_pem).expect("public key should parse as SPKI PEM");
75        if !matches!(public_key, PublicKeyMaterial::X25519(_)) {
76            let signature = private_key
77                .sign_message(b"cross-language standard pem")
78                .expect("signature should be created");
79            public_key
80                .verify_message(b"cross-language standard pem", &signature)
81                .expect("signature should verify");
82        }
83    }
84    println!(
85        "{}",
86        serde_json::to_string(&json!({"verified": true, "key_count": keys.len()}))
87            .expect("result should serialize")
88    );
89}
Source

pub fn to_pem(&self) -> String

Source

pub fn from_pem(input: &str) -> Result<Self, KeyMaterialError>

Examples found in repository?
examples/interop_cli.rs (line 71)
45fn run_verify_key_fixture(args: &[String]) {
46    let fixture_path = read_option(args, "--fixture").expect("--fixture is required");
47    let content = std::fs::read_to_string(&fixture_path).expect("fixture should be readable");
48    let fixture: serde_json::Value =
49        serde_json::from_str(&content).expect("fixture should be valid JSON");
50    let keys = fixture["keys"]
51        .as_object()
52        .expect("keys should be an object");
53    for (fragment, key_pair) in keys {
54        let private_pem = key_pair["private_key_pem"]
55            .as_str()
56            .expect("private_key_pem should be a string");
57        let public_pem = key_pair["public_key_pem"]
58            .as_str()
59            .expect("public_key_pem should be a string");
60        assert!(
61            private_pem.starts_with("-----BEGIN PRIVATE KEY-----"),
62            "{fragment} private key must be PKCS#8 PEM"
63        );
64        assert!(
65            public_pem.starts_with("-----BEGIN PUBLIC KEY-----"),
66            "{fragment} public key must be SPKI PEM"
67        );
68        assert!(!private_pem.contains("ANP "));
69        assert!(!public_pem.contains("ANP "));
70
71        let private_key = PrivateKeyMaterial::from_pem(private_pem)
72            .expect("private key should parse as standard PEM");
73        let public_key =
74            PublicKeyMaterial::from_pem(public_pem).expect("public key should parse as SPKI PEM");
75        if !matches!(public_key, PublicKeyMaterial::X25519(_)) {
76            let signature = private_key
77                .sign_message(b"cross-language standard pem")
78                .expect("signature should be created");
79            public_key
80                .verify_message(b"cross-language standard pem", &signature)
81                .expect("signature should verify");
82        }
83    }
84    println!(
85        "{}",
86        serde_json::to_string(&json!({"verified": true, "key_count": keys.len()}))
87            .expect("result should serialize")
88    );
89}
More examples
Hide additional examples
examples/direct_e2ee_interop_cli.rs (line 41)
11fn main() {
12    let args = std::env::args().skip(1).collect::<Vec<String>>();
13    if args.first().map(String::as_str) != Some("fixture") {
14        eprintln!("Usage: cargo run --example direct_e2ee_interop_cli -- fixture");
15        std::process::exit(1);
16    }
17
18    let alice = create_did_wba_document(
19        "a.example",
20        DidDocumentOptions::default()
21            .with_profile(DidProfile::E1)
22            .with_path_segments(["agents", "alice"]),
23    )
24    .expect("alice did");
25    let bob = create_did_wba_document(
26        "b.example",
27        DidDocumentOptions::default()
28            .with_profile(DidProfile::E1)
29            .with_path_segments(["agents", "bob"]),
30    )
31    .expect("bob did");
32
33    let alice_did = alice.did_document["id"].as_str().unwrap().to_string();
34    let bob_did = bob.did_document["id"].as_str().unwrap().to_string();
35
36    let alice_static = load_x25519_secret(&alice.keys["key-3"].private_key_pem);
37    let bob_static = load_x25519_secret(&bob.keys["key-3"].private_key_pem);
38    let bob_spk = X25519StaticSecret::from([55u8; 32]);
39
40    let bob_signing_key =
41        PrivateKeyMaterial::from_pem(&bob.keys["key-1"].private_key_pem).expect("bob signing key");
42    let bundle = build_prekey_bundle(
43        "bundle-001",
44        &bob_did,
45        &format!("{bob_did}#key-3"),
46        signed_prekey_from_private_key("spk-001", &bob_spk, "2026-04-07T00:00:00Z"),
47        &bob_signing_key,
48        &format!("{bob_did}#key-1"),
49        Some("2026-03-31T09:58:58Z"),
50    )
51    .expect("bundle");
52
53    let init_metadata = metadata(&alice_did, &bob_did, "msg-init");
54    let (mut alice_session, _pending, init_body) = DirectE2eeSession::initiate_session(
55        &init_metadata,
56        "op-init",
57        &format!("{alice_did}#key-3"),
58        &alice_static,
59        &bundle,
60        &X25519PublicKey::from(&bob_static).to_bytes(),
61        &X25519PublicKey::from(&bob_spk).to_bytes(),
62        &ApplicationPlaintext::new_text("text/plain", "hello bob"),
63    )
64    .expect("initiate");
65
66    let follow_up_metadata = metadata(&alice_did, &bob_did, "msg-2");
67    let (_pending, cipher_body) = DirectE2eeSession::encrypt_follow_up(
68        &mut alice_session,
69        &follow_up_metadata,
70        "op-2",
71        &ApplicationPlaintext::new_json("application/json", json!({"event": "wave"})),
72    )
73    .expect("follow up");
74
75    println!(
76        "{}",
77        serde_json::to_string(&json!({
78            "alice_did_document": alice.did_document,
79            "bob_did_document": bob.did_document,
80            "bundle": serde_json::to_value(&bundle).expect("bundle json"),
81            "bob_static_private_key_b64u": encode_secret(&bob_static),
82            "bob_signed_prekey_private_key_b64u": encode_secret(&bob_spk),
83            "init_metadata": serde_json::to_value(&init_metadata).expect("metadata json"),
84            "follow_up_metadata": serde_json::to_value(&follow_up_metadata).expect("metadata json"),
85            "init_body": serde_json::to_value(&init_body).expect("init json"),
86            "cipher_body": serde_json::to_value(&cipher_body).expect("cipher json"),
87            "init_plaintext": json!({"application_content_type": "text/plain", "text": "hello bob"}),
88            "follow_up_plaintext": json!({"application_content_type": "application/json", "payload": {"event": "wave"}}),
89        }))
90        .expect("fixture json")
91    );
92}
93
94fn metadata(sender: &str, recipient: &str, message_id: &str) -> DirectEnvelopeMetadata {
95    DirectEnvelopeMetadata {
96        sender_did: sender.to_owned(),
97        recipient_did: recipient.to_owned(),
98        message_id: message_id.to_owned(),
99        profile: "anp.direct.e2ee.v1".to_owned(),
100        security_profile: "direct-e2ee".to_owned(),
101    }
102}
103
104fn load_x25519_secret(pem: &str) -> X25519StaticSecret {
105    match PrivateKeyMaterial::from_pem(pem).expect("private key") {
106        PrivateKeyMaterial::X25519(secret) => secret,
107        _ => panic!("expected X25519 private key"),
108    }
109}
Source

pub fn from_compatible_private_pem( input: &str, ) -> Result<Self, KeyMaterialError>

Trait Implementations§

Source§

impl Debug for PrivateKeyMaterial

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> Classify for T

Source§

type Classified = T

Source§

fn classify(self) -> T

Source§

impl<T> Declassify for T

Source§

type Declassified = T

Source§

fn declassify(self) -> T

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more