Struct LocalizedKey 

pub struct LocalizedKey { /* private fields */ }

Localized authentication key.

A key that has been derived from a password and bound to a specific engine ID. This key can be used for HMAC operations on messages to/from that engine.

Security

Key material is automatically zeroed from memory when the key is dropped, using the zeroize crate. This provides defense-in-depth against memory scraping attacks.

Implementations

impl LocalizedKey

pub fn from_password( protocol: AuthProtocol, password: &[u8], engine_id: &[u8], ) -> Self

Derive a localized key from a password and engine ID.

This implements the key localization algorithm from RFC 3414 Section A.2:

1. Expand password to 1MB by repetition
2. Hash the expansion to get the master key
3. Hash (master_key || engine_id || master_key) to get the localized key

Performance Note

This method performs the full key derivation (~850μs for SHA-256). When polling many engines with shared credentials, use MasterKey to cache the intermediate result and call MasterKey::localize for each engine.

Empty and Short Passwords

Empty passwords result in an all-zero key of the appropriate length for the authentication protocol. This differs from net-snmp, which rejects passwords shorter than 8 characters with USM_PASSWORDTOOSHORT.

While empty/short passwords are accepted for flexibility, they provide minimal security. A warning is logged at the WARN level when the password is shorter than MIN_PASSWORD_LENGTH (8 characters).

pub fn from_str_password( protocol: AuthProtocol, password: &str, engine_id: &[u8], ) -> Self

Derive a localized key from a string password and engine ID.

This is a convenience method that converts the string to bytes and calls from_password.

pub fn from_master_key(master: &MasterKey, engine_id: &[u8]) -> Self

Create a localized key from a master key and engine ID.

This is the efficient path when you have a cached MasterKey. Equivalent to calling MasterKey::localize.

pub fn from_bytes(protocol: AuthProtocol, key: impl Into<Vec<u8>>) -> Self

Create a localized key from raw bytes.

Use this if you already have a localized key (e.g., from configuration).

pub fn protocol(&self) -> AuthProtocol

Get the protocol this key is for.

pub fn as_bytes(&self) -> &[u8]

Get the raw key bytes.

pub fn mac_len(&self) -> usize

Get the MAC length for this key’s protocol.

pub fn compute_hmac(&self, data: &[u8]) -> Vec<u8>

Compute HMAC over a message and return the truncated MAC.

The returned MAC is truncated to the appropriate length for the protocol (12 bytes for MD5/SHA-1, variable for SHA-2).

pub fn verify_hmac(&self, data: &[u8], expected: &[u8]) -> bool

Verify an HMAC.

Returns true if the MAC matches, false otherwise.

Trait Implementations

impl Clone for LocalizedKey

fn clone(&self) -> LocalizedKey

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for LocalizedKey

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Drop for LocalizedKey

fn drop(&mut self)

Executes the destructor for this type.

impl Zeroize for LocalizedKey

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.