Skip to main content

SecureSigner

auths_core::signing

Trait SecureSigner 

Source 
pub trait SecureSigner: Send + Sync {
    // Required methods
    fn sign_with_alias(
        &self,
        alias: &KeyAlias,
        passphrase_provider: &dyn PassphraseProvider,
        message: &[u8],
    ) -> Result<Vec<u8>, AgentError>;
    fn sign_for_identity(
        &self,
        identity_did: &IdentityDID,
        passphrase_provider: &dyn PassphraseProvider,
        message: &[u8],
    ) -> Result<Vec<u8>, AgentError>;
}
Expand description

A trait for components that can perform signing operations using stored keys, identified by an alias, while securely handling decryption and passphrase input.

Required Methods§

Source

fn sign_with_alias( &self, alias: &KeyAlias, passphrase_provider: &dyn PassphraseProvider, message: &[u8], ) -> Result<Vec<u8>, AgentError>

Requests a signature for the given message using the key identified by the alias.

This method handles loading the encrypted key, obtaining the necessary passphrase via the provided PassphraseProvider, decrypting the key, performing the signature, and ensuring the decrypted key material is handled securely.

§Arguments
  • alias: The alias of the key to use for signing.
  • passphrase_provider: An implementation of PassphraseProvider used to obtain the passphrase if needed.
  • message: The message bytes to be signed.
§Returns
  • Ok(Vec<u8>): The raw signature bytes.
  • Err(AgentError): If any step fails (key not found, incorrect passphrase, decryption error, signing error, etc.).
Source

fn sign_for_identity( &self, identity_did: &IdentityDID, passphrase_provider: &dyn PassphraseProvider, message: &[u8], ) -> Result<Vec<u8>, AgentError>

Signs a message using the key associated with the given identity DID.

This method resolves the identity DID to an alias by looking up keys associated with that identity in storage, then delegates to sign_with_alias.

§DID to Alias Resolution Strategy

The implementation uses the storage backend’s list_aliases_for_identity to find aliases associated with the given DID. The first matching alias is used for signing.

§Arguments
  • identity_did: The identity DID (e.g., “did:keri:ABC…”) to sign for.
  • passphrase_provider: Used to obtain the passphrase for key decryption.
  • message: The message bytes to be signed.
§Returns
  • Ok(Vec<u8>): The raw signature bytes.
  • Err(AgentError): If no key is found for the identity, or if signing fails.

Implementors§

Source§

impl<S: KeyStorage + Send + Sync + 'static> SecureSigner for StorageSigner<S>