pub struct TypedSignerKey { /* private fields */ }Expand description
Parsed signing key with curve carried explicitly — the authoritative owner of a private-key + curve pair across sign / verify / PKCS8 export / CESR encoding flows.
TypedSignerKey replaces every (SecureSeed, CurveType) pair, every
[u8; 32] seed passed alongside an implicit “assume Ed25519”, and every
replaces the historic (SecureSeed, CurveType) pair pattern throughout the workspace.
Constructed from PKCS8 DER bytes via TypedSignerKey::from_pkcs8, which
delegates to parse_key_material for curve detection.
Args on construction:
bytes: PKCS8 DER (Ed25519 v1/v2 or P-256).
Usage:
let s = TypedSignerKey::from_pkcs8(&pkcs8)?;
let sig = s.sign(b"payload bytes")?;
let cesr = s.cesr_encoded_pubkey(); // "D..." for Ed25519, "1AAJ..." for P-256 (transferable verkey)
let pkcs8 = s.to_pkcs8()?; // curve-aware encode (replaces build_ed25519_pkcs8_v2)Implementations§
Source§impl TypedSignerKey
impl TypedSignerKey
Sourcepub fn from_pkcs8(bytes: &[u8]) -> Result<Self, CryptoError>
pub fn from_pkcs8(bytes: &[u8]) -> Result<Self, CryptoError>
Parse a PKCS8 DER blob into a curve-tagged signer.
Sourcepub fn from_parts(
seed: TypedSeed,
public_key: Vec<u8>,
) -> Result<Self, CryptoError>
pub fn from_parts( seed: TypedSeed, public_key: Vec<u8>, ) -> Result<Self, CryptoError>
Construct directly from a typed seed and its derived public key.
Caller must ensure the public key matches the seed’s curve; if the
lengths disagree with the curve, returns InvalidPrivateKey.
Sourcepub fn from_seed(seed: TypedSeed) -> Result<Self, CryptoError>
pub fn from_seed(seed: TypedSeed) -> Result<Self, CryptoError>
Derive from a typed seed by recomputing the public key.
Sourcepub fn cesr_encoded_pubkey(&self) -> String
pub fn cesr_encoded_pubkey(&self) -> String
CESR-encoded public key string.
Uses the spec-correct derivation codes:
D+ base64url(32 bytes) for Ed25519 (transferable verkey)1AAJ+ base64url(33 bytes compressed SEC1) for P-256 (transferable verkey)
Per the CESR master code table, 1AAJ (ECDSA_256r1) is the
transferable secp256r1 verkey code — the P-256 analogue of Ed25519 D.
(1AAI / ECDSA_256r1N is the non-transferable variant.) Auths
identities rotate, so signers emit the transferable code.
Sourcepub fn cesr_encoded(&self) -> String
pub fn cesr_encoded(&self) -> String
Legacy alias; callers should prefer [cesr_encoded_pubkey].
Sourcepub fn to_pkcs8(&self) -> Result<Pkcs8Der, CryptoError>
pub fn to_pkcs8(&self) -> Result<Pkcs8Der, CryptoError>
Curve-aware PKCS8 DER encode — replaces build_ed25519_pkcs8_v2 and
encode_seed_as_pkcs8. Dispatches on the seed’s curve so a P-256 seed
never silently wraps as an Ed25519 PKCS8 blob (hazard S3/S4).
Sourcepub fn sign(&self, message: &[u8]) -> Result<Vec<u8>, CryptoError>
pub fn sign(&self, message: &[u8]) -> Result<Vec<u8>, CryptoError>
Sign bytes using the signer’s curve.
Sourcepub fn public_key(&self) -> &[u8] ⓘ
pub fn public_key(&self) -> &[u8] ⓘ
Returns the public key bytes (32 for Ed25519, 33 for P-256 compressed).