pub struct DevicePublicKey { /* private fields */ }Expand description
A device public key carrying its curve type explicitly.
Curve is stored alongside the raw key bytes so dispatch never relies on key length — adding a new curve that shares a byte length (e.g. secp256k1, also 33 bytes compressed) won’t break existing match arms.
Accepted byte lengths per curve:
- Ed25519: 32
- P-256: 33 (compressed SEC1) or 65 (uncompressed SEC1)
Implementations§
Source§impl DevicePublicKey
impl DevicePublicKey
Sourcepub fn try_new(curve: CurveType, bytes: &[u8]) -> Result<Self, InvalidKeyError>
pub fn try_new(curve: CurveType, bytes: &[u8]) -> Result<Self, InvalidKeyError>
Create from a curve type and raw bytes, validating length per curve.
Args:
curve: Which elliptic curve this key belongs to.bytes: Raw public key bytes.
Usage:
let pk = DevicePublicKey::try_new(CurveType::Ed25519, &key_bytes)?;Sourcepub fn p256(bytes: &[u8]) -> Result<Self, InvalidKeyError>
pub fn p256(bytes: &[u8]) -> Result<Self, InvalidKeyError>
Create a P-256 device key from raw SEC1 bytes (33 compressed or 65 uncompressed).
Returns Err if bytes is not 33 or 65 bytes.
Sourcepub async fn verify(
&self,
message: &[u8],
signature: &[u8],
provider: &dyn CryptoProvider,
) -> Result<(), SignatureVerifyError>
pub async fn verify( &self, message: &[u8], signature: &[u8], provider: &dyn CryptoProvider, ) -> Result<(), SignatureVerifyError>
Verify a signature against this key, dispatching on curve.
This is the single canonical verify method — every caller that holds
a DevicePublicKey should call this rather than branching on curve
themselves. Adding a new curve means updating this one impl; the
compiler then flags every call site still assuming only Ed25519.
Args:
message: Payload bytes that were signed.signature: Raw signature bytes (64 for Ed25519 / P-256).provider: Pluggable crypto provider (RingCryptoProvidernative,WebCryptoProviderwasm) — used for Ed25519. P-256 routes throughRingCryptoProvider::p256_verifyon native.
Usage:
issuer_pk.verify(&payload, &signature, provider).await?;Trait Implementations§
Source§impl Clone for DevicePublicKey
impl Clone for DevicePublicKey
Source§fn clone(&self) -> DevicePublicKey
fn clone(&self) -> DevicePublicKey
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for DevicePublicKey
impl Debug for DevicePublicKey
Source§impl Default for DevicePublicKey
impl Default for DevicePublicKey
Source§impl<'de> Deserialize<'de> for DevicePublicKey
impl<'de> Deserialize<'de> for DevicePublicKey
Source§fn deserialize<D: Deserializer<'de>>(d: D) -> Result<Self, D::Error>
fn deserialize<D: Deserializer<'de>>(d: D) -> Result<Self, D::Error>
Source§impl Display for DevicePublicKey
impl Display for DevicePublicKey
impl Eq for DevicePublicKey
Source§impl From<Ed25519PublicKey> for DevicePublicKey
impl From<Ed25519PublicKey> for DevicePublicKey
Source§fn from(pk: Ed25519PublicKey) -> Self
fn from(pk: Ed25519PublicKey) -> Self
Source§impl Hash for DevicePublicKey
impl Hash for DevicePublicKey
Source§impl PartialEq for DevicePublicKey
impl PartialEq for DevicePublicKey
Auto Trait Implementations§
impl Freeze for DevicePublicKey
impl RefUnwindSafe for DevicePublicKey
impl Send for DevicePublicKey
impl Sync for DevicePublicKey
impl Unpin for DevicePublicKey
impl UnsafeUnpin for DevicePublicKey
impl UnwindSafe for DevicePublicKey
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> DeserializeOwned for Twhere
T: for<'de> Deserialize<'de>,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.