Skip to main content

KeyProvider

codlet_core::hashing

Trait KeyProvider 

Source 
pub trait KeyProvider {
    // Required methods
    fn active_hmac_key(&self) -> Result<HmacKeyRef<'_>, KeyError>;
    fn hmac_key_by_version(
        &self,
        version: &KeyVersion,
    ) -> Result<HmacKeyRef<'_>, KeyError>;
    fn all_hmac_keys(&self) -> Result<Vec<HmacKeyRef<'_>>, KeyError>;
}
Expand description

Supplies HMAC key material. Synchronous, so key lookup does not couple to a web/runtime async model (RFC-004 §3.3). No fallback key exists: missing material is an error (INV-2, SR-29).

Required Methods§

Source

fn active_hmac_key(&self) -> Result<HmacKeyRef<'_>, KeyError>

The active key used for new derivations.

§Errors

KeyError::MissingActiveKey if none is configured.

Source

fn hmac_key_by_version( &self, version: &KeyVersion, ) -> Result<HmacKeyRef<'_>, KeyError>

A specific historical key, for validating records written under an older version during rotation.

§Errors

KeyError::MissingKeyVersion if that version is unknown. Callers must fail closed for that candidate rather than falling back.

Source

fn all_hmac_keys(&self) -> Result<Vec<HmacKeyRef<'_>>, KeyError>

All held keys (active first, then previous) for generating verification candidates during validation (RFC-A).

The returned vec always contains at least the active key.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§