pub struct Identity { /* private fields */ }Expand description
Cryptographic identity based on Ed25519
Each node in the network has a unique identity represented by a key pair. The public key is the node’s identity, the private key never leaves this module.
§Security
- Private keys are automatically zeroized on drop
- Uses OS-level CSPRNG for key generation
- Blake3 hashing for fast public key comparisons
§Example
use core_identity::Identity;
let mut rng = rand::thread_rng();
let identity = Identity::generate(&mut rng)?;
let public_key = identity.verifying_key();
let public_key_hash = identity.public_key_hash();
assert_eq!(public_key_hash.len(), 32);Implementations§
Source§impl Identity
impl Identity
Sourcepub fn generate<R>(csprng: &mut R) -> Result<Self>
pub fn generate<R>(csprng: &mut R) -> Result<Self>
Generates a new identity using a provided CSPRNG.
§Example
use core_identity::Identity;
let mut rng = rand::thread_rng();
let identity = Identity::generate(&mut rng).expect("Failed to generate identity");
assert_eq!(identity.public_key_hash().len(), 32);§Errors
This function is infallible in practice, but returns Result
for consistency with the API.
Sourcepub fn from_seed(seed: &[u8; 32]) -> Result<Self>
pub fn from_seed(seed: &[u8; 32]) -> Result<Self>
Creates an identity from a 32-byte seed
Useful for testing or deriving identities deterministically
§Example
use core_identity::Identity;
let seed = [42u8; 32];
let identity1 = Identity::from_seed(&seed).unwrap();
let identity2 = Identity::from_seed(&seed).unwrap();
// Same seed produces same identity
assert_eq!(
identity1.verifying_key().as_bytes(),
identity2.verifying_key().as_bytes()
);Sourcepub fn from_bytes(bytes: &[u8; 32]) -> Result<Self>
pub fn from_bytes(bytes: &[u8; 32]) -> Result<Self>
Sourcepub fn verifying_key(&self) -> VerifyingKey
pub fn verifying_key(&self) -> VerifyingKey
Returns the public key
This is the identity shared with other nodes
§Example
use core_identity::Identity;
let mut rng = rand::thread_rng();
let identity = Identity::generate(&mut rng)?;
let public_key = identity.verifying_key();
// Public key is 32 bytes
assert_eq!(public_key.as_bytes().len(), 32);Sourcepub fn public_key_hash(&self) -> [u8; 32]
pub fn public_key_hash(&self) -> [u8; 32]
Returns the hash of the public key
Uses the configured hash provider (default: Blake3) for efficient lookups.
Sourcepub fn sign(&self, message: &[u8]) -> Signature
pub fn sign(&self, message: &[u8]) -> Signature
Signs a message with the private key
§Arguments
message- The bytes to sign
§Returns
A signature that can be verified with the public key
§Example
use core_identity::{Identity, verify_signature};
let mut rng = rand::thread_rng();
let identity = Identity::generate(&mut rng)?;
let message = b"Important message";
let signature = identity.sign(message);
verify_signature(&identity.verifying_key(), message, &signature)?;Sourcepub fn signing_key_bytes(&self) -> Secret<Vec<u8>>
pub fn signing_key_bytes(&self) -> Secret<Vec<u8>>
Returns the signing key bytes for serialization
§Security
This method returns a Secret<Vec<u8>> that prevents accidental exposure:
- Cannot be printed with Debug/Display
- Will not appear in logs automatically
- Requires explicit
.expose_secret()to access
Should only be used for:
- Secure serialization (encrypted keystore)
- Conversion to libp2p keypair
- Low-level cryptographic operations
WARNING: Use .expose_secret() only when absolutely necessary.
The exposed bytes should be:
- Encrypted immediately if stored
- Zeroized after use
- Never logged or transmitted unencrypted
§Example
use core_identity::Identity;
use secrecy::ExposeSecret;
let mut rng = rand::thread_rng();
let identity = Identity::generate(&mut rng)?;
// Get the secret bytes
let secret_bytes = identity.signing_key_bytes();
// Only expose when needed for cryptographic operations
let raw_bytes = secret_bytes.expose_secret();
// Use raw_bytes for signing, serialization, etc.