Struct fog_crypto::lock::LockKey

source ·

pub struct LockKey { /* private fields */ }

Expand description

A key that allows decrypting data meant for a particular LockId.

This acts as a wrapper for a specific cryptographic private decryption key,

Example


// Make a new temporary key
let key = LockKey::new();
let id = key.id().clone();
println!("LockId(Base58): {}", key.id());

// ...
// Wait for encrypted data to show up
// ...

// Decrypt Some received data
let lockbox = DataLockboxRef::from_bytes(received.as_ref())?;
let data = key.decrypt_data(&lockbox)?;

Implementations§

source §

impl LockKey

source

pub fn from_interface(interface: Arc<dyn LockInterface>) -> Self

Create a new LockKey to hold a LockInterface implementation. Can be used by implementors of a vault when making new LockKey instances.

source

pub fn new() -> LockKey

Generate a temporary LockKey that exists only in program memory.

source

pub fn with_rng<R>(csprng: &mut R) -> LockKeywhere R: CryptoRng + RngCore,

Generate a temporary LockKey that exists only in program memory, using the provided cryptographic RNG.

source

pub fn with_rng_and_version<R>( csprng: &mut R, version: u8 ) -> Result<LockKey, CryptoError>where R: CryptoRng + RngCore,

Generate a temporary LockKey that exists only in program memory. Uses the specified version instead of the default, and fails if the version is unsupported.

source

pub fn version(&self) -> u8

Version of Diffie-Hellman key exchange algorithm used by this key.

source

pub fn id(&self) -> &LockId

The public identifier for this key.

source

pub fn decrypt_lock_key( &self, lockbox: &LockLockboxRef ) -> Result<LockKey, CryptoError>

Attempt to decrypt a LockLockboxRef with this key. On success, the returned LockKey is temporary and not associated with any Vault.

source

pub fn decrypt_identity_key( &self, lockbox: &IdentityLockboxRef ) -> Result<IdentityKey, CryptoError>

Attempt to decrypt a IdentityLockboxRef with this key. On success, the returned IdentityKey is temporary and not associated with any Vault.

source

pub fn decrypt_stream_key( &self, lockbox: &StreamLockboxRef ) -> Result<StreamKey, CryptoError>

Attempt to decrypt a StreamLockboxRef with this key. On success, the returned StreamKey is temporary and not associated with any Vault.

source

pub fn decrypt_data( &self, lockbox: &DataLockboxRef ) -> Result<Vec<u8>, CryptoError>

Attempt to decrypt a DataLockboxRef with this key.

source

pub fn export_for_lock(&self, lock: &LockId) -> Option<LockLockbox>

Export the signing key in a LockLockbox, with receive_lock as the recipient. If the key cannot be exported, this should return None.

source

pub fn export_for_lock_with_rng<R: CryptoRng + RngCore>( &self, csprng: &mut R, lock: &LockId ) -> Option<LockLockbox>

Export the signing key in an LockLockbox, with receive_lock as the recipient. If the key cannot be exported, this should return None.

source

pub fn export_for_stream(&self, stream: &StreamKey) -> Option<LockLockbox>

Export the private key in a LockLockbox, with receive_stream as the recipient. If the key cannot be exported, this should return None. Additionally, if the underlying implementation does not allow moving the raw key into memory (i.e. it cannot call StreamInterface::encrypt or lock_id_encrypt) then None can also be returned.

source

pub fn export_for_stream_with_rng<R: CryptoRng + RngCore>( &self, csprng: &mut R, stream: &StreamKey ) -> Option<LockLockbox>

Export the private key in a LockLockbox, with receive_stream as the recipient. If the key cannot be exported, this should return None. Additionally, if the underlying implementation does not allow moving the raw key into memory (i.e. it cannot call StreamInterface::encrypt or lock_id_encrypt) then None can also be returned.