Struct InMemoryAttestor 

pub struct InMemoryAttestor { /* private fields */ }

In-memory Ed25519 attestor. Used in tests, fixtures, and the bootstrap path before the OS keychain is wired up.

Not suitable for production: the signing key is held in plain process memory. Production paths use one of the OS-keychain backends scaffolded below.

Implementations

impl InMemoryAttestor

pub fn from_signing_key( signing_key: SigningKey, key_id: impl Into<String>, ) -> Self

Wrap a pre-existing signing key with an explicit key_id.

pub fn from_seed(seed: &[u8; 32]) -> Self

Build from a 32-byte secret seed. Useful for fixtures and tests where the keypair must be reproducible. key_id is derived as the lowercase hex of the public key (32 bytes → 64 hex chars).

Trait Implementations

impl Attestor for InMemoryAttestor

fn sign(&self, signing_input: &[u8]) -> Signature

Sign the canonical signing input bytes.

fn key_id(&self) -> &str

Stable fingerprint of the public verifying key. Embedded into every attestation preimage and matched on verify (see VerifyError::KeyIdMismatch).

fn verifying_key(&self) -> VerifyingKey

The verifying key for this attestor — exposed so test harnesses and cortex audit verify can reconstruct the public side without going through OS-specific lookup. OS-keychain backends MUST publish the public key alongside the private key (see ADR 0010 §3).

impl Debug for InMemoryAttestor

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl IdentityRotation for InMemoryAttestor

fn sign_rotation( &self, new_pubkey: &VerifyingKey, signed_at: DateTime<Utc>, ) -> RotationEnvelope

where Self: Sized,

Sign a rotation envelope (old → new) using the old key material. See sign_rotation for the free-function form.