pub struct Keystore<K: KeyScheme> { /* private fields */ }Expand description
A typed, encrypted keystore.
Holds metadata — the on-disk header — but never the plaintext secret until
unlock is called. unlock returns a
SignerHandle<K> that owns a zeroizing copy of the secret.
§Type parameter
K is the key scheme (see crate::scheme): typically BlsSigning
for validator keys, L1WalletBls for Chia L1 wallet keys.
Implementations§
Source§impl<K: KeyScheme> Keystore<K>
impl<K: KeyScheme> Keystore<K>
Sourcepub fn create(
backend: Arc<dyn KeychainBackend>,
path: BackendKey,
password: Password,
plaintext: Option<Zeroizing<Vec<u8>>>,
kdf_params: KdfParams,
) -> Result<Self>
pub fn create( backend: Arc<dyn KeychainBackend>, path: BackendKey, password: Password, plaintext: Option<Zeroizing<Vec<u8>>>, kdf_params: KdfParams, ) -> Result<Self>
Create a new keystore on backend at path.
- If
plaintextisSome, those bytes are used as the secret (length must equalK::SECRET_LEN). Callers who already hold a seed (e.g., from a BIP-39 mnemonic) pass it here. - If
plaintextisNone, a fresh secret is generated viaK::generatewith an OS-seeded RNG.
Fails with KeystoreError::AlreadyExists if a blob already exists at
path — this refuses to silently overwrite an existing key.
Sourcepub fn create_with_rng<R: RngCore + CryptoRng>(
backend: Arc<dyn KeychainBackend>,
path: BackendKey,
password: Password,
plaintext: Option<Zeroizing<Vec<u8>>>,
kdf_params: KdfParams,
rng: &mut R,
) -> Result<Self>
pub fn create_with_rng<R: RngCore + CryptoRng>( backend: Arc<dyn KeychainBackend>, path: BackendKey, password: Password, plaintext: Option<Zeroizing<Vec<u8>>>, kdf_params: KdfParams, rng: &mut R, ) -> Result<Self>
Like create but uses a caller-supplied RNG. Primarily
for deterministic test fixtures; do not use a predictable RNG for
production keys.
Sourcepub fn load(backend: Arc<dyn KeychainBackend>, path: BackendKey) -> Result<Self>
pub fn load(backend: Arc<dyn KeychainBackend>, path: BackendKey) -> Result<Self>
Load an existing keystore. Does NOT decrypt — reads and validates the
header, verifies CRC32, and returns a handle that unlock can use.
Sourcepub fn header(&self) -> KeystoreHeader
pub fn header(&self) -> KeystoreHeader
Header metadata (magic, scheme id, KDF params, etc).
Sourcepub fn path(&self) -> &BackendKey
pub fn path(&self) -> &BackendKey
Backend key this keystore was loaded from.
Sourcepub fn cached_public_key(&self) -> Option<K::PublicKey>
pub fn cached_public_key(&self) -> Option<K::PublicKey>
If the keystore has been unlocked in this process, returns the cached
public key. Otherwise None.
Sourcepub fn unlock(&self, password: Password) -> Result<SignerHandle<K>>
pub fn unlock(&self, password: Password) -> Result<SignerHandle<K>>
Decrypt with password and return a SignerHandle holding the
zeroizing secret + derived public key.
§Errors
KeystoreError::DecryptFailedfor a wrong password or a tampered file.KeystoreError::CrcMismatch/KeystoreError::Truncatedfor a corrupt file.KeystoreError::InvalidPlaintextif the decrypted secret has the wrong length.
Sourcepub fn change_password(&mut self, old: Password, new: Password) -> Result<()>
pub fn change_password(&mut self, old: Password, new: Password) -> Result<()>
Re-encrypt the secret under a new password. The secret itself does not change; only the encryption key derived from the password. A fresh salt + nonce are generated so the output ciphertext differs even with the same password.
Sourcepub fn change_password_with_rng<R: RngCore + CryptoRng>(
&mut self,
old: Password,
new: Password,
rng: &mut R,
) -> Result<()>
pub fn change_password_with_rng<R: RngCore + CryptoRng>( &mut self, old: Password, new: Password, rng: &mut R, ) -> Result<()>
Like change_password but uses a caller-supplied RNG.
Sourcepub fn rotate_kdf(
&mut self,
password: Password,
new_params: KdfParams,
) -> Result<()>
pub fn rotate_kdf( &mut self, password: Password, new_params: KdfParams, ) -> Result<()>
Rotate the KDF parameters (e.g., bump to KdfParams::STRONG). Uses the
same password throughout; the on-disk file is re-encrypted under a new
salt + nonce.
Sourcepub fn rotate_kdf_with_rng<R: RngCore + CryptoRng>(
&mut self,
password: Password,
new_params: KdfParams,
rng: &mut R,
) -> Result<()>
pub fn rotate_kdf_with_rng<R: RngCore + CryptoRng>( &mut self, password: Password, new_params: KdfParams, rng: &mut R, ) -> Result<()>
Like rotate_kdf but uses a caller-supplied RNG.