pub struct SignerHandle<K: KeyScheme> { /* private fields */ }Expand description
The unlocked handle. Drop wipes the secret.
Cloning a SignerHandle clones the underlying zeroizing buffer — both
copies are independently wiped on drop. This is expensive for high-frequency
signing; prefer sharing an Arc<SignerHandle<K>> for that case.
Implementations§
Source§impl<K: KeyScheme> SignerHandle<K>
impl<K: KeyScheme> SignerHandle<K>
Sourcepub fn public_key(&self) -> &K::PublicKey
pub fn public_key(&self) -> &K::PublicKey
Borrow the derived public key. Cheap (precomputed at unlock time).
Sourcepub fn try_sign(&self, msg: &[u8]) -> Result<K::Signature>
pub fn try_sign(&self, msg: &[u8]) -> Result<K::Signature>
Attempt to sign, surfacing any scheme-level errors instead of panicking.
Sourcepub fn expose_secret(&self) -> &[u8] ⓘ
pub fn expose_secret(&self) -> &[u8] ⓘ
Borrow the raw secret bytes.
§⚠️ Danger
Prefer sign whenever possible. This method exists for
a narrow class of consumers — hierarchical-deterministic (HD) wallets
and key-derivation libraries — that need the raw seed bytes to
derive child keys (e.g.
chia_bls::DerivableKey::derive_unhardened).
These callers cannot use sign because they need the
SecretKey itself, not a signature.
The returned slice is borrowed from the handle’s internal
Zeroizing<Vec<u8>>, so it wipes automatically when the handle
drops. Callers must not copy the bytes into a non-zeroizing
buffer without re-wrapping them — doing so would leave the secret
on the heap past the end of its intended lifetime.
Typical usage:
let signer = get_signer();
let master_sk = chia_bls::SecretKey::from_seed(signer.expose_secret());
// `master_sk` is now the chia-bls master key; HD-derive as needed.If you catch yourself writing signer.expose_secret().to_vec() or
let copy = signer.expose_secret().to_owned();, stop and consider
whether you really need to own the bytes — and if so, wrap the copy
in Zeroizing::<Vec<u8>>::from(...).