Struct EphemeralKeypair 

pub struct EphemeralKeypair { /* private fields */ }

An ephemeral X25519 keypair for a single Pair Verify exchange.

“Ephemeral” here means per session: a new keypair is generated with EphemeralKeypair::generate for each Pair Verify run and discarded once the session keys are derived. EphemeralKeypair::from_secret reconstructs a keypair from a fixed scalar for deterministic tests and trace replay.

The underlying secret is held as a StaticSecret (which zeroizes on drop) rather than exposed as raw bytes; only the public key and the computed shared secret leave this type.

Implementations

impl EphemeralKeypair

pub fn generate() -> Self

Generate a fresh random ephemeral keypair using the operating system CSPRNG.

This is the constructor production code uses; every Pair Verify session gets its own keypair.

pub fn from_secret(scalar: [u8; 32]) -> Self

Reconstruct a keypair from a fixed 32-byte secret scalar.

The scalar is clamped internally by X25519, so any 32-byte value is accepted and the resulting public key matches the X25519 definition. This is the deterministic path used to replay captured traces and to assert the RFC 7748 known-answer vector; production code calls EphemeralKeypair::generate instead.

pub fn public(&self) -> [u8; 32]

This keypair’s X25519 public key — the 32 bytes sent on the wire.

pub fn diffie_hellman(&self, peer_public: &[u8; 32]) -> [u8; 32]

Compute the X25519 shared secret against the peer’s 32-byte public key.

Both sides of a Pair Verify exchange derive the same value: DH(self_secret, peer_public) == DH(peer_secret, self_public).