Struct SecurityKeyHandle 

pub struct SecurityKeyHandle { /* private fields */ }

A hardware security key credential backed by the Windows Hello platform authenticator (TPM + biometric/PIN). Obtain via [create_security_key()].

Implementations

impl SecurityKeyHandle

pub fn is_available(&self) -> bool

Whether the platform authenticator is reachable (fast, no prompt).

pub fn generate( &self, label: &str, comment: Option<&str>, ) -> Result<SecurityKeyInfo>

Generate a new TPM-backed credential. Fires a Hello gesture on the Windows desktop.

The derived RP ID and credential ID are stored in the key metadata directory alongside a fingerprint and public key.

pub fn sign(&self, label: &str, data: &[u8]) -> Result<SecurityKeySignature>

Sign data with the named credential. Fires a Hello gesture.

Returns the full FIDO2 assertion output needed to build an sk-ecdsa-sha2-nistp256@openssh.com signature blob.

pub fn list_credentials(&self) -> Result<Vec<SecurityKeyInfo>>

List all SK credentials in this app’s key directory.

pub fn get_credential(&self, label: &str) -> Result<SecurityKeyInfo>

Get metadata for a specific SK credential.

pub fn credential_exists(&self, label: &str) -> Result<bool>

Check whether an SK credential with this label exists.

pub fn delete_credential(&self, label: &str) -> Result<()>

Delete the SK credential and its metadata. Best-effort removal of the platform credential (ignored if already deleted from Windows passkeys).

pub fn backend_kind(&self) -> Option<BackendKind>

Which hardware security backend backs this handle.

Returns None when the platform authenticator is not available on this platform (macOS, unsupported Linux without a WSL bridge). A None result indicates that generate and sign will always return Error::NotAvailable.

Trait Implementations

impl Debug for SecurityKeyHandle

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.