Skip to main content

SignerHandle

hardware_enclave::signing

Struct SignerHandle

pub struct SignerHandle { /* private fields */ }

Expand description

Handle to a signing backend. Obtained from create_signer().

Multi-key: each method takes a label parameter. The factory initializes the backend and ensures the default_key_label exists.

Implementations§

impl SignerHandle

pub fn generate_key(&self, label: &str, policy: AccessPolicy) -> Result<Vec<u8>>

Generate a new P-256 signing key. Returns uncompressed SEC1 public key.

§Errors

Error::DuplicateLabel if a key with this label already exists.
Error::InvalidLabel if the label is empty, too long, or contains illegal characters.
Error::PolicyNotSupported if the backend cannot enforce the requested AccessPolicy.
Error::RequiresSigning if policy requires a code-signed binary.
Error::KeyOperation for underlying hardware or I/O failures.

pub fn public_key(&self, label: &str) -> Result<Vec<u8>>

Return the uncompressed SEC1 public key for an existing key.

pub fn sign(&self, label: &str, data: &[u8]) -> Result<Vec<u8>>

Sign data (SHA-256 applied internally). Returns a DER-encoded ECDSA P-256 signature.

§Errors

Error::KeyNotFound if no key with this label exists.
Error::AuthDenied if the keychain ACL denies access to the wrapping key.
Error::AuthRequired if the device is locked or the GUI session is absent.
Error::UserCancelled if the user dismissed a biometric prompt.
Error::SignFailed for underlying hardware or crypto failures.

pub fn sign_with_presence( &self, label: &str, data: &[u8], opts: &PresenceOptions, ) -> Result<Vec<u8>>

Sign data with an optional user-presence prompt.

PresenceMode::Strict on a platform where presence_available() is false returns Error::PresenceNotAvailable.
PresenceMode::Cached or PresenceMode::None always falls through to a plain sign on non-macOS platforms (no error).

§Errors

Error::PresenceNotAvailable if opts.mode is Strict and the platform has no user-presence support.
Error::KeyNotFound if no key with this label exists.
Error::AuthDenied if the keychain ACL denies access to the wrapping key.
Error::AuthRequired if the device is locked or the GUI session is absent.
Error::UserCancelled if the user dismissed a biometric prompt.
Error::SignFailed for underlying hardware or crypto failures.

pub fn presence_available(&self) -> bool

True when the current platform supports presence prompting.

pub fn list_keys(&self) -> Result<Vec<KeyInfo>>

List all signing keys in this app’s key store.

pub fn delete_key(&self, label: &str) -> Result<()>

Permanently delete a signing key and its metadata.

pub fn key_exists(&self, label: &str) -> Result<bool>

Return true if a key with this label exists.

pub fn rename_key(&self, old_label: &str, new_label: &str) -> Result<()>

Atomically rename a signing key.

pub fn evict_presence_cache(&self, label: &str)

Evict the cached wrapping-key / LAContext for label, forcing the next sign to re-authenticate. Has no effect on platforms without presence caching.

pub fn backend_kind(&self) -> BackendKind

Which hardware security backend backs this handle.

Trait Implementations§

impl Debug for SignerHandle

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

impl Freeze for SignerHandle

impl RefUnwindSafe for SignerHandle

impl Send for SignerHandle

impl Sync for SignerHandle

impl Unpin for SignerHandle

impl UnsafeUnpin for SignerHandle

impl UnwindSafe for SignerHandle

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more