Function hdk::capability::generate_cap_secret

pub fn generate_cap_secret() -> ExternResult<CapSecret>

Generate secrets for capability grants.

Wraps the random_bytes HDK function with appropriate parameters set. Generates 512 bits of cryptographic strength randomness to form the secret for a capability grant.

It is strongly recommended to always use this function for generating capability grant secrets. There is negligible benefit to decreasing or increasing the bits of entropy, or changing the algorithm. There may be security risks in shortening the secret or changing its generation logic.

Capability secrets must be unique within and across all chains. Using this function consistently guarantees uniqueness.

If an attacker can guess a secret to masquerade as another agent and execute CapAccess::Transferable code.

Re-using secrets is forbidden within and across all claims and grants.