DeviceIdentity

hive_btle::security

Struct DeviceIdentity 

Source 
pub struct DeviceIdentity { /* private fields */ }
Expand description

A device’s cryptographic identity

Contains an Ed25519 signing key and derives a unique NodeId from it. The private key should be stored securely (platform secure enclave if available).

Implementations§

Source§

impl DeviceIdentity

Source

pub fn generate() -> Self

Generate a new random device identity

Uses the platform’s cryptographically secure random number generator.

Source

pub fn from_private_key(private_key: &[u8; 32]) -> Result<Self, IdentityError>

Create identity from existing private key bytes

§Arguments
  • private_key - 32-byte Ed25519 private key
§Returns
  • Ok(DeviceIdentity) - If key is valid
  • Err(IdentityError) - If key format is invalid
Source

pub fn private_key_bytes(&self) -> [u8; 32]

Get the private key bytes for secure storage

Security: This exposes the private key. Only use for persisting to secure storage (keychain, secure enclave, encrypted NVS).

Source

pub fn public_key(&self) -> [u8; 32]

Get the public key bytes

This can be shared freely to allow others to verify signatures.

Source

pub fn verifying_key(&self) -> VerifyingKey

Get the verifying key for signature verification

Source

pub fn node_id(&self) -> NodeId

Derive the NodeId from the public key

The NodeId is the first 4 bytes of the BLAKE3 hash of the public key, interpreted as a little-endian u32. This provides:

  • Deterministic derivation (same key = same node_id)
  • Collision resistance (BLAKE3 is cryptographically secure)
  • Compact representation (4 bytes vs 32 bytes)
Source

pub fn sign(&self, message: &[u8]) -> [u8; 64]

Sign a message

§Arguments
  • message - Arbitrary bytes to sign
§Returns

64-byte Ed25519 signature

Source

pub fn verify(&self, message: &[u8], signature: &[u8; 64]) -> bool

Verify a signature made by this identity

§Arguments
  • message - Original message that was signed
  • signature - 64-byte signature to verify
§Returns

true if signature is valid, false otherwise

Source

pub fn create_attestation(&self, timestamp_ms: u64) -> IdentityAttestation

Create an identity attestation

An attestation proves that the holder of this identity controls the claimed node_id at a specific point in time.

Trait Implementations§

Source§

impl Clone for DeviceIdentity

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for DeviceIdentity

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.