Struct IdentityKeys 

pub struct IdentityKeys { /* private fields */ }

The runtime-free half of a huddle identity: the Ed25519 signing key, its derived 24-char fingerprint, and (on demand) the ML-KEM-768 keypair derived from the same seed.

huddle-core::identity::Identity wraps this and adds the libp2p PeerId/Keypair (which need the libp2p dependency), delegating every pure method here via Deref — so id.fingerprint(), id.sign(..), id.seed() etc. resolve to these implementations and existing call sites are unchanged.

Implementations

impl IdentityKeys

pub fn generate() -> Result<Self>

pub fn from_secret_bytes(bytes: [u8; 32]) -> Result<Self>

pub fn fingerprint(&self) -> &str

pub fn secret_bytes(&self) -> [u8; 32]

pub fn public_bytes(&self) -> [u8; 32]

pub fn sign(&self, msg: &[u8]) -> [u8; 64]

Ed25519-sign msg with our identity key. Used by protocol envelopes (SignedRoomMessage) and signed invites so receivers can prove the sender’s identity at the application layer.

pub fn pq_keypair(&self) -> PqKeypair

huddle 1.3: this identity’s ML-KEM-768 keypair, deterministically derived from the Ed25519 secret seed (see crate::crypto::pqc). Computed on demand — there is no extra key material on disk; the 32-byte Ed25519 seed is the sole root secret, so every pre-1.3 identity gains a post-quantum keypair for free with no migration.

pub fn mlkem_public_bytes(&self) -> [u8; 1184]

huddle 1.3: our serialized ML-KEM-768 encapsulation (public) key, published to peers in the signed MemberAnnounce on Direct rooms. Stable across restarts.

pub fn mldsa_public_bytes(&self) -> [u8; 1952]

huddle 2.0.6 (WS2-a): our serialized ML-DSA-65 verifying (public) key, published in signed announces so peers can pin it for hybrid post-quantum authentication. Deterministically derived from the Ed25519 seed (see crate::crypto::mldsa); stable across restarts, no storage.

pub fn mldsa_sign(&self, msg: &[u8]) -> [u8; 3309]

huddle 2.0.6 (WS2-a): ML-DSA-65-sign msg with our identity’s deterministically-derived post-quantum authentication key. Used for the composite signature on identity/authority envelopes.

pub fn seed(&self) -> Zeroizing<[u8; 32]>

huddle 2.0: export this identity’s 32-byte Ed25519 seed — the sole root secret from which the PeerId, the ML-KEM-768 keypair, and every DM key deterministically derive. Returned in a Zeroizing wrapper so the copy is scrubbed when the caller drops it. Rendered as a 24-word BIP39 phrase by crate::crypto::mnemonic::seed_to_phrase for backup / recovery; treat it as the crown jewel.

pub fn from_seed(seed: Zeroizing<[u8; 32]>) -> Result<Self>

huddle 2.0: rebuild from a 32-byte Ed25519 seed recovered from a BIP39 phrase (crate::crypto::mnemonic::phrase_to_seed). The seed is the only input, so the restored keys are byte-for-byte the original.