Skip to main content

MultiKeyDecryptor

Struct MultiKeyDecryptor 

Source
pub struct MultiKeyDecryptor { /* private fields */ }
Expand description

An AeadDecryptor that holds multiple keys and applies CipherMatch / KeyMatchStrength selection semantics.

This is the cipher analogue of MultiKeyVerifier.

§Key selection

cipher_match follows KeyMatchStrength priority:

  • A ByKeyId match (algorithm + kid) is definitive.
  • A single ByAlgorithm match is used directly.

decrypt uses the optional CipherMatch to select the correct key when available. When no CipherMatch is provided, keys are tried in order.

Unlike MultiKeyVerifier, which fails closed on ambiguity, trying every candidate is safe here: an AEAD tag self-authenticates, so a wrong key fails decryption rather than risking wrong-key acceptance. Try-all is standard practice for rotated symmetric keys (e.g. cookie-key rotation).

§Errors

When no candidate matches the criteria, decryption fails with DecryptError::NoMatchingKey without attempting decryption — this is what lets RetryingDecryptor trigger a key refresh. When candidates were attempted and all failed, the last real failure is returned (non-retryable preferred over retryable), matching the verifier’s dispatch discipline.

Implementations§

Source§

impl MultiKeyDecryptor

Source

pub fn new(decryptors: Vec<Arc<dyn AeadDecryptor>>) -> Self

Creates a new MultiKeyDecryptor from the given decryptors.

Trait Implementations§

Source§

impl AeadDecryptor for MultiKeyDecryptor

Source§

fn cipher_match(&self, m: &CipherMatch<'_>) -> Option<KeyMatchStrength>

Returns how well this decryptor matches the given selection criteria. Read more
Source§

fn decrypt<'a>( &'a self, cipher_match: Option<&'a CipherMatch<'a>>, nonce: &'a [u8], ciphertext: &'a [u8], tag: &'a [u8], aad: &'a [u8], ) -> MaybeSendBoxFuture<'a, Result<Vec<u8>, DecryptError>>

Asynchronously decrypts the given ciphertext with the provided nonce, tag, and associated data. Read more
Source§

fn try_refresh(&self) -> MaybeSendBoxFuture<'_, bool>

Requests a best-effort refresh of the decryptor’s key material — the cipher analogue of JwsVerifier::try_refresh. Read more
Source§

impl Debug for MultiKeyDecryptor

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> MaybeSend for T
where T: Send,

Source§

impl<T> MaybeSendSync for T
where T: Send + Sync,

Source§

impl<T> MaybeSync for T
where T: Sync,

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.