Struct KeyDerivedDecoy 

pub struct KeyDerivedDecoy;

Decoy strategy that produces bytes via BLAKE3’s extendable-output (XOF) mode, seeded by the key and a fresh CSPRNG nonce.

Threat profile. A middle ground between RandomDecoy and SelfReferenceDecoy:

• The output passes general statistical tests like a CSPRNG would, so simple entropy/chi-squared distinguishers cannot tell decoy bytes from RandomDecoy output.
• Because the seed includes the key, downstream cryptographic analysis that looks for “uniform-random vs. structured” patterns sees the same thing it sees for the real key (which is itself a hashed/derived blob in most modern protocols).
• Less aggressive than SelfReferenceDecoy for keys with very non-uniform byte distributions (e.g. DER-encoded RSA keys), but strictly stronger than RandomDecoy.

Use KeyDerivedDecoy when you want CSPRNG-like output but seeded by the real key so the resulting profile correlates with it.

Examples

use key_vault::decoy::{DecoyStrategy, KeyDerivedDecoy};
use key_vault::RawKey;

let key = RawKey::new(b"the key".to_vec());
let decoy = KeyDerivedDecoy.generate(&key, 32).unwrap();
assert_eq!(decoy.len(), 32);

Trait Implementations

impl Clone for KeyDerivedDecoy

fn clone(&self) -> KeyDerivedDecoy

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for KeyDerivedDecoy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl DecoyStrategy for KeyDerivedDecoy

fn generate(&self, key: &RawKey, output_len: usize) -> Result<Vec<u8>>

Generate output_len bytes of decoy material derived (or not) from key.

fn describe(&self) -> Cow<'_, str>

Short identifier for audit and error attribution.

impl Default for KeyDerivedDecoy

fn default() -> KeyDerivedDecoy

Returns the “default value” for a type.

impl Copy for KeyDerivedDecoy