Struct RootSeed 

pub struct RootSeed(/* private fields */);

The user’s 32-byte root seed, from which all keys and credentials are derived (user keypair, node keypair, TLS certificates, etc.).

Implementations

impl RootSeed

pub const LENGTH: usize = 32

pub fn new(bytes: Secret<[u8; 32]>) -> Self

pub fn from_rng<R: Crng>(rng: &mut R) -> Self

pub fn to_mnemonic(&self) -> Mnemonic

Creates a bip39::Mnemonic from this RootSeed. Use bip39::Mnemonic’s Display / FromStr impls to convert from / to user-facing strings.

pub fn derive_bip39_seed(&self) -> Secret<[u8; 64]>

Derives the BIP39-compatible 64-byte seed from this RootSeed.

This uses the standard BIP39 derivation: PBKDF2(password=mnemonic, salt="mnemonic", 2048 rounds, HMAC-SHA512)

The resulting seed is compatible with standard wallets when used to derive a BIP32 master xpriv.

New Lexe wallets created > node-v0.9.1 use this to derive their on-chain wallet BIP32 master xprivs.

Old Lexe on-chain wallets use the Self::derive_legacy_master_xprv instead.

pub fn derive_to_slice(&self, label: &[&[u8]], out: &mut [u8])

Derive a new child secret with label into a prepared buffer out.

pub fn derive(&self, label: &[&[u8]]) -> Secret<[u8; 32]>

Derive a new child secret with label to a hash-output-sized buffer.

pub fn derive_vec(&self, label: &[&[u8]], out_len: usize) -> SecretVec<u8>

Convenience method to derive a new child secret with label into a Vec<u8> of size out_len.

pub fn derive_ephemeral_issuing_ca_key_pair(&self) -> KeyPair

Derive the keypair for the “ephemeral issuing” CA that endorses client and server certs under the “shared seed” mTLS construction.

pub fn derive_revocable_issuing_ca_key_pair(&self) -> KeyPair

Derive the keypair for the “revocable issuing” CA that endorses client and server certs under the “shared seed” mTLS construction.

pub fn derive_user_key_pair(&self) -> KeyPair

Derive the user key pair, which is the key behind the UserPk. This key pair is also used to sign up and authenticate as the user against the lexe backend.

pub fn derive_user_pk(&self) -> UserPk

Convenience function to derive the UserPk.

pub fn derive_bip32_master_xprv(&self, network: Network) -> Xpriv

Derive the BIP32 master xpriv using the BIP39-compatible derived 64-byte seed.

This is used for new Lexe on-chain wallets created > node-v0.9.1. Wallets created before then use the Self::derive_legacy_master_xprv.

This produces keys compatible with standard wallets that follow the BIP39 spec.

pub fn derive_legacy_master_xprv(&self, network: Network) -> Xpriv

Derive the “legacy” BIP32 master xpriv by feeding the 32-byte RootSeed directly into BIP32’s HMAC-SHA512.

This is used for LDK seed derivation (via Self::derive_ldk_seed) and for existing on-chain wallets created before BIP39 compatibility.

It’s called “legacy” because standard BIP39 wallets derive the master xpriv from a 64-byte seed (produced by PBKDF2), not the original 32-byte entropy. This makes Lexe’s old on-chain addresses incompatible with external wallets. New on-chain wallets use the BIP39-compatible derivation instead.

pub fn derive_ldk_seed(&self) -> Secret<[u8; 32]>

Derives the root seed used in LDK. The KeysManager is initialized using this seed, and secp256k1 keys are derived from this seed.

pub fn derive_node_key_pair(&self) -> Keypair

Derive the Lightning node key pair without needing to derive all the other auxiliary node secrets used in the KeysManager.

pub fn derive_node_pk(&self) -> NodePk

Convenience function to derive the Lightning node pubkey.

pub fn derive_vfs_master_key(&self) -> AesMasterKey

pub fn password_encrypt( &self, rng: &mut impl Crng, password: &str, ) -> Result<Vec<u8>>

Attempts to encrypt this root seed under the given password.

The password must have at least MIN_PASSWORD_LENGTH characters and must not have any more than MAX_PASSWORD_LENGTH characters.

Returns a Vec<u8> which can be persisted and later decrypted using only the given password.

pub fn password_decrypt(password: &str, combined: Vec<u8>) -> Result<Self>

Attempts to construct a RootSeed given a decryption password and the Vec<u8> returned from a previous call to password_encrypt.

Trait Implementations

impl Debug for RootSeed

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for RootSeed

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>

where D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl ExposeSecret<[u8; 32]> for RootSeed

fn expose_secret(&self) -> &[u8; 32]

Expose secret: this is the only method providing access to a secret.

impl FromStr for RootSeed

type Err = DecodeError

The associated error which can be returned from parsing.

fn from_str(hex: &str) -> Result<Self, Self::Err>

Parses a string s to return a value of this type.

impl Serialize for RootSeed

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>

where S: Serializer,

Serialize this value into the given Serde serializer.

impl TryFrom<&[u8]> for RootSeed

type Error = Error

The type returned in the event of a conversion error.

fn try_from(bytes: &[u8]) -> Result<Self, Self::Error>

Performs the conversion.

impl TryFrom<Mnemonic> for RootSeed

type Error = Error

The type returned in the event of a conversion error.

fn try_from(mnemonic: Mnemonic) -> Result<Self, Self::Error>

Performs the conversion.