Struct KeyPair 

pub struct KeyPair {
    pub public: PublicKey,
    pub secret: SecretSeed,
}

Ed25519 keypair: seed plus the deterministically-derived public key.

Fields

public: PublicKey

secret: SecretSeed

Implementations

impl KeyPair

pub fn generate() -> Result<Self, MkitError>

Generate a fresh keypair using the system CSPRNG (getrandom).

Zeroization

The local seed lives inside a Zeroizing wrapper that scrubs the buffer at end of scope, so the only remaining copy is the one inside the returned KeyPair (zeroized on drop via SecretSeed’s ZeroizeOnDrop).

pub fn from_seed(seed: [u8; 32]) -> Self

Reconstruct a keypair deterministically from a 32-byte seed. Pure function: same seed always yields the same public key.

This is a self-scrubbing convenience constructor: it zeroes the seed argument it owns before returning (see the body), so the moved-in buffer never lingers. It is kept as a public, ergonomic entry point for callers that already hold a bare [u8; 32] (e.g. test vectors, golden fixtures, and downstream / WASM consumers that decode a seed from their own format).

Zeroization

The contract this constructor guarantees: the [u8; 32] passed by value into this function is scrubbed before return. What it CANNOT do is reach back and scrub a Copy the caller left on their own stack — [u8; 32]: Copy, so the argument is a moved copy of whatever the caller held. Callers that keep sensitive seed material on their own frame MUST therefore either:

• Prefer KeyPair::from_seed_zeroizing, which takes a Zeroizing-wrapped reference and never creates a Copy on the caller’s frame (this is what ALL internal mkit signing-path code uses — generate, load_key, the attest signer factory, and the WASM bindings), or
• Wrap their seed in Zeroizing themselves, or
• seed.zeroize() the buffer after this call returns.

KeyPair::generate and load_key already use the Zeroizing path internally; no production call site passes a bare [u8; 32] here. The contract above is pinned by the from_seed_scrubs_owned_param and from_seed_zeroizing_matches_from_seed regression tests.

pub fn from_seed_zeroizing(seed: &Zeroizing<[u8; 32]>) -> Self

Reconstruct a keypair from a Zeroizing-wrapped 32-byte seed without forcing the caller to keep a Copy of the raw bytes on their own stack. This is the preferred constructor for signing-path code that loads keys from disk (see load_key) or generates them on the fly (see KeyPair::generate).

Zeroization

Borrowing the seed means this function never creates a fresh [u8; 32] Copy on the caller’s frame. The only memory copy is the one owned by the returned KeyPair::secret field, which zeroes on drop.

pub fn sign(&self, domain: &[u8], signing_bytes: &[u8]) -> Signature

Sign signing_bytes under the given domain. The actual Ed25519 input is BLAKE3(len_le16(domain) || domain || signing_bytes) — see SPEC §2.2.

Trait Implementations

impl Debug for KeyPair

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Eq for KeyPair

impl PartialEq for KeyPair

fn eq(&self, other: &KeyPair) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl StructuralPartialEq for KeyPair