Struct ockam_vault::Vault
source · [−]pub struct Vault { /* private fields */ }
Expand description
Vault implementation that stores secrets in memory and uses software crypto.
Examples
use ockam_vault::Vault;
use ockam_core::Result;
use ockam_core::vault::{SecretAttributes, SecretType, SecretPersistence, CURVE25519_SECRET_LENGTH, SecretVault, Signer, Verifier};
async fn example() -> Result<()> {
let mut vault = Vault::default();
let mut attributes = SecretAttributes::new(
SecretType::X25519,
SecretPersistence::Ephemeral,
CURVE25519_SECRET_LENGTH,
);
let secret = vault.secret_generate(attributes).await?;
let public = vault.secret_public_key_get(&secret).await?;
let data = "Very important stuff".as_bytes();
let signature = vault.sign(&secret, data).await?;
assert!(vault.verify(&signature, &public, data).await?);
Ok(())
}
Implementations
sourceimpl Vault
impl Vault
sourcepub fn check_secret(
&self,
secret: &[u8],
attributes: &SecretAttributes
) -> Result<()>
pub fn check_secret(
&self,
secret: &[u8],
attributes: &SecretAttributes
) -> Result<()>
Validate secret key.
Trait Implementations
sourceimpl AsymmetricVault for Vault
impl AsymmetricVault for Vault
sourcefn ec_diffie_hellman<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
context: &'life1 Secret,
peer_public_key: &'life2 PublicKey
) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
fn ec_diffie_hellman<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
context: &'life1 Secret,
peer_public_key: &'life2 PublicKey
) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
Compute Elliptic-Curve Diffie-Hellman using this secret key and the specified uncompressed public key. Read more
sourceimpl Hasher for Vault
impl Hasher for Vault
sourcefn hkdf_sha256<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
salt: &'life1 Secret,
info: &'life2 [u8],
ikm: Option<&'life3 Secret>,
output_attributes: Vec<SecretAttributes>
) -> Pin<Box<dyn Future<Output = Result<Vec<Secret>>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
fn hkdf_sha256<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
salt: &'life1 Secret,
info: &'life2 [u8],
ikm: Option<&'life3 Secret>,
output_attributes: Vec<SecretAttributes>
) -> Pin<Box<dyn Future<Output = Result<Vec<Secret>>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
Compute sha256. Salt and Ikm should be of Buffer type. Output secrets should be only of type Buffer or AES
sourceimpl KeyIdVault for Vault
impl KeyIdVault for Vault
sourcefn secret_by_key_id<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 str
) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn secret_by_key_id<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 str
) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Return the Secret
for a given key id.
sourcefn compute_key_id_for_public_key<'life0, 'life1, 'async_trait>(
&'life0 self,
public_key: &'life1 PublicKey
) -> Pin<Box<dyn Future<Output = Result<KeyId>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn compute_key_id_for_public_key<'life0, 'life1, 'async_trait>(
&'life0 self,
public_key: &'life1 PublicKey
) -> Pin<Box<dyn Future<Output = Result<KeyId>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Compute and return the KeyId
for a given public key.
sourceimpl SecretVault for Vault
impl SecretVault for Vault
sourcefn secret_generate<'life0, 'async_trait>(
&'life0 self,
attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>> where
'life0: 'async_trait,
Self: 'async_trait,
fn secret_generate<'life0, 'async_trait>(
&'life0 self,
attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>> where
'life0: 'async_trait,
Self: 'async_trait,
Generate fresh secret. Only Curve25519 and Buffer types are supported
sourcefn secret_public_key_get<'life0, 'life1, 'async_trait>(
&'life0 self,
context: &'life1 Secret
) -> Pin<Box<dyn Future<Output = Result<PublicKey>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn secret_public_key_get<'life0, 'life1, 'async_trait>(
&'life0 self,
context: &'life1 Secret
) -> Pin<Box<dyn Future<Output = Result<PublicKey>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Extract public key from secret. Only Curve25519 type is supported
sourcefn secret_destroy<'life0, 'async_trait>(
&'life0 self,
context: Secret
) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>> where
'life0: 'async_trait,
Self: 'async_trait,
fn secret_destroy<'life0, 'async_trait>(
&'life0 self,
context: Secret
) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>> where
'life0: 'async_trait,
Self: 'async_trait,
Remove secret from memory
sourcefn secret_import<'life0, 'life1, 'async_trait>(
&'life0 self,
secret: &'life1 [u8],
attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn secret_import<'life0, 'life1, 'async_trait>(
&'life0 self,
secret: &'life1 [u8],
attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Import a secret with the given attributes from binary form into the vault.
sourcefn secret_export<'life0, 'life1, 'async_trait>(
&'life0 self,
context: &'life1 Secret
) -> Pin<Box<dyn Future<Output = Result<SecretKey>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn secret_export<'life0, 'life1, 'async_trait>(
&'life0 self,
context: &'life1 Secret
) -> Pin<Box<dyn Future<Output = Result<SecretKey>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Export a secret key to the binary form represented as SecretKey
.
sourcefn secret_attributes_get<'life0, 'life1, 'async_trait>(
&'life0 self,
context: &'life1 Secret
) -> Pin<Box<dyn Future<Output = Result<SecretAttributes>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn secret_attributes_get<'life0, 'life1, 'async_trait>(
&'life0 self,
context: &'life1 Secret
) -> Pin<Box<dyn Future<Output = Result<SecretAttributes>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Return the attributes for a secret.
sourceimpl Signer for Vault
impl Signer for Vault
sourcefn sign<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
secret_key: &'life1 Secret,
data: &'life2 [u8]
) -> Pin<Box<dyn Future<Output = Result<Signature>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
fn sign<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
secret_key: &'life1 Secret,
data: &'life2 [u8]
) -> Pin<Box<dyn Future<Output = Result<Signature>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
Sign data with xeddsa algorithm. Only curve25519 is supported.
sourceimpl SymmetricVault for Vault
impl SymmetricVault for Vault
sourcefn aead_aes_gcm_encrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
context: &'life1 Secret,
plaintext: &'life2 [u8],
nonce: &'life3 [u8],
aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Buffer<u8>>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Self: 'async_trait,
fn aead_aes_gcm_encrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
context: &'life1 Secret,
plaintext: &'life2 [u8],
nonce: &'life3 [u8],
aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Buffer<u8>>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Self: 'async_trait,
Encrypt a payload using AES-GCM.
sourcefn aead_aes_gcm_decrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
context: &'life1 Secret,
cipher_text: &'life2 [u8],
nonce: &'life3 [u8],
aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Buffer<u8>>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Self: 'async_trait,
fn aead_aes_gcm_decrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
context: &'life1 Secret,
cipher_text: &'life2 [u8],
nonce: &'life3 [u8],
aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Buffer<u8>>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Self: 'async_trait,
Decrypt a payload using AES-GCM.
sourceimpl Verifier for Vault
impl Verifier for Vault
sourcefn verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
signature: &'life1 Signature,
public_key: &'life2 PublicKey,
data: &'life3 [u8]
) -> Pin<Box<dyn Future<Output = Result<bool>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
fn verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
signature: &'life1 Signature,
public_key: &'life2 PublicKey,
data: &'life3 [u8]
) -> Pin<Box<dyn Future<Output = Result<bool>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
Verify signature
Auto Trait Implementations
impl !RefUnwindSafe for Vault
impl Send for Vault
impl Sync for Vault
impl Unpin for Vault
impl !UnwindSafe for Vault
Blanket Implementations
sourceimpl<D> AsyncTryClone for D where
D: Clone + Sync,
impl<D> AsyncTryClone for D where
D: Clone + Sync,
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> Instrument for T
impl<T> Instrument for T
sourcefn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
sourcefn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcefn clone_into(&self, target: &mut T)
fn clone_into(&self, target: &mut T)
toowned_clone_into
)Uses borrowed data to replace owned data, usually by cloning. Read more
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
fn vzip(self) -> V
sourceimpl<T> WithSubscriber for T
impl<T> WithSubscriber for T
sourcefn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
sourcefn with_current_subscriber(self) -> WithDispatch<Self>
fn with_current_subscriber(self) -> WithDispatch<Self>
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more