Struct ockam_vault::Vault

source · []
pub struct Vault { /* private fields */ }
Expand description

Vault implementation that stores secrets in memory and uses software crypto.

Examples

use ockam_vault::Vault;
use ockam_core::Result;
use ockam_core::vault::{SecretAttributes, SecretType, SecretPersistence, CURVE25519_SECRET_LENGTH, SecretVault, Signer, Verifier};

async fn example() -> Result<()> {
    let mut vault = Vault::default();

    let mut attributes = SecretAttributes::new(
        SecretType::X25519,
        SecretPersistence::Ephemeral,
        CURVE25519_SECRET_LENGTH,
    );

    let secret = vault.secret_generate(attributes).await?;
    let public = vault.secret_public_key_get(&secret).await?;

    let data = "Very important stuff".as_bytes();

    let signature = vault.sign(&secret, data).await?;
    assert!(vault.verify(&signature, &public, data).await?);

    Ok(())
}

Implementations

Validate secret key.

Create a new SoftwareVault

Serialize a vault to bytes which may later be restored using SoftwareVault::deserialize.

Load a vault from the serialized format produced by SoftwareVault::serialize.

Same as Vault::new()

Trait Implementations

Compute Elliptic-Curve Diffie-Hellman using this secret key and the specified uncompressed public key. Read more

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Returns the “default value” for a type. Read more

Compute sha256. Salt and Ikm should be of Buffer type. Output secrets should be only of type Buffer or AES

Compute the SHA-256 digest given input data.

Return the Secret for a given key id.

Compute and return the KeyId for a given public key.

Generate fresh secret. Only Curve25519 and Buffer types are supported

Extract public key from secret. Only Curve25519 type is supported

Remove secret from memory

Import a secret with the given attributes from binary form into the vault.

Export a secret key to the binary form represented as SecretKey.

Return the attributes for a secret.

Sign data with xeddsa algorithm. Only curve25519 is supported.

Encrypt a payload using AES-GCM.

Decrypt a payload using AES-GCM.

Verify signature

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Try cloning a object and return an Err in case of failure.

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Should always be Self

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

🔬 This is a nightly-only experimental API. (toowned_clone_into)

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more