Struct ockam_vault::Vault
source · pub struct Vault { /* private fields */ }
Expand description
Vault implementation that stores secrets in memory and uses software crypto.
Examples
use ockam_vault::Vault;
use ockam_core::Result;
use ockam_core::vault::{SecretAttributes, SecretType, SecretPersistence, CURVE25519_SECRET_LENGTH_U32, SecretVault, Signer, Verifier};
async fn example() -> Result<()> {
let mut vault = Vault::default();
let mut attributes = SecretAttributes::new(
SecretType::X25519,
SecretPersistence::Ephemeral,
CURVE25519_SECRET_LENGTH_U32,
);
let secret = vault.secret_generate(attributes).await?;
let public = vault.secret_public_key_get(&secret).await?;
let data = "Very important stuff".as_bytes();
let signature = vault.sign(&secret, data).await?;
assert!(vault.verify(&signature, &public, data).await?);
Ok(())
}
Implementations§
source§impl Vault
impl Vault
sourcepub fn check_secret(
&self,
secret: &[u8],
attributes: &SecretAttributes
) -> Result<()>
pub fn check_secret(
&self,
secret: &[u8],
attributes: &SecretAttributes
) -> Result<()>
Validate secret key.
Trait Implementations§
source§impl AsymmetricVault for Vault
impl AsymmetricVault for Vault
source§fn ec_diffie_hellman<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
secret: &'life1 KeyId,
peer_public_key: &'life2 PublicKey
) -> Pin<Box<dyn Future<Output = Result<KeyId>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn ec_diffie_hellman<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
secret: &'life1 KeyId,
peer_public_key: &'life2 PublicKey
) -> Pin<Box<dyn Future<Output = Result<KeyId>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Compute Elliptic-Curve Diffie-Hellman using this secret key
and the specified uncompressed public key.
source§fn compute_key_id_for_public_key<'life0, 'life1, 'async_trait>(
&'life0 self,
public_key: &'life1 PublicKey
) -> Pin<Box<dyn Future<Output = Result<KeyId>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn compute_key_id_for_public_key<'life0, 'life1, 'async_trait>(
&'life0 self,
public_key: &'life1 PublicKey
) -> Pin<Box<dyn Future<Output = Result<KeyId>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Compute and return the
KeyId
for a given public key.source§impl Hasher for Vault
impl Hasher for Vault
source§fn hkdf_sha256<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
salt: &'life1 KeyId,
info: &'life2 [u8],
ikm: Option<&'life3 KeyId>,
output_attributes: Vec<SecretAttributes>
) -> Pin<Box<dyn Future<Output = Result<Vec<KeyId>>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
fn hkdf_sha256<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
salt: &'life1 KeyId,
info: &'life2 [u8],
ikm: Option<&'life3 KeyId>,
output_attributes: Vec<SecretAttributes>
) -> Pin<Box<dyn Future<Output = Result<Vec<KeyId>>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Compute sha256. Salt and Ikm should be of Buffer type. Output secrets should be only of type Buffer or AES
source§impl SecretVault for Vault
impl SecretVault for Vault
source§fn secret_generate<'life0, 'async_trait>(
&'life0 self,
attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<KeyId>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn secret_generate<'life0, 'async_trait>(
&'life0 self,
attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<KeyId>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
Generate fresh secret. Only Curve25519 and Buffer types are supported
source§fn secret_public_key_get<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 KeyId
) -> Pin<Box<dyn Future<Output = Result<PublicKey>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn secret_public_key_get<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 KeyId
) -> Pin<Box<dyn Future<Output = Result<PublicKey>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Extract public key from secret. Only Curve25519 type is supported
source§fn secret_destroy<'life0, 'async_trait>(
&'life0 self,
key_id: KeyId
) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn secret_destroy<'life0, 'async_trait>(
&'life0 self,
key_id: KeyId
) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
Remove secret from memory
source§fn secret_import<'life0, 'async_trait>(
&'life0 self,
secret: Secret,
attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<KeyId>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn secret_import<'life0, 'async_trait>(
&'life0 self,
secret: Secret,
attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<KeyId>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
Import a secret with the given attributes from binary form into the vault.
source§fn secret_export<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 KeyId
) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn secret_export<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 KeyId
) -> Pin<Box<dyn Future<Output = Result<Secret>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Export a secret key to the binary form represented as [
SecretKey
].source§fn secret_attributes_get<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 KeyId
) -> Pin<Box<dyn Future<Output = Result<SecretAttributes>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn secret_attributes_get<'life0, 'life1, 'async_trait>(
&'life0 self,
key_id: &'life1 KeyId
) -> Pin<Box<dyn Future<Output = Result<SecretAttributes>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Return the attributes for a secret.
source§impl SymmetricVault for Vault
impl SymmetricVault for Vault
source§fn aead_aes_gcm_encrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
key_id: &'life1 KeyId,
plaintext: &'life2 [u8],
nonce: &'life3 [u8],
aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Buffer<u8>>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
fn aead_aes_gcm_encrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
key_id: &'life1 KeyId,
plaintext: &'life2 [u8],
nonce: &'life3 [u8],
aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Buffer<u8>>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Encrypt a payload using AES-GCM.
source§fn aead_aes_gcm_decrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
key_id: &'life1 KeyId,
cipher_text: &'life2 [u8],
nonce: &'life3 [u8],
aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Buffer<u8>>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
fn aead_aes_gcm_decrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
key_id: &'life1 KeyId,
cipher_text: &'life2 [u8],
nonce: &'life3 [u8],
aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Buffer<u8>>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Decrypt a payload using AES-GCM.
source§impl Verifier for Vault
impl Verifier for Vault
source§fn verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
signature: &'life1 Signature,
public_key: &'life2 PublicKey,
data: &'life3 [u8]
) -> Pin<Box<dyn Future<Output = Result<bool>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
fn verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
signature: &'life1 Signature,
public_key: &'life2 PublicKey,
data: &'life3 [u8]
) -> Pin<Box<dyn Future<Output = Result<bool>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Verify signature