pub struct PrivateKey { /* private fields */ }
Expand description
A type to represent the PrivateKey
that X25519 uses.
This type holds a scalar and is used internally as such. The scalar held is decoded (a.k.a “clamped”) as mandated in the RFC.
Errors:
An error will be returned if:
slice
is not 32 bytes.
Panics:
A panic will occur if:
- Failure to generate random bytes securely.
Security:
-
Avoid using
unprotected_as_bytes()
whenever possible, as it breaks all protections that the type implements. -
The trait
PartialEq<&'_ [u8]>
is implemented for this type so that users are not tempted to callunprotected_as_bytes
to compare this sensitive value to a byte slice. The trait is implemented in such a way that the comparison happens in constant time. Thus, users should preferSecretType == &[u8]
overSecretType.unprotected_as_bytes() == &[u8]
. Examples are shown below. The examples apply to any type that implementsPartialEq<&'_ [u8]>
.
use orion::hazardous::ecc::x25519::PrivateKey;
// Initialize a secret key with random bytes.
let secret_key = PrivateKey::generate();
// Secure, constant-time comparison with a byte slice
assert_ne!(secret_key, &[0; 32][..]);
// Secure, constant-time comparison with another SecretKey
assert_ne!(secret_key, PrivateKey::generate());
Implementations§
source§impl PrivateKey
impl PrivateKey
sourcepub fn from_slice(slice: &[u8]) -> Result<Self, UnknownCryptoError>
pub fn from_slice(slice: &[u8]) -> Result<Self, UnknownCryptoError>
Construct from a given byte slice.
sourcepub fn is_empty(&self) -> bool
pub fn is_empty(&self) -> bool
Return true
if this object does not hold any data, false
otherwise.
NOTE: This method should always return false
, since there shouldn’t be a way
to create an empty instance of this object.
sourcepub fn unprotected_as_bytes(&self) -> &[u8] ⓘ
pub fn unprotected_as_bytes(&self) -> &[u8] ⓘ
Return the object as byte slice. Warning: Should not be used unless strictly needed. This breaks protections that the type implements.
sourcepub fn generate() -> PrivateKey
pub fn generate() -> PrivateKey
Randomly generate using a CSPRNG. Not available in no_std
context.
Trait Implementations§
source§impl Debug for PrivateKey
impl Debug for PrivateKey
source§impl PartialEq<&[u8]> for PrivateKey
impl PartialEq<&[u8]> for PrivateKey
source§impl PartialEq<PrivateKey> for PrivateKey
impl PartialEq<PrivateKey> for PrivateKey
source§fn eq(&self, other: &PrivateKey) -> bool
fn eq(&self, other: &PrivateKey) -> bool
self
and other
values to be equal, and is used
by ==
.