Skip to main content

DeviceKeypair

peat_mesh::security::keypair

Struct DeviceKeypair

pub struct DeviceKeypair { /* private fields */ }

Expand description

Ed25519 keypair for device identity and authentication.

The keypair consists of:

A 32-byte secret (signing) key
A 32-byte public (verifying) key

The DeviceId is derived from the public key.

§Example

use peat_mesh::security::DeviceKeypair;

// Generate a new keypair
let keypair = DeviceKeypair::generate();

// Get the device ID
let device_id = keypair.device_id();

// Sign a message
let message = b"hello world";
let signature = keypair.sign(message);

// Verify the signature
assert!(keypair.verify(message, &signature).is_ok());

Implementations§

impl DeviceKeypair

pub fn generate() -> Self

Generate a new random keypair.

pub fn from_signing_key(signing_key: SigningKey) -> Self

Create from an existing signing key.

pub fn from_seed(seed: &[u8], context: &str) -> Result<Self, SecurityError>

Create a deterministic keypair from a seed and context string.

Uses HKDF-SHA256 to derive 32 bytes from seed (IKM) with context as the info parameter. Same seed + context always produces the same keypair; different context → different key.

Useful for Kubernetes deployments where pods derive stable identities from a shared secret + pod-specific context.

pub fn from_secret_bytes(bytes: &[u8]) -> Result<Self, SecurityError>

Create from raw secret key bytes (32 bytes).

pub fn load_from_file(path: &Path) -> Result<Self, SecurityError>

Load keypair from a file (raw 32-byte secret key).

pub fn save_to_file(&self, path: &Path) -> Result<(), SecurityError>

Save keypair to a file (raw 32-byte secret key).

§Security Note

In MVP, this saves the key unencrypted. Production deployments should use encrypted key storage (Phase 2).

pub fn device_id(&self) -> DeviceId

Get the device ID derived from this keypair’s public key.

pub fn verifying_key(&self) -> VerifyingKey

Get the public (verifying) key.

pub fn public_key_bytes(&self) -> [u8; 32]

Get the public key as bytes.

pub fn secret_key_bytes(&self) -> [u8; 32]

Get the secret key bytes (32 bytes).

§Security Warning

This exposes the private key material. Only use for:

Secure storage/persistence
Cross-crate interop (e.g., converting to peat_btle::DeviceIdentity)

pub fn sign(&self, message: &[u8]) -> Signature

Sign a message with the secret key.

pub fn verify( &self, message: &[u8], signature: &Signature, ) -> Result<(), SecurityError>

Verify a signature against this keypair’s public key.

pub fn verify_with_key( public_key: &VerifyingKey, message: &[u8], signature: &Signature, ) -> Result<(), SecurityError>

Verify a signature against a specific public key.

pub fn signature_from_bytes(bytes: &[u8]) -> Result<Signature, SecurityError>

Parse a signature from bytes.

pub fn verifying_key_from_bytes( bytes: &[u8], ) -> Result<VerifyingKey, SecurityError>

Parse a verifying key from bytes.

Trait Implementations§

impl Clone for DeviceKeypair

fn clone(&self) -> DeviceKeypair

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for DeviceKeypair

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

impl Freeze for DeviceKeypair

impl RefUnwindSafe for DeviceKeypair

impl Send for DeviceKeypair

impl Sync for DeviceKeypair

impl Unpin for DeviceKeypair

impl UnsafeUnpin for DeviceKeypair

impl UnwindSafe for DeviceKeypair

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more