Skip to main content

NodeKeyManager

runar_keys::node

Struct NodeKeyManager 

Source 
pub struct NodeKeyManager { /* private fields */ }
Expand description

Node Key Manager for certificate requests and management

Implementations§

Source§

impl NodeKeyManager

Source

pub fn new(logger: Arc<Logger>) -> Result<Self>

Create a new Node Key Manager with fresh keys

Source

pub fn get_node_public_key(&self) -> Vec<u8>

Get the node public key (node ID) - keys are always available

Source

pub fn get_node_id(&self) -> String

Get the node ID (compact Base58 encoding of public key)

Source

pub fn get_storage_key(&self) -> &[u8]

Get the node storage key for local encryption

Source

pub fn ensure_symmetric_key(&mut self, key_name: &str) -> Result<Vec<u8>>

Ensure a symmetric key exists with the given name, creating it if it doesn’t exist

Source

pub fn encrypt_local_data(&self, data: &[u8]) -> Result<Vec<u8>>

Encrypt local data using the node storage key

Source

pub fn decrypt_local_data(&self, encrypted_data: &[u8]) -> Result<Vec<u8>>

Decrypt local data using the node storage key

Source

pub fn decrypt_envelope_data( &self, envelope_data: &EnvelopeEncryptedData, ) -> Result<Vec<u8>>

Decrypt envelope-encrypted data using network key

Source

pub fn create_envelope_for_network( &self, data: &[u8], network_id: Option<&str>, ) -> Result<EnvelopeEncryptedData>

Create an envelope-encrypted data structure for sharing

Source

pub fn generate_csr(&mut self) -> Result<SetupToken>

Generate a certificate signing request (CSR) for this node

Source

pub fn dns_safe_node_id(&self, node_id: &str) -> String

Convert a compact ID to a DNS-safe format by replacing invalid characters

Source

pub fn get_node_key_pair(&self) -> &EcdsaKeyPair

Get the node key pair for certificate creation

Source

pub fn install_certificate( &mut self, cert_message: NodeCertificateMessage, ) -> Result<()>

Install certificate received from mobile CA

Source

pub fn get_quic_certificate_config(&self) -> Result<QuicCertificateConfig>

Get QUIC-compatible certificate configuration

Source

pub fn validate_peer_certificate( &self, peer_cert: &X509Certificate, ) -> Result<()>

Validate peer certificate during QUIC handshake

Source

pub fn install_network_key( &mut self, network_key_message: NetworkKeyMessage, ) -> Result<()>

Install network key from mobile with ECIES decryption

Source

pub fn get_network_agreement(&self, network_id: &str) -> Result<&P256SecretKey>

Get network agreement key for decryption

Source

pub fn get_network_public_key(&self, network_id: &str) -> Result<Vec<u8>>

Source

pub fn encrypt_for_network( &self, data: &[u8], network_id: &str, ) -> Result<EnvelopeEncryptedData>

Encrypt data for network transmission

Source

pub fn decrypt_network_data( &self, envelope_data: &EnvelopeEncryptedData, ) -> Result<Vec<u8>>

Decrypt network data

Source

pub fn get_certificate_status(&self) -> CertificateStatus

Check certificate status with proper cryptographic validation

Source

pub fn get_certificate_info(&self) -> Option<NodeCertificateInfo>

Get certificate information

Source

pub fn get_statistics(&self) -> NodeKeyManagerStatistics

Get statistics about the node key manager

Source

pub fn sign_data(&self, data: &[u8]) -> Result<Vec<u8>>

Sign data with the node’s private key

Source

pub fn verify_peer_signature( &self, data: &[u8], signature: &[u8], peer_cert: &X509Certificate, ) -> Result<()>

Verify signature from another node

Source

pub fn encrypt_message_for_mobile( &self, message: &[u8], mobile_public_key: &[u8], ) -> Result<Vec<u8>>

Encrypt a message for the mobile user using their public key (ECIES)

Source

pub fn decrypt_message_from_mobile( &self, encrypted_message: &[u8], ) -> Result<Vec<u8>>

Decrypt a message from the mobile user using the node’s private key (ECIES)

Source

pub fn create_envelope_key(&self) -> Result<Vec<u8>>

Create an envelope key for per-object encryption Envelope keys are ephemeral - generated fresh for each object

Source

pub fn encrypt_with_envelope( &self, data: &[u8], network_id: Option<&String>, profile_public_keys: Vec<Vec<u8>>, ) -> Result<EnvelopeEncryptedData>

Create an envelope‐encrypted payload. For the node side we only support network recipients – any supplied profile_ids will be ignored. This signature exists solely to allow generic code (e.g. serializer key-store adapter) to call the same method on both key manager types without cfg branching.

Source

pub fn encrypt_for_public_key( &self, data: &[u8], public_key: &[u8], ) -> Result<EnvelopeEncryptedData>

Envelope-encrypt for a recipient network public key.

Source

pub fn has_public_key(&self, public_key: &[u8]) -> bool

Check if the manager holds the private key for the given network public key.

Source

pub fn install_profile_public_key(&mut self, public_key: Vec<u8>)

Install a user profile public key so the node can encrypt data for that profile

Source§

impl NodeKeyManager

Source

pub fn export_state(&self) -> NodeKeyManagerState

Export state for persistence

Source

pub fn from_state( state: NodeKeyManagerState, logger: Arc<Logger>, ) -> Result<Self>

Import state from persistence

Trait Implementations§

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V