Struct IDCard 

pub struct IDCard { /* private fields */ }

An IDCard allows entities to declare sub-keys with specific purposes.

IDCards provide a way to manage multiple keys for an entity, each with specific purposes (e.g., “sign”, “decrypt”). Keys can have expiration dates, and the IDCard can be signed to establish trust. IDCards also support metadata and group memberships.

Example

use rust_bottle::*;
use rand::rngs::OsRng;
use std::time::Duration;

let rng = &mut OsRng;
let primary_key = Ed25519Key::generate(rng);
let mut idcard = IDCard::new(&primary_key.public_key_bytes());

idcard.set_metadata("name", "Alice");
idcard.set_key_purposes(&primary_key.public_key_bytes(), &["sign", "decrypt"]);
idcard.set_key_duration(&primary_key.public_key_bytes(), Duration::from_secs(365 * 24 * 3600));

Implementations

impl IDCard

pub fn new(public_key: &[u8]) -> Self

Create a new IDCard for a public key.

The primary key is automatically added with default purposes “sign” and “decrypt” and no expiration.

Arguments

• public_key - The primary public key for this entity

Returns

A new IDCard instance with the primary key registered

Example

use rust_bottle::*;
use rand::rngs::OsRng;

let rng = &mut OsRng;
let key = Ed25519Key::generate(rng);
let idcard = IDCard::new(&key.public_key_bytes());

pub fn set_metadata(&mut self, key: &str, value: &str)

Set metadata key-value pair.

Metadata is application-specific data stored with the IDCard. It is not encrypted or signed, so it should not contain sensitive information.

Arguments

• key - Metadata key
• value - Metadata value

Example

use rust_bottle::*;
use rand::rngs::OsRng;

let rng = &mut OsRng;
let key = Ed25519Key::generate(rng);
let mut idcard = IDCard::new(&key.public_key_bytes());
idcard.set_metadata("name", "Alice");
idcard.set_metadata("email", "alice@example.com");

pub fn metadata(&self, key: &str) -> Option<&str>

Get metadata value by key.

Arguments

• key - Metadata key to look up

Returns

• Some(&str) if the key exists
• None if the key is not found

pub fn set_key_purposes(&mut self, public_key: &[u8], purposes: &[&str])

Set the purposes for a key in the IDCard.

Purposes define what operations a key is authorized for. Common purposes include “sign” and “decrypt”. If the key is not already in the IDCard, it will be added.

Arguments

• public_key - The public key to set purposes for
• purposes - Array of purpose strings (e.g., [“sign”, “decrypt”])

Example

use rust_bottle::*;
use rand::rngs::OsRng;

let rng = &mut OsRng;
let key = Ed25519Key::generate(rng);
let mut idcard = IDCard::new(&key.public_key_bytes());
idcard.set_key_purposes(&key.public_key_bytes(), &["sign"]);

pub fn set_key_duration(&mut self, public_key: &[u8], duration: Duration)

Set the expiration duration for a key.

This sets when the key will expire from now. If the key is not already in the IDCard, it will be added with no purposes.

Arguments

• public_key - The public key to set expiration for
• duration - Duration from now until expiration

Example

use rust_bottle::*;
use rand::rngs::OsRng;
use std::time::Duration;

let rng = &mut OsRng;
let key = Ed25519Key::generate(rng);
let mut idcard = IDCard::new(&key.public_key_bytes());
idcard.set_key_duration(&key.public_key_bytes(), Duration::from_secs(365 * 24 * 3600));

pub fn test_key_purpose(&self, public_key: &[u8], purpose: &str) -> Result<()>

Test if a key has a specific purpose and is not expired.

This method checks both that the key has the specified purpose and that it hasn’t expired (if it has an expiration date).

Arguments

• public_key - The public key to test
• purpose - The purpose to check for (e.g., “sign”)

Returns

• Ok(()) - Key has the purpose and is not expired
• Err(BottleError::KeyNotFound) - Key is not in the IDCard
• Err(BottleError::KeyUnfit) - Key doesn’t have the purpose or is expired

Example

use rust_bottle::*;
use rand::rngs::OsRng;

let rng = &mut OsRng;
let key = Ed25519Key::generate(rng);
let mut idcard = IDCard::new(&key.public_key_bytes());
idcard.set_key_purposes(&key.public_key_bytes(), &["sign"]);

assert!(idcard.test_key_purpose(&key.public_key_bytes(), "sign").is_ok());
assert!(idcard.test_key_purpose(&key.public_key_bytes(), "decrypt").is_err());

pub fn get_keys(&self, purpose: &str) -> Vec<Vec<u8>>

Get all key fingerprints that have a specific purpose and are not expired.

Arguments

• purpose - The purpose to filter by (e.g., “sign”)

Returns

A vector of key fingerprints (SHA-256 hashes) that have the specified purpose and are not expired

Example

use rust_bottle::*;
use rand::rngs::OsRng;

let rng = &mut OsRng;
let key1 = Ed25519Key::generate(rng);
let key2 = Ed25519Key::generate(rng);
let mut idcard = IDCard::new(&key1.public_key_bytes());

idcard.set_key_purposes(&key1.public_key_bytes(), &["sign"]);
idcard.set_key_purposes(&key2.public_key_bytes(), &["decrypt"]);

let sign_keys = idcard.get_keys("sign");
assert_eq!(sign_keys.len(), 1);

pub fn update_groups(&mut self, groups: Vec<Vec<u8>>)

Update the list of group memberships.

Groups are stored as serialized membership data. This replaces the entire list of groups.

Arguments

• groups - Vector of serialized membership data

pub fn sign<R: RngCore>( &mut self, rng: &mut R, signer: &dyn Sign, ) -> Result<Vec<u8>>

Sign the IDCard with a private key.

This creates a cryptographic signature of the IDCard (excluding the signature field itself) and stores it. The signed IDCard is then serialized and returned.

Arguments

• rng - A random number generator
• signer - A signer implementing the Sign trait

Returns

• Ok(Vec<u8>) - Serialized signed IDCard
• Err(BottleError::Serialization) - If serialization fails
• Err(BottleError::VerifyFailed) - If signing fails

Example

use rust_bottle::*;
use rand::rngs::OsRng;

let rng = &mut OsRng;
let key = Ed25519Key::generate(rng);
let mut idcard = IDCard::new(&key.public_key_bytes());

let signed_bytes = idcard.sign(rng, &key).unwrap();

pub fn to_bytes(&self) -> Result<Vec<u8>>

Serialize the IDCard to bytes using bincode.

Returns

• Ok(Vec<u8>) - Serialized IDCard bytes
• Err(BottleError::Serialization) - If serialization fails

Example

use rust_bottle::*;
use rand::rngs::OsRng;

let rng = &mut OsRng;
let key = Ed25519Key::generate(rng);
let idcard = IDCard::new(&key.public_key_bytes());

let bytes = idcard.to_bytes().unwrap();
let restored = IDCard::from_bytes(&bytes).unwrap();

pub fn from_bytes(data: &[u8]) -> Result<Self>

Deserialize an IDCard from bytes.

Arguments

• data - Serialized IDCard bytes (from to_bytes)

Returns

• Ok(IDCard) - Deserialized IDCard
• Err(BottleError::Deserialization) - If deserialization fails

Example

use rust_bottle::*;
use rand::rngs::OsRng;

let rng = &mut OsRng;
let key = Ed25519Key::generate(rng);
let idcard = IDCard::new(&key.public_key_bytes());

let bytes = idcard.to_bytes().unwrap();
let restored = IDCard::from_bytes(&bytes).unwrap();

pub fn unmarshal_binary(data: &[u8]) -> Result<Self>

Unmarshal from binary (alias for from_bytes).

This is provided for compatibility with gobottle’s API.

Arguments

• data - Serialized IDCard bytes

Returns

• Ok(IDCard) - Deserialized IDCard
• Err(BottleError::Deserialization) - If deserialization fails

Trait Implementations

impl Clone for IDCard

fn clone(&self) -> IDCard

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for IDCard

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for IDCard

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for IDCard

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.