Struct HexString 

pub struct HexString(/* private fields */);

Validated, lowercase hex string wrapper for secret data.

This struct ensures the contained string is valid hex (even length, valid chars). Provides methods for decoding back to bytes.

The string is normalized to lowercase during validation.

Examples

let valid = HexString::new("deadbeef".to_string()).unwrap();
assert_eq!(valid.expose_secret(), "deadbeef");
let bytes = valid.decode_into_bytes(); // Vec<u8> of [0xde, 0xad, 0xbe, 0xef]

Implementations

impl HexString

pub fn new(s: String) -> Result<Self, &'static str>

Create a new HexString from a String, validating it in-place.

The input String is consumed.

Security Note

Invalid inputs are only securely zeroized if the zeroize feature is enabled. Without zeroize, rejected bytes may remain in memory until the String is dropped normally. Enable the zeroize feature for secure wiping of invalid inputs.

Validation rules:

• Even length
• Only ASCII hex digits (0-9, a-f, A-F)
• Uppercase letters are normalized to lowercase

Zero extra allocations are performed – everything happens on the original buffer.

Errors

Returns Err("invalid hex string") if validation fails.

Example

use secure_gate::{encoding::hex::HexString, ExposeSecret};
let valid = HexString::new("deadbeef".to_string()).unwrap();
assert_eq!(valid.expose_secret(), "deadbeef");

pub fn byte_len(&self) -> usize

Number of bytes the decoded hex string represents.

pub fn decode_to_bytes(&self) -> Vec<u8>

decode_to_bytes: borrowing, allocates fresh ` from decoded bytes

pub fn decode_into_bytes(self) -> Vec<u8>

decode_into_bytes: consuming, decodes then zeroizes the wrapper immediately

Trait Implementations

impl Debug for HexString

Debug implementation (always redacted).

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl ExposeSecret for HexString

Available on crate feature encoding-hex only.

Implementation for HexString - read-only access.

Encoding wrappers only provide read-only access to prevent invalidation of validation invariants. The Inner type is str since encoded strings are always valid UTF-8.

type Inner = str

The inner secret type being exposed.

fn expose_secret(&self) -> &str

Expose the secret for read-only access.

fn len(&self) -> usize

Returns the length of the secret.

fn is_empty(&self) -> bool

Returns true if the secret is empty.

impl PartialEq for HexString

Available on crate feature ct-eq only.

Constant-time equality for hex strings — prevents timing attacks when ct-eq feature is enabled.

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for HexString

Equality implementation for hex strings.