Module bech32 

Bech32 encoding trait.

Import path: use secure_gate::ToBech32;

This trait provides secure, explicit encoding of byte data to Bech32 strings (BIP-173 checksum) with a specified Human-Readable Part (HRP). Designed for intentional export (addresses, QR codes, audited logs).

Requires the encoding-bech32 feature.

Security Notes

• Full secret exposure: The resulting string contains the entire secret. Always treat output as sensitive.
• Zeroizing variants: Prefer try_to_bech32_zeroizing, which returns [EncodedSecret] (wrapping Zeroizing<String> with redacted Debug) when the encoded form remains sensitive.
• Audit visibility: Direct wrapper calls (key.try_to_bech32(...)) do not appear in grep expose_secret / grep with_secret audit sweeps. For audit-first teams or multi-step operations, prefer with_secret(|b| b.try_to_bech32(...)) — the borrow checker enforces the reference cannot escape the closure.
• HRP: pass the intended human-readable part to try_to_bech32; test empty and invalid HRP inputs in security-critical code.
• Extended limit: Uses Bech32Large (8191 Fe32 values, ~5 KB (5,115 bytes maximum payload)) instead of the 90-character standard limit — suitable for large secrets such as age-style encryption recipients, ciphertexts, and arbitrary binary payloads. For Bitcoin address formats, use ToBech32m (BIP-350).
• Treat all input as untrusted: validate data upstream before wrapping.

Example

use secure_gate::{Fixed, ToBech32, RevealSecret};
{
let secret = Fixed::new([0x42u8; 4]);

// Use try_to_bech32 — the sole encoding API:
let encoded = secret.with_secret(|s| s.try_to_bech32("test")).unwrap();
assert!(encoded.starts_with("test1"));
}

Enums

Bech32Large

Custom Bech32 (BIP-173) checksum variant with an extended payload capacity.

Traits

ToBech32

Extension trait for encoding byte data as Bech32 (BIP-173) strings.