Skip to main content

KeyDeriver

styrene_identity::derive

Struct KeyDeriver 

Source 
pub struct KeyDeriver { /* private fields */ }
Expand description

Cached HKDF pseudo-random key with zeroize-on-drop.

Runs HKDF-Extract once at construction with the fixed domain-separation salt, stores the 32-byte PRK, and reconstructs the HKDF expander on each derive call. The PRK is root-equivalent key material and is zeroized when the KeyDeriver is dropped.

Implementations§

Source§

impl KeyDeriver

Source

pub fn new(root_secret: &[u8; 32]) -> Self

Create from a root secret. Runs HKDF-Extract once and stores the PRK.

Source

pub fn derive(&self, purpose: KeyPurpose) -> [u8; 32]

Derive a 32-byte key for a flat (non-parameterized) purpose.

Source

pub fn derive_all(&self) -> DerivedKeys

Derive all flat-purpose keys.

Source

pub fn signing_seed(&self) -> [u8; 32]

Derive THE identity Ed25519 seed (32 bytes). Used for mesh signing, git commit signing, personal attribution.

Source

pub fn ssh_host_seed(&self) -> [u8; 32]

Derive SSH host Ed25519 seed (32 bytes).

Source

pub fn age_secret(&self) -> [u8; 32]

Derive age X25519 private key (32 bytes).

Source

pub fn git_signing_seed(&self) -> [u8; 32]

Derive git commit signing Ed25519 seed (32 bytes). This is now the same key as signing_seed() — the unified identity key.

Source

pub fn i2p_signing_seed(&self) -> [u8; 32]

Derive I2P destination signing key (Ed25519 seed, 32 bytes).

Source

pub fn i2p_encryption_secret(&self) -> [u8; 32]

Derive I2P destination encryption key (X25519, 32 bytes).

Source

pub fn tor_seed(&self) -> [u8; 32]

Derive Tor onion v3 service key (Ed25519 seed, 32 bytes).

Source

pub fn derive_agent_key( &self, agent_name: &str, ) -> Result<[u8; 32], DeriveError>

Derive a per-agent Ed25519 signing seed via two-level HKDF.

Source

pub fn derive_ssh_user_key(&self, label: &str) -> Result<[u8; 32], DeriveError>

Derive a per-label SSH user Ed25519 seed via two-level HKDF.

Source

pub fn derive_i2p_service( &self, service_name: &str, ) -> Result<([u8; 32], [u8; 32]), DeriveError>

Derive a per-service I2P destination key pair via two-level HKDF. Returns (signing_seed, encryption_secret) — both 32 bytes.

Source

pub fn derive_onion_service( &self, service_name: &str, ) -> Result<[u8; 32], DeriveError>

Derive a per-service Tor onion v3 key via two-level HKDF.

Trait Implementations§

Source§

impl Drop for KeyDeriver

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.