Struct tink_core::keyset::Handle

pub struct Handle { /* private fields */ }

Handle provides access to a Keyset protobuf, to limit the exposure of actual protocol buffers that hold sensitive key material.

Implementations

impl Handle

pub fn new(kt: &KeyTemplate) -> Result<Self, TinkError>

Create a keyset handle that contains a single fresh key generated according to the given KeyTemplate.

pub fn new_with_no_secrets(ks: Keyset) -> Result<Self, TinkError>

Create a new instance of Handle using the given Keyset which does not contain any secret key material.

pub fn read<T>(
    reader: &mut T,
    master_key: Box<dyn Aead>
) -> Result<Self, TinkError> where
    T: Reader, 

Attempt to create a Handle from an encrypted keyset obtained via a Reader.

pub fn read_with_associated_data<T>(
    reader: &mut T,
    master_key: Box<dyn Aead>,
    associated_data: &[u8]
) -> Result<Self, TinkError> where
    T: Reader, 

Attempt to create a Handle from an encrypted keyset obtained via a Reader using the provided associated data.

pub fn read_with_no_secrets<T>(reader: &mut T) -> Result<Self, TinkError> where
    T: Reader, 

Attempt to create a Handle from a keyset obtained via a Reader.

pub fn public(&self) -> Result<Self, TinkError>

Return a Handle of the public keys if the managed keyset contains private keys.

pub fn write<T>(
    &self,
    writer: &mut T,
    master_key: Box<dyn Aead>
) -> Result<(), TinkError> where
    T: Writer, 

Encrypts and writes the enclosed Keyset.

pub fn write_with_associated_data<T>(
    &self,
    writer: &mut T,
    master_key: Box<dyn Aead>,
    associated_data: &[u8]
) -> Result<(), TinkError> where
    T: Writer, 

Encrypts and writes the enclosed Keyset using the provided associated data.

pub fn write_with_no_secrets<T>(&self, w: &mut T) -> Result<(), TinkError> where
    T: Writer, 

Export the keyset in h to the given Writer returning an error if the keyset contains secret key material.

pub fn primitives(&self) -> Result<PrimitiveSet, TinkError>

Create a set of primitives corresponding to the keys with status=ENABLED in the keyset of the given keyset Handle, assuming all the corresponding key managers are present (keys with status!=ENABLED are skipped).

The returned set is usually later “wrapped” into a class that implements the corresponding Primitive interface.

pub fn primitives_with_key_manager(
    &self,
    km: Option<Arc<dyn KeyManager>>
) -> Result<PrimitiveSet, TinkError>

Create a set of primitives corresponding to the keys with status=ENABLED in the keyset of the given keyset Handle, using the given key manager (instead of registered key managers) for keys supported by it. Keys not supported by the key manager are handled by matching registered key managers (if present), and keys with status!=ENABLED are skipped.

This enables custom treatment of keys, for example providing extra context (e.g. credentials for accessing keys managed by a KMS), or gathering custom monitoring/profiling information.

The returned set is usually later “wrapped” into a class that implements the corresponding Primitive-interface.

pub fn keyset_info(&self) -> KeysetInfo

Return KeysetInfo representation of the managed keyset. The result does not contain any sensitive key material.

Trait Implementations

impl Debug for Handle

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Return a string representation of the managed keyset. The result does not contain any sensitive key material.