Skip to main content

SecretKey

txgate_crypto::keys

Struct SecretKey 

Source 
pub struct SecretKey { /* private fields */ }
Expand description

A 32-byte secret key with automatic zeroization.

§Security

This type ensures that key material is securely erased from memory when the value is dropped. Key material never appears in debug output.

Important: This type intentionally does not implement Clone to prevent accidental duplication of secret key material. Keys must be moved, not copied.

§Example

use txgate_crypto::keys::SecretKey;

// Generate a new random key
let key = SecretKey::generate();

// Keys are automatically zeroized when dropped
drop(key);

Implementations§

Source§

impl SecretKey

Source

pub const fn new(bytes: [u8; 32]) -> Self

Create a new SecretKey from raw bytes.

§Arguments
  • bytes - The 32-byte secret key material
§Security

The input bytes are copied into the SecretKey. The caller should zeroize the original bytes if they are no longer needed.

§Example
use txgate_crypto::keys::SecretKey;
use zeroize::Zeroize;

let mut raw_bytes = [0x42u8; 32];
let key = SecretKey::new(raw_bytes);

// Zeroize the original bytes for security
raw_bytes.zeroize();
Source

pub fn generate() -> Self

Generate a new random SecretKey using a cryptographically secure RNG.

This uses the operating system’s secure random number generator (OsRng) to generate the key material.

§Example
use txgate_crypto::keys::SecretKey;

let key = SecretKey::generate();
assert_eq!(key.len(), 32);
Source

pub const fn as_bytes(&self) -> &[u8; 32]

Expose the raw bytes for cryptographic operations.

§Security

The returned reference must not be stored or copied beyond the immediate cryptographic operation. Misuse can lead to key material remaining in memory longer than intended.

§Example
use txgate_crypto::keys::SecretKey;

let key = SecretKey::generate();
let bytes = key.as_bytes();
assert_eq!(bytes.len(), 32);
Source

pub const fn len(&self) -> usize

Get the length of the secret key in bytes.

Always returns 32 for this key type.

Source

pub const fn is_empty(&self) -> bool

Returns false (SecretKey is never empty).

This method exists for API consistency and always returns false.

Source

pub fn into_k256(self) -> Result<SecretKey, SecretKeyError>

Convert this SecretKey into a k256::SecretKey for secp256k1 operations.

§Security

This method consumes self to ensure the key material exists in only one place. After calling this method, the original SecretKey is zeroized and cannot be used.

§Errors

Returns an error if the bytes do not represent a valid secp256k1 scalar (e.g., if the value is zero or greater than the curve order).

§Example
use txgate_crypto::keys::SecretKey;

let key = SecretKey::generate();
match key.into_k256() {
    Ok(k256_key) => {
        // Use k256_key for signing
    }
    Err(e) => {
        // Handle invalid key (very rare with generated keys)
    }
}

Trait Implementations§

Source§

impl Debug for SecretKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Drop for SecretKey

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl From<[u8; 32]> for SecretKey

Source§

fn from(bytes: [u8; 32]) -> Self

Converts to this type from the input type.
Source§

impl PartialEq for SecretKey

Source§

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Zeroize for SecretKey

Source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.
Source§

impl Eq for SecretKey

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V