pub struct CommitReader { /* private fields */ }Expand description
Encapsulates the key derivation chain for reading a commit’s objects.
Created by decrypting a commit blob, which extracts the envelope nonce and derives the content key. The content key is then used to decrypt metadata and shards.
§Security
The content_key is a per-commit derived key, not the root key.
Implementations§
Source§impl CommitReader
impl CommitReader
Sourcepub fn open(
root_key: &[u8; 32],
commit_blob: &[u8],
) -> CryptoResult<(Vec<u8>, Self)>
pub fn open( root_key: &[u8; 32], commit_blob: &[u8], ) -> CryptoResult<(Vec<u8>, Self)>
Decrypt a commit blob and create a CommitReader for its child objects.
Requires VD01 envelope format. The content key is derived from the envelope nonce.
§Security
This is one of only two operations that require the root key
(the other being seal_commit on KeyVault).
Sourcepub fn decrypt_metadata<T>(&self, blob: &[u8]) -> CryptoResult<T>where
T: DeserializeOwned,
pub fn decrypt_metadata<T>(&self, blob: &[u8]) -> CryptoResult<T>where
T: DeserializeOwned,
Decrypt a metadata bundle blob using the content key.
Sourcepub fn decrypt_metadata_raw(&self, blob: &[u8]) -> CryptoResult<Vec<u8>>
pub fn decrypt_metadata_raw(&self, blob: &[u8]) -> CryptoResult<Vec<u8>>
Decrypt a metadata bundle blob into raw bytes.
Sourcepub fn decrypt_shard(
&self,
blob: &[u8],
wrapped_key: Option<&WrappedKey>,
ancestor_keys: &[ContentKey],
) -> CryptoResult<Vec<u8>>
pub fn decrypt_shard( &self, blob: &[u8], wrapped_key: Option<&WrappedKey>, ancestor_keys: &[ContentKey], ) -> CryptoResult<Vec<u8>>
Decrypt a shard blob. Handles wrapped keys and ancestor key fallback.
Fallback chain:
- If
wrapped_keyisSome, try unwrapping with content_key, then each ancestor key - Error if all attempts fail
Sourcepub fn decrypt_repo_manifest(&self, blob: &[u8]) -> CryptoResult<Vec<u8>>
pub fn decrypt_repo_manifest(&self, blob: &[u8]) -> CryptoResult<Vec<u8>>
Decrypt a repo manifest blob (collaboration manifest JSON).
Sourcepub fn content_key(&self) -> &ContentKey
pub fn content_key(&self) -> &ContentKey
Get the content key (derived from envelope nonce).
Sourcepub fn from_content_key(content_key: ContentKey) -> Self
pub fn from_content_key(content_key: ContentKey) -> Self
Create a CommitReader from a content key directly (for scoped-key clone).
Used when cloning from a published repo with --content-key. The content
key is the only key available — no root key exists in scoped mode.
Create a reader from a share key (for share-based unseal).
In share-based unseal the derived key serves directly as the content key — there is no commit envelope involved.
Sourcepub fn decrypt_envelope_body(
&self,
blob: &[u8],
aad: &[u8],
) -> CryptoResult<(Vec<u8>, KeyNonce)>
pub fn decrypt_envelope_body( &self, blob: &[u8], aad: &[u8], ) -> CryptoResult<(Vec<u8>, KeyNonce)>
Decrypt a VD01 envelope body using the content key.
Validates the VD01 header, extracts the nonce, and decrypts the payload using the content key directly (no key derivation — the content key is already the correct decryption key).
Returns the decrypted plaintext and the envelope nonce.
Used by share-based unseal where the share key IS the content key.
Sourcepub fn into_parts(self) -> ContentKey
pub fn into_parts(self) -> ContentKey
Consume the reader, returning the content key.
Used by void-core’s CommitReader::open_with_vault() to construct
the core-layer reader from a vault-opened crypto-layer reader.