Module sealed_consumer

Expand description

CLI-side consumer helpers for vta_sdk::sealed_transfer.

Generates ephemeral Ed25519 keypairs (exposed as did:key on the wire) and persists the seed under <config_dir>/bootstrap-secrets/<bundle_id>.key (mode 0600 on Unix) so a subsequent open call can retrieve it. At open time the X25519 HPKE secret is derived from the seed via vta_sdk::sealed_transfer::ed25519_seed_to_x25519_secret.

The pnm-cli and cnm-cli bootstrap subcommands both route through this module — the only per-CLI concern is which config_dir to use.

Structs§

CreatedProvisionRequest: The outcome of create_provision_request: the signed VP plus the bookkeeping fields callers need to hand to the operator / match the returned sealed bundle.
CreatedRequest: The outcome of create_bootstrap_request: the serialized request body and the bundle id (for the secret stored at <path> banner).
OpenedArmored: The result of open_armored_bundle — the full sealed payload plus the producer assertion, ready for caller-specific trust verification.

Functions§

create_bootstrap_request: Generate a fresh Ed25519 keypair + nonce, persist the seed (not the derived X25519 secret) under config_dir, and return a BootstrapRequest ready to hand to the producer.
create_provision_request: Generate a fresh ephemeral Ed25519 keypair, persist the seed under <config_dir>/bootstrap-secrets/<bundle_id_hex>.key, and return a signed VP-framed vta_sdk::provision_integration::BootstrapRequest ready to hand to the VTA operator’s vta bootstrap provision-integration CLI.
extract_admin_credential: Extract the CredentialBundle from an opened payload.
hex_lower: Encode a byte slice as lowercase hex, two chars per byte.
open_armored_bundle: Read an armored sealed bundle from bundle_path, load the corresponding secret from config_dir, open and verify. The caller is responsible for passing an expect_digest unless no_verify_digest is set.
secrets_dir: Resolve the per-config bootstrap secrets directory, creating it on first use with owner-only permissions (0700 on Unix, user-only DACL on Windows via icacls). See crate::secure_file::restrict_dir_to_owner.
validate_digest_flags: Validate the (--expect-digest, --no-verify-digest) combination and fire the opt-out warning when applicable.
warn_no_verify_digest: Emit the canonical --no-verify-digest warning to stderr.
zero_overwrite_and_remove: Overwrite a file’s bytes with zeros, fsync, then unlink.