Trait diem_secure_storage::CryptoStorage
source · pub trait CryptoStorage {
// Required methods
fn create_key(&mut self, name: &str) -> Result<ConsensusPublicKey, Error>;
fn export_private_key(
&self,
name: &str
) -> Result<ConsensusPrivateKey, Error>;
fn import_private_key(
&mut self,
name: &str,
key: ConsensusPrivateKey
) -> Result<(), Error>;
fn export_private_key_for_version(
&self,
name: &str,
version: ConsensusPublicKey
) -> Result<ConsensusPrivateKey, Error>;
fn get_public_key(&self, name: &str) -> Result<PublicKeyResponse, Error>;
fn get_public_key_previous_version(
&self,
name: &str
) -> Result<ConsensusPublicKey, Error>;
fn rotate_key(&mut self, name: &str) -> Result<ConsensusPublicKey, Error>;
fn sign<T: CryptoHash + Serialize>(
&self,
name: &str,
message: &T
) -> Result<ConsensusSignature, Error>;
fn sign_using_version<T: CryptoHash + Serialize>(
&self,
name: &str,
version: ConsensusPublicKey,
message: &T
) -> Result<ConsensusSignature, Error>;
}
Expand description
CryptoStorage provides an abstraction for secure generation and handling of cryptographic keys.
Required Methods§
sourcefn create_key(&mut self, name: &str) -> Result<ConsensusPublicKey, Error>
fn create_key(&mut self, name: &str) -> Result<ConsensusPublicKey, Error>
Securely generates a new named Consensus private key. The behavior for calling this interface multiple times with the same name is implementation specific.
sourcefn export_private_key(&self, name: &str) -> Result<ConsensusPrivateKey, Error>
fn export_private_key(&self, name: &str) -> Result<ConsensusPrivateKey, Error>
Returns the Consensus private key stored at ‘name’.
sourcefn import_private_key(
&mut self,
name: &str,
key: ConsensusPrivateKey
) -> Result<(), Error>
fn import_private_key( &mut self, name: &str, key: ConsensusPrivateKey ) -> Result<(), Error>
An optional API that allows importing private keys and storing them at the provided name. This is not intended to be used in production and the API may throw unimplemented if not used correctly. As this is purely a testing API, there is no defined behavior for importing a key for a given name if that name already exists. It only exists to allow Diem to be run in test environments where a set of deterministic keys must be generated.
sourcefn export_private_key_for_version(
&self,
name: &str,
version: ConsensusPublicKey
) -> Result<ConsensusPrivateKey, Error>
fn export_private_key_for_version( &self, name: &str, version: ConsensusPublicKey ) -> Result<ConsensusPrivateKey, Error>
Returns the Consensus private key stored at ‘name’ and identified by ‘version’, which is the corresponding public key. This may fail even if the ‘named’ key exists but the version is not present.
sourcefn get_public_key(&self, name: &str) -> Result<PublicKeyResponse, Error>
fn get_public_key(&self, name: &str) -> Result<PublicKeyResponse, Error>
Returns the Consensus public key stored at ‘name’.
sourcefn get_public_key_previous_version(
&self,
name: &str
) -> Result<ConsensusPublicKey, Error>
fn get_public_key_previous_version( &self, name: &str ) -> Result<ConsensusPublicKey, Error>
Returns the previous version of the Consensus public key stored at ‘name’. For the most recent version, see ‘get_public_key(..)’ above.
sourcefn rotate_key(&mut self, name: &str) -> Result<ConsensusPublicKey, Error>
fn rotate_key(&mut self, name: &str) -> Result<ConsensusPublicKey, Error>
Rotates an Consensus private key. Future calls without version to this ‘named’ key will return the rotated key instance. The previous key is retained and can be accessed via the version. At most two versions are expected to be retained.
sourcefn sign<T: CryptoHash + Serialize>(
&self,
name: &str,
message: &T
) -> Result<ConsensusSignature, Error>
fn sign<T: CryptoHash + Serialize>( &self, name: &str, message: &T ) -> Result<ConsensusSignature, Error>
Signs the provided securely-hashable struct, using the ‘named’ private key.
sourcefn sign_using_version<T: CryptoHash + Serialize>(
&self,
name: &str,
version: ConsensusPublicKey,
message: &T
) -> Result<ConsensusSignature, Error>
fn sign_using_version<T: CryptoHash + Serialize>( &self, name: &str, version: ConsensusPublicKey, message: &T ) -> Result<ConsensusSignature, Error>
Signs the provided securely-hashable struct, using the ‘named’ and ‘versioned’ private key. This may fail even if the ‘named’ key exists but the version is not present.