pub struct SecretStorageKey { /* private fields */ }
Expand description
A secret storage key which can be used to store encrypted data in the user’s account data as defined in the spec.
The secret storage key can be initialized from a passphrase or from a base58-encoded string.
To bootstrap a new SecretStorageKey
, use the SecretStorageKey::new()
or SecretStorageKey::new_from_passphrase()
method.
After a new SecretStorageKey
has been created, the info about the key
needs to be uploaded to the homeserver as a global account data event. The
event and event type for this can be retrieved using the
SecretStorageKey::event_content()
and SecretStorageKey::event_type()
methods, respectively.
§Examples
use matrix_sdk_crypto::secret_storage::SecretStorageKey;
// Create a new secret storage key.
let key =
SecretStorageKey::new_from_passphrase("It's a secret to everybody");
// Retrieve the content.
let content = key.event_content();
// Now upload the content to the server and mark the new key as the default one.
// If we want to restore the secret key, we'll need to retrieve the previously uploaded global
// account data event.
let restored_key = SecretStorageKey::from_account_data(
"It's a secret to everybody",
content.to_owned()
);
Implementations§
Source§impl SecretStorageKey
impl SecretStorageKey
Sourcepub fn new() -> Self
pub fn new() -> Self
Create a new random SecretStorageKey
.
Sourcepub fn new_from_passphrase(passphrase: &str) -> Self
pub fn new_from_passphrase(passphrase: &str) -> Self
Create a new passphrase-based SecretStorageKey
.
The passphrase will be expanded into a 32-byte key using the m.pbkdf2
algorithm described in the spec.
Sourcepub fn from_account_data(
input: &str,
content: SecretStorageKeyEventContent,
) -> Result<Self, DecodeError>
pub fn from_account_data( input: &str, content: SecretStorageKeyEventContent, ) -> Result<Self, DecodeError>
Restore a SecretStorageKey
from the given input and the description
of the key.
The SecretStorageKeyEventContent
will contain the description of the
SecretStorageKey
. The constructor will check if the provided input
string matches to the description.
The input can be a passphrase or a Base58 export of the
SecretStorageKey
.
Sourcepub fn to_base58(&self) -> String
pub fn to_base58(&self) -> String
Export the SecretStorageKey
as a base58-encoded string as defined in
the spec.
Note: This returns a copy of the private key material of the
SecretStorageKey
as a string. The caller needs to ensure that this
string is zeroized.
Sourcepub fn encrypt(
&self,
plaintext: Vec<u8>,
secret_name: &SecretName,
) -> AesHmacSha2EncryptedData
pub fn encrypt( &self, plaintext: Vec<u8>, secret_name: &SecretName, ) -> AesHmacSha2EncryptedData
Encrypt a given secret string as a Secrets Storage secret with the given secret name.
§Examples
use matrix_sdk_crypto::secret_storage::SecretStorageKey;
use ruma::events::secret::request::SecretName;
let key = SecretStorageKey::new();
let secret = "It's a secret to everybody";
let secret_name = SecretName::from("my-secret");
let encrypted_data = key.encrypt(secret.as_bytes().to_vec(), &secret_name);
let decrypted = key.decrypt(&encrypted_data, &secret_name)?;
assert_eq!(secret.as_bytes(), decrypted);
Sourcepub fn decrypt(
&self,
data: &AesHmacSha2EncryptedData,
secret_name: &SecretName,
) -> Result<Vec<u8>, MacError>
pub fn decrypt( &self, data: &AesHmacSha2EncryptedData, secret_name: &SecretName, ) -> Result<Vec<u8>, MacError>
Decrypt the given AesHmacSha2EncryptedData
containing a secret with
the given secret name.
Sourcepub fn event_content(&self) -> &SecretStorageKeyEventContent
pub fn event_content(&self) -> &SecretStorageKeyEventContent
The info about the SecretStorageKey
formatted as a
SecretStorageKeyEventContent
.
The SecretStorageKeyEventContent
contains information about the
secret storage key. This information can be used to determine whether
the secret the user has entered is a valid secret for unlocking the
Secrets Storage (i.e. a valid SecretStorageKey
).
Sourcepub fn key_id(&self) -> &str
pub fn key_id(&self) -> &str
The unique ID of this SecretStorageKey
.
Sourcepub fn event_type(&self) -> GlobalAccountDataEventType
pub fn event_type(&self) -> GlobalAccountDataEventType
The event type of this SecretStorageKey
.
Can be used when uploading the key info as a
SecretStorageKeyEventContent
to the homeserver.
The type is equal to the concatenation of the string
"m.secret_storage.key."
and the key ID from the
SecretStorageKey::key_id()
method.
Trait Implementations§
Source§impl Debug for SecretStorageKey
impl Debug for SecretStorageKey
Source§impl Drop for SecretStorageKey
impl Drop for SecretStorageKey
Auto Trait Implementations§
impl Freeze for SecretStorageKey
impl RefUnwindSafe for SecretStorageKey
impl Send for SecretStorageKey
impl Sync for SecretStorageKey
impl Unpin for SecretStorageKey
impl UnwindSafe for SecretStorageKey
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T, W> HasTypeWitness<W> for Twhere
W: MakeTypeWitness<Arg = T>,
T: ?Sized,
impl<T, W> HasTypeWitness<W> for Twhere
W: MakeTypeWitness<Arg = T>,
T: ?Sized,
Source§impl<T> Identity for Twhere
T: ?Sized,
impl<T> Identity for Twhere
T: ?Sized,
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more