Development Documentation (main branch) - For stable release docs, see docs.rs/eidetica

UserKeyManager

eidetica::user::key_manager

Struct UserKeyManager 

Source 
pub struct UserKeyManager { /* private fields */ }
Expand description

Internal key manager that holds decrypted keys during user session

§Security

This struct holds sensitive cryptographic material in memory:

  • decrypted_keys: Contains plaintext PrivateKeys (zeroized on drop)
  • encryption_key: Password-derived key (zeroized via manual Zeroize impl), None for passwordless users

All sensitive data is zeroized when the struct is dropped.

Implementations§

Source§

impl UserKeyManager

Source

pub fn new( password: &str, salt: &str, encrypted_keys: Vec<UserKey>, ) -> Result<Self>

Create from user password and encrypted keys

Decrypts all provided keys using the password-derived encryption key.

§Arguments
  • password - The user’s password
  • salt - The password salt (base64 encoded string)
  • encrypted_keys - Vec of encrypted UserKey entries from database
§Returns

A UserKeyManager with all keys decrypted and ready for use

Source

pub fn new_passwordless(keys: Vec<UserKey>) -> Result<Self>

Create from unencrypted keys (for passwordless users)

Keys are stored and loaded unencrypted for performance.

§Arguments
  • keys - Vec of UserKey entries with unencrypted keys
§Returns

A UserKeyManager with all keys ready for use

Source

pub fn get_signing_key(&self, key_id: &PublicKey) -> Option<&PrivateKey>

Get a decrypted signing key

§Arguments
  • key_id - The public key identifier
§Returns

A reference to the PrivateKey if found

Source

pub fn add_key(&mut self, metadata: UserKey) -> Result<()>

Add a key to the manager from metadata

Handles both encrypted and unencrypted keys based on metadata. Use serialize_keys() to get updated keys for storage.

§Arguments
  • metadata - The UserKey metadata with storage info
§Returns

Ok(()) if the key was successfully added

Source

pub fn serialize_keys(&self) -> Result<Vec<UserKey>>

Serialize all keys for storage

Returns UserKey metadata suitable for storing in the database. Encrypted keys are re-encrypted with the current encryption key. Unencrypted keys are serialized directly.

Keys are returned in sorted order by key_id for deterministic output.

§Returns

Vec of UserKey with updated storage, sorted by key_id

Source

pub fn clear(&mut self)

Clear all decrypted keys from memory

Explicitly zeroizes all sensitive key material. Called automatically on Drop via ZeroizeOnDrop, but can be called manually to end session early.

Source

pub fn list_key_ids(&self) -> Vec<PublicKey>

List all key IDs managed by this manager

Returns key IDs sorted by creation timestamp (oldest first) for deterministic behavior.

Source

pub fn get_key_metadata(&self, key_id: &PublicKey) -> Option<&UserKey>

Get metadata for a key

Source

pub fn get_default_key_id(&self) -> Option<PublicKey>

Get the default key ID

Returns the key marked as is_default=true, or falls back to the oldest key by creation timestamp if no default is explicitly set.

§Returns

The PublicKey of the default key, or None if there are no keys

Trait Implementations§

Source§

impl Zeroize for UserKeyManager

Source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.
Source§

impl ZeroizeOnDrop for UserKeyManager

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> CompatExt for T

§

fn compat(self) -> Compat<T>

Applies the [Compat] adapter by value. Read more
§

fn compat_ref(&self) -> Compat<&T>

Applies the [Compat] adapter by shared reference. Read more
§

fn compat_mut(&mut self) -> Compat<&mut T>

Applies the [Compat] adapter by mutable reference. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] only if self and other return Action::Follow. Read more
§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more