[][src]Struct tink_core::keyset::Handle

pub struct Handle { /* fields omitted */ }

Handle provides access to a Keyset protobuf, to limit the exposure of actual protocol buffers that hold sensitive key material.

Implementations

impl Handle[src]

pub fn new(kt: &KeyTemplate) -> Result<Self, TinkError>[src]

Create a keyset handle that contains a single fresh key generated according to the given KeyTemplate.

pub fn new_with_no_secrets(ks: Keyset) -> Result<Self, TinkError>[src]

Create a new instance of Handle using the given Keyset which does not contain any secret key material.

pub fn read<T>(
    reader: &mut T,
    master_key: Box<dyn Aead>
) -> Result<Self, TinkError> where
    T: Reader[src]

Attempt to create a Handle from an encrypted keyset obtained via a Reader.

pub fn read_with_no_secrets<T>(reader: &mut T) -> Result<Self, TinkError> where
    T: Reader[src]

Attempt to create a Handle from a keyset obtained via a Reader.

pub fn public(&self) -> Result<Self, TinkError>[src]

Return a Handle of the public keys if the managed keyset contains private keys.

pub fn write<T>(
    &self,
    writer: &mut T,
    master_key: Box<dyn Aead>
) -> Result<(), TinkError> where
    T: Writer[src]

Encrypts and writes the enclosed Keyset.

pub fn write_with_no_secrets<T>(&self, w: &mut T) -> Result<(), TinkError> where
    T: Writer[src]

Export the keyset in h to the given Writer returning an error if the keyset contains secret key material.

pub fn primitives(&self) -> Result<PrimitiveSet, TinkError>[src]

Create a set of primitives corresponding to the keys with status=ENABLED in the keyset of the given keyset Handle, assuming all the corresponding key managers are present (keys with status!=ENABLED are skipped).

The returned set is usually later "wrapped" into a class that implements the corresponding Primitive interface.

pub fn primitives_with_key_manager(
    &self,
    km: Option<Arc<dyn KeyManager>>
) -> Result<PrimitiveSet, TinkError>[src]

Create a set of primitives corresponding to the keys with status=ENABLED in the keyset of the given keyset Handle, using the given key manager (instead of registered key managers) for keys supported by it. Keys not supported by the key manager are handled by matching registered key managers (if present), and keys with status!=ENABLED are skipped.

This enables custom treatment of keys, for example providing extra context (e.g. credentials for accessing keys managed by a KMS), or gathering custom monitoring/profiling information.

The returned set is usually later "wrapped" into a class that implements the corresponding Primitive-interface.

pub fn keyset_info(&self) -> KeysetInfo[src]

Return KeysetInfo representation of the managed keyset. The result does not contain any sensitive key material.

Trait Implementations

impl Debug for Handle[src]

fn fmt(&self, f: &mut Formatter<'_>) -> Result[src]

Return a string representation of the managed keyset. The result does not contain any sensitive key material.

Auto Trait Implementations

impl RefUnwindSafe for Handle

impl Send for Handle

impl Sync for Handle

impl Unpin for Handle

impl UnwindSafe for Handle

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>,