pub trait EncryptedSecretKey {
const ENCRYPTION_DATA_VERSION_BYTE: u8 = 2;
const SECRET_KEY_PREFIX_BYTE: u8 = 1;
const BOX_PRIMITIVE: &'static str = "xsalsa20poly1305";
const PW_PRIMITIVE: &'static str = "argon2i";
const PW_DIFF: (u32, u32) = _;
// Provided methods
fn try_decrypt(
encrypted: &EncryptedSecretKeyFile,
password: &str,
) -> Result<Vec<u8>, EncryptionError> { ... }
fn try_encrypt(
key: &[u8],
password: &str,
) -> Result<EncryptedSecretKeyFile, EncryptionError> { ... }
fn try_encrypt_raw(
plaintext: &[u8],
password: &str,
) -> Result<EncryptedSecretKeyFile, EncryptionError> { ... }
}Provided Associated Constants§
const ENCRYPTION_DATA_VERSION_BYTE: u8 = 2
const SECRET_KEY_PREFIX_BYTE: u8 = 1
const BOX_PRIMITIVE: &'static str = "xsalsa20poly1305"
const PW_PRIMITIVE: &'static str = "argon2i"
const PW_DIFF: (u32, u32) = _
Provided Methods§
Sourcefn try_decrypt(
encrypted: &EncryptedSecretKeyFile,
password: &str,
) -> Result<Vec<u8>, EncryptionError>
fn try_decrypt( encrypted: &EncryptedSecretKeyFile, password: &str, ) -> Result<Vec<u8>, EncryptionError>
Decrypts an encrypted secret key file using the provided password.
This method implements the decryption process compatible with Mina Protocol’s key format:
- Decodes Base58-encoded nonce, salt, and ciphertext from the file
- Derives encryption key from password using Argon2i with file’s parameters
- Decrypts the ciphertext using XSalsa20Poly1305 AEAD
- Returns the raw secret key bytes (with prefix byte stripped)
§Parameters
encrypted: The encrypted key file structure containing all encryption metadatapassword: The password used to derive the decryption key
§Returns
Ok(Vec<u8>): The raw secret key bytes on successful decryptionErr(EncryptionError): Various errors including wrong password, corrupted data, or format incompatibility
§Errors
EncryptionError::SecretBox: AEAD decryption failure (wrong password)EncryptionError::Base58DecodeError: Invalid Base58 encodingEncryptionError::ArgonError: Key derivation failure
Sourcefn try_encrypt(
key: &[u8],
password: &str,
) -> Result<EncryptedSecretKeyFile, EncryptionError>
fn try_encrypt( key: &[u8], password: &str, ) -> Result<EncryptedSecretKeyFile, EncryptionError>
Encrypts a secret key using password-based encryption.
This method implements the encryption process compatible with Mina Protocol’s key format:
- Prefixes the key with a format version byte
- Generates a random salt and derives encryption key using Argon2i
- Encrypts the prefixed key using XSalsa20Poly1305 AEAD with a random nonce
- Encodes all components (nonce, salt, ciphertext) in Base58 format
- Returns the complete encrypted file structure
§Parameters
key: The raw secret key bytes to encryptpassword: The password used to derive the encryption key
§Returns
Ok(EncryptedSecretKeyFile): Complete encrypted file structure ready for JSON serializationErr(EncryptionError): Encryption process failure
§Errors
EncryptionError::ArgonError: Key derivation failureEncryptionError::SecretBox: AEAD encryption failureEncryptionError::HashMissing: Argon2 hash generation failure
§Security Notes
- Uses cryptographically secure random number generation for salt and nonce
- Default Argon2i parameters: 128MB memory cost, 6 iterations
- Each encryption produces unique salt and nonce for security
Sourcefn try_encrypt_raw(
plaintext: &[u8],
password: &str,
) -> Result<EncryptedSecretKeyFile, EncryptionError>
fn try_encrypt_raw( plaintext: &[u8], password: &str, ) -> Result<EncryptedSecretKeyFile, EncryptionError>
Encrypt raw bytes without prepending a version/prefix byte.
Used for account/BP keys, use EncryptedSecretKey::try_encrypt which adds the
standard 0x01 prefix byte.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".