EncryptedSecretKey

openmina_core::encrypted_key

Trait EncryptedSecretKey 

Source 
pub trait EncryptedSecretKey {
    const ENCRYPTION_DATA_VERSION_BYTE: u8 = 2u8;
    const SECRET_KEY_PREFIX_BYTE: u8 = 1u8;
    const BOX_PRIMITIVE: &'static str = "xsalsa20poly1305";
    const PW_PRIMITIVE: &'static str = "argon2i";
    const PW_DIFF: (u32, u32) = _;

    // Provided methods
    fn try_decrypt(
        encrypted: &EncryptedSecretKeyFile,
        password: &str,
    ) -> Result<Vec<u8>, EncryptionError> { ... }
    fn try_encrypt(
        key: &[u8],
        password: &str,
    ) -> Result<EncryptedSecretKeyFile, EncryptionError> { ... }
}

Provided Associated Constants§

Source

const ENCRYPTION_DATA_VERSION_BYTE: u8 = 2u8

Source

const SECRET_KEY_PREFIX_BYTE: u8 = 1u8

Source

const BOX_PRIMITIVE: &'static str = "xsalsa20poly1305"

Source

const PW_PRIMITIVE: &'static str = "argon2i"

Source

const PW_DIFF: (u32, u32) = _

Provided Methods§

Source

fn try_decrypt( encrypted: &EncryptedSecretKeyFile, password: &str, ) -> Result<Vec<u8>, EncryptionError>

Decrypts an encrypted secret key file using the provided password.

This method implements the decryption process compatible with Mina Protocol’s key format:

  1. Decodes Base58-encoded nonce, salt, and ciphertext from the file
  2. Derives encryption key from password using Argon2i with file’s parameters
  3. Decrypts the ciphertext using XSalsa20Poly1305 AEAD
  4. Returns the raw secret key bytes (with prefix byte stripped)
§Parameters
  • encrypted: The encrypted key file structure containing all encryption metadata
  • password: The password used to derive the decryption key
§Returns
  • Ok(Vec<u8>): The raw secret key bytes on successful decryption
  • Err(EncryptionError): Various errors including wrong password, corrupted data, or format incompatibility
§Errors
  • EncryptionError::SecretBox: AEAD decryption failure (wrong password)
  • EncryptionError::Base58DecodeError: Invalid Base58 encoding
  • EncryptionError::ArgonError: Key derivation failure
Source

fn try_encrypt( key: &[u8], password: &str, ) -> Result<EncryptedSecretKeyFile, EncryptionError>

Encrypts a secret key using password-based encryption.

This method implements the encryption process compatible with Mina Protocol’s key format:

  1. Prefixes the key with a format version byte
  2. Generates a random salt and derives encryption key using Argon2i
  3. Encrypts the prefixed key using XSalsa20Poly1305 AEAD with a random nonce
  4. Encodes all components (nonce, salt, ciphertext) in Base58 format
  5. Returns the complete encrypted file structure
§Parameters
  • key: The raw secret key bytes to encrypt
  • password: The password used to derive the encryption key
§Returns
  • Ok(EncryptedSecretKeyFile): Complete encrypted file structure ready for JSON serialization
  • Err(EncryptionError): Encryption process failure
§Errors
  • EncryptionError::ArgonError: Key derivation failure
  • EncryptionError::SecretBox: AEAD encryption failure
  • EncryptionError::HashMissing: Argon2 hash generation failure
§Security Notes
  • Uses cryptographically secure random number generation for salt and nonce
  • Default Argon2i parameters: 128MB memory cost, 6 iterations
  • Each encryption produces unique salt and nonce for security

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§