Crate nkeys

source ·
Expand description

§nkeys

The nkeys is a Rust port of the official NATS Go nkeys implementation.

Nkeys provides library functions to create ed25519 keys using the special prefix encoding system used by NATS 2.0+ security.

§Examples

use nkeys::KeyPair;

// Create a user key pair
let user = KeyPair::new_user();

// Sign some data with the user's full key pair
let msg = "this is super secret".as_bytes();
let sig = user.sign(&msg).unwrap();
let res = user.verify(msg, sig.as_slice());
assert!(res.is_ok());

// Access the encoded seed (the information that needs to be kept safe/secret)
let seed = user.seed().unwrap();
// Access the public key, which can be safely shared
let pk = user.public_key();

// Create a full User who can sign and verify from a private seed.
let user = KeyPair::from_seed(&seed);

// Create a user that can only verify and not sign
let user = KeyPair::from_public_key(&pk).unwrap();
assert!(user.seed().is_err());

§Notes

The following is a list of the valid prefixes / key pair types available. Note that there are more key pair types available in this crate than there are in the original Go implementation for NATS.

  • N - Server
  • C - Cluster
  • O - Operator
  • A - Account
  • U - User
  • M - Module
  • V - Service / Service Provider
  • P - Private Key
  • X - Curve Key (X25519)

Modules§

  • Error wrappers and boilerplate

Macros§

  • A handy macro borrowed from the signatory crate that lets library-internal code generate more readable exception handling flows

Structs§

  • The main interface used for reading and writing nkey-encoded key pairs, including seeds and public keys.
  • The main interface used for reading and writing nkey-encoded curve key pairs.

Enums§

  • The authoritative list of valid key pair types that are used for cryptographically secure identities

Functions§

  • Attempts to decode the provided base32 encoded string into a valid prefix byte and the private key seed bytes. NOTE: This is considered an advanced use case, it’s generally recommended to stick with KeyPair::from_seed instead.
  • Returns the prefix byte and the underlying public key bytes NOTE: This is considered an advanced use case, it’s generally recommended to stick with KeyPair::from_public_key instead.