Struct reth_network::config::SecretKey

pub struct SecretKey(/* private fields */);

Secret key - a 256-bit key used to create ECDSA and Taproot signatures.

This value should be generated using a cryptographically secure pseudorandom number generator.

Side channel attacks

We have attempted to reduce the side channel attack surface by implementing a constant time eq method. For similar reasons we explicitly do not implement PartialOrd, Ord, or Hash on SecretKey. If you really want to order secrets keys then you can use AsRef to get at the underlying bytes and compare them - however this is almost certainly a bad idea.

Serde support

Implements de/serialization with the serde feature enabled. We treat the byte value as a tuple of 32 u8s for non-human-readable formats. This representation is optimal for for some formats (e.g. bincode) however other formats may be less optimal (e.g. cbor).

Examples

Basic usage:

use secp256k1::{rand, Secp256k1, SecretKey};

let secp = Secp256k1::new();
let secret_key = SecretKey::new(&mut rand::thread_rng());

Implementations

impl SecretKey

pub fn display_secret(&self) -> DisplaySecret

Formats the explicit byte value of the secret key kept inside the type as a little-endian hexadecimal string using the provided formatter.

This is the only method that outputs the actual secret key value, and, thus, should be used with extreme caution.

Examples

use secp256k1::SecretKey;
let key = SecretKey::from_str("0000000000000000000000000000000000000000000000000000000000000001").unwrap();

// Normal debug hides value (`Display` is not implemented for `SecretKey`).
// E.g., `format!("{:?}", key)` prints "SecretKey(#2518682f7819fb2d)".

// Here we explicitly display the secret value:
assert_eq!(
    "0000000000000000000000000000000000000000000000000000000000000001",
    format!("{}", key.display_secret())
);
// Also, we can explicitly display with `Debug`:
assert_eq!(
    format!("{:?}", key.display_secret()),
    format!("DisplaySecret(\"{}\")", key.display_secret())
);

impl SecretKey

pub fn non_secure_erase(&mut self)

Attempts to erase the contents of the underlying array.

Note, however, that the compiler is allowed to freely copy or move the contents of this array to other places in memory. Preventing this behavior is very subtle. For more discussion on this, please see the documentation of the zeroize crate.

impl SecretKey

pub fn new<R>(rng: &mut R) -> SecretKey

where R: Rng + ?Sized,

Available on crate feature rand only.

Generates a new random secret key.

Examples

use secp256k1::{rand, SecretKey};
let secret_key = SecretKey::new(&mut rand::thread_rng());

pub fn from_slice(data: &[u8]) -> Result<SecretKey, Error>

Converts a SECRET_KEY_SIZE-byte slice to a secret key.

Examples

use secp256k1::SecretKey;
let sk = SecretKey::from_slice(&[0xcd; 32]).expect("32 bytes, within curve order");

pub fn from_keypair(keypair: &Keypair) -> SecretKey

Creates a new secret key using data from BIP-340 [Keypair].

Examples

use secp256k1::{rand, Secp256k1, SecretKey, Keypair};

let secp = Secp256k1::new();
let keypair = Keypair::new(&secp, &mut rand::thread_rng());
let secret_key = SecretKey::from_keypair(&keypair);

pub fn secret_bytes(&self) -> [u8; 32]

Returns the secret key as a byte value.

pub fn negate(self) -> SecretKey

Negates the secret key.

pub fn add_tweak(self, tweak: &Scalar) -> Result<SecretKey, Error>

Tweaks a SecretKey by adding tweak modulo the curve order.

Errors

Returns an error if the resulting key would be invalid.

pub fn mul_tweak(self, tweak: &Scalar) -> Result<SecretKey, Error>

Tweaks a SecretKey by multiplying by tweak modulo the curve order.

Errors

Returns an error if the resulting key would be invalid.

pub fn sign_ecdsa(&self, msg: Message) -> Signature

Available on crate feature global-context only.

Constructs an ECDSA signature for msg using the global [SECP256K1] context.

pub fn keypair<C>(&self, secp: &Secp256k1<C>) -> Keypair

where C: Signing,

Returns the [Keypair] for this SecretKey.

This is equivalent to using [Keypair::from_secret_key].

pub fn public_key<C>(&self, secp: &Secp256k1<C>) -> PublicKey

where C: Signing,

Returns the [PublicKey] for this SecretKey.

This is equivalent to using [PublicKey::from_secret_key].

pub fn x_only_public_key<C>( &self, secp: &Secp256k1<C>, ) -> (XOnlyPublicKey, Parity)

where C: Signing,

Returns the [XOnlyPublicKey] (and it’s [Parity]) for this SecretKey.

This is equivalent to XOnlyPublicKey::from_keypair(self.keypair(secp)).

Trait Implementations

impl AsRef<[u8; 32]> for SecretKey

fn as_ref(&self) -> &[u8; 32]

Gets a reference to the underlying array.

Side channel attacks

Using ordering functions (PartialOrd/Ord) on a reference to secret keys leaks data because the implementations are not constant time. Doing so will make your code vulnerable to side channel attacks. SecretKey::eq is implemented using a constant time algorithm, please consider using it to do comparisons of secret keys.

impl CPtr for SecretKey

type Target = u8

fn as_c_ptr(&self) -> *const <SecretKey as CPtr>::Target

fn as_mut_c_ptr(&mut self) -> *mut <SecretKey as CPtr>::Target

impl Clone for SecretKey

fn clone(&self) -> SecretKey

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SecretKey

Available on crate feature std only.

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for SecretKey

Available on crate feature serde only.

fn deserialize<D>(d: D) -> Result<SecretKey, <D as Deserializer<'de>>::Error>

where D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl EnrKey for SecretKey

type PublicKey = PublicKey

fn sign_v4(&self, msg: &[u8]) -> Result<Vec<u8>, SigningError>

Performs ENR-specific signing for the v4 identity scheme.

fn public(&self) -> <SecretKey as EnrKey>::PublicKey

Returns the public key associated with current key pair.

fn enr_to_public( content: &BTreeMap<Vec<u8>, Bytes>, ) -> Result<<SecretKey as EnrKey>::PublicKey, Error>

Provides a method to decode a raw public key from an ENR BTreeMap to a useable public key.

impl EnrKeyUnambiguous for SecretKey

fn decode_public( bytes: &[u8], ) -> Result<<SecretKey as EnrKey>::PublicKey, Error>

Decode raw bytes as corresponding public key.

impl<'a> From<&'a Keypair> for SecretKey

fn from(pair: &'a Keypair) -> SecretKey

Converts to this type from the input type.

impl From<Keypair> for SecretKey

fn from(pair: Keypair) -> SecretKey

Converts to this type from the input type.

impl FromStr for SecretKey

type Err = Error

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<SecretKey, Error>

Parses a string s to return a value of this type.

impl<I> Index<I> for SecretKey

where [u8]: Index<I>,

type Output = <[u8] as Index<I>>::Output

The returned type after indexing.

fn index(&self, index: I) -> &<SecretKey as Index<I>>::Output

Performs the indexing (container[index]) operation.

impl PartialEq for SecretKey

fn eq(&self, other: &SecretKey) -> bool

This implementation is designed to be constant time to help prevent side channel attacks.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for SecretKey

Available on crate feature serde only.

fn serialize<S>( &self, s: S, ) -> Result<<S as Serializer>::Ok, <S as Serializer>::Error>

where S: Serializer,

Serialize this value into the given Serde serializer.

impl Copy for SecretKey

impl Eq for SecretKey

Layout

Note: Most layout information is completely unstable and may even differ between compilations. The only exception is types with certain repr(...) attributes. Please see the Rust Reference's “Type Layout” chapter for details on type layout guarantees.

Size: 32 bytes