Struct KeyRing 

pub struct KeyRing { /* private fields */ }

A key ring holding master and session keys.

Implementations

impl KeyRing

pub fn new() -> Self

Creates an empty key ring.

pub fn load(&mut self, key_id: u16, material: &[u8]) -> Result<(), Error>

Loads a key into the ring in PREACTIVE state.

pub fn find(&self, key_id: u16) -> Option<&ManagedKey>

Finds a key by ID.

pub fn find_mut(&mut self, key_id: u16) -> Option<&mut ManagedKey>

Finds a key by ID (mutable).

pub fn activate(&mut self, key_id: u16) -> Result<(), Error>

Activates a key by ID.

pub fn deactivate(&mut self, key_id: u16) -> Result<(), Error>

Deactivates a key by ID.

pub fn destroy(&mut self, key_id: u16) -> Result<(), Error>

Destroys a key by ID.

pub fn otar( &mut self, master_key_id: u16, iv: &[u8], encrypted_block: &mut [u8], tag: &[u8], crypto: &impl CryptoProvider, sa: &SecurityAssociation, ) -> Result<usize, Error>

Processes an OTAR delivery: decrypts session keys using a master key and loads them into the ring.

master_key_id — the key used to decrypt the encrypted key block. iv — initialization vector for decryption. encrypted_block — encrypted payload containing (key_id, key_material) pairs. crypto — cryptographic backend for decryption. sa — security association for the master key context.

pub fn inventory(&self) -> impl Iterator<Item = (u16, KeyState)> + '_

Returns an iterator over all keys for inventory queries.

pub fn verify( &self, key_id: u16, iv: &[u8], challenge: &[u8], response_out: &mut [u8], tag_out: &mut [u8], crypto: &impl CryptoProvider, sa: &SecurityAssociation, ) -> Result<(), Error>

Verifies a key via challenge-response.

Encrypts challenge with the specified key and returns the encrypted result in response_out.