pub struct SecretKey(/* private fields */);
Expand description
Secret key - a 256-bit key used to create ECDSA and Taproot signatures.
This value should be generated using a cryptographically secure pseudorandom number generator.
§Side channel attacks
We have attempted to reduce the side channel attack surface by implementing a constant time eq
method. For similar reasons we explicitly do not implement PartialOrd
, Ord
, or Hash
on
SecretKey
. If you really want to order secrets keys then you can use AsRef
to get at the
underlying bytes and compare them - however this is almost certainly a bad idea.
§Serde support
Implements de/serialization with the serde
feature enabled. We treat the byte value as a tuple
of 32 u8
s for non-human-readable formats. This representation is optimal for for some formats
(e.g. bincode
) however other formats may be less optimal (e.g. cbor
).
§Examples
Basic usage:
use secp256k1::{rand, Secp256k1, SecretKey};
let secp = Secp256k1::new();
let secret_key = SecretKey::new(&mut rand::thread_rng());
Implementations§
source§impl SecretKey
impl SecretKey
sourcepub fn display_secret(&self) -> DisplaySecret
pub fn display_secret(&self) -> DisplaySecret
Formats the explicit byte value of the secret key kept inside the type as a little-endian hexadecimal string using the provided formatter.
This is the only method that outputs the actual secret key value, and, thus, should be used with extreme caution.
§Examples
use secp256k1::SecretKey;
let key = SecretKey::from_str("0000000000000000000000000000000000000000000000000000000000000001").unwrap();
// Normal debug hides value (`Display` is not implemented for `SecretKey`).
// E.g., `format!("{:?}", key)` prints "SecretKey(#2518682f7819fb2d)".
// Here we explicitly display the secret value:
assert_eq!(
"0000000000000000000000000000000000000000000000000000000000000001",
format!("{}", key.display_secret())
);
// Also, we can explicitly display with `Debug`:
assert_eq!(
format!("{:?}", key.display_secret()),
format!("DisplaySecret(\"{}\")", key.display_secret())
);
source§impl SecretKey
impl SecretKey
sourcepub fn non_secure_erase(&mut self)
pub fn non_secure_erase(&mut self)
Attempts to erase the contents of the underlying array.
Note, however, that the compiler is allowed to freely copy or move the
contents of this array to other places in memory. Preventing this behavior
is very subtle. For more discussion on this, please see the documentation
of the zeroize
crate.
source§impl SecretKey
impl SecretKey
sourcepub fn from_slice(data: &[u8]) -> Result<SecretKey, Error>
pub fn from_slice(data: &[u8]) -> Result<SecretKey, Error>
Converts a SECRET_KEY_SIZE
-byte slice to a secret key.
§Examples
use secp256k1::SecretKey;
let sk = SecretKey::from_slice(&[0xcd; 32]).expect("32 bytes, within curve order");
sourcepub fn from_keypair(keypair: &Keypair) -> Self
pub fn from_keypair(keypair: &Keypair) -> Self
sourcepub fn secret_bytes(&self) -> [u8; 32]
pub fn secret_bytes(&self) -> [u8; 32]
Returns the secret key as a byte value.
sourcepub fn sign_ecdsa(&self, msg: Message) -> Signature
pub fn sign_ecdsa(&self, msg: Message) -> Signature
Constructs an ECDSA signature for msg
using the global SECP256K1
context.
sourcepub fn keypair<C: Signing>(&self, secp: &Secp256k1<C>) -> Keypair
pub fn keypair<C: Signing>(&self, secp: &Secp256k1<C>) -> Keypair
Returns the Keypair
for this SecretKey
.
This is equivalent to using Keypair::from_secret_key
.
sourcepub fn public_key<C: Signing>(&self, secp: &Secp256k1<C>) -> PublicKey
pub fn public_key<C: Signing>(&self, secp: &Secp256k1<C>) -> PublicKey
Returns the PublicKey
for this SecretKey
.
This is equivalent to using PublicKey::from_secret_key
.
sourcepub fn x_only_public_key<C: Signing>(
&self,
secp: &Secp256k1<C>,
) -> (XOnlyPublicKey, Parity)
pub fn x_only_public_key<C: Signing>( &self, secp: &Secp256k1<C>, ) -> (XOnlyPublicKey, Parity)
Returns the XOnlyPublicKey
(and it’s Parity
) for this SecretKey
.
This is equivalent to XOnlyPublicKey::from_keypair(self.keypair(secp))
.
Trait Implementations§
source§impl AsRef<[u8; 32]> for SecretKey
impl AsRef<[u8; 32]> for SecretKey
source§fn as_ref(&self) -> &[u8; 32]
fn as_ref(&self) -> &[u8; 32]
Gets a reference to the underlying array.
§Side channel attacks
Using ordering functions (PartialOrd
/Ord
) on a reference to secret keys leaks data
because the implementations are not constant time. Doing so will make your code vulnerable
to side channel attacks. SecretKey::eq
is implemented using a constant time algorithm,
please consider using it to do comparisons of secret keys.
source§impl PartialEq for SecretKey
impl PartialEq for SecretKey
impl Copy for SecretKey
impl Eq for SecretKey
Auto Trait Implementations§
impl Freeze for SecretKey
impl RefUnwindSafe for SecretKey
impl Send for SecretKey
impl Sync for SecretKey
impl Unpin for SecretKey
impl UnwindSafe for SecretKey
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Copy,
impl<T> CloneToUninit for Twhere
T: Copy,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§default unsafe fn clone_to_uninit(&self, dst: *mut T)
default unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)