pub struct Secp256k1PrivateKey { /* private fields */ }secp256k1 only.Expand description
A Secp256k1 ECDSA private key.
The private key is zeroized when dropped.
Implementations§
Source§impl Secp256k1PrivateKey
impl Secp256k1PrivateKey
Sourcepub fn from_bytes(bytes: &[u8]) -> AptosResult<Self>
pub fn from_bytes(bytes: &[u8]) -> AptosResult<Self>
Creates a private key from raw bytes.
§Errors
Returns AptosError::InvalidPrivateKey if:
- The byte slice length is not exactly 32 bytes
- The bytes do not represent a valid Secp256k1 private key
Sourcepub fn from_hex(hex_str: &str) -> AptosResult<Self>
pub fn from_hex(hex_str: &str) -> AptosResult<Self>
Creates a private key from a hex string.
§Errors
Returns AptosError::Hex if the hex string is invalid.
Returns AptosError::InvalidPrivateKey if the decoded bytes are not exactly 32 bytes or do not represent a valid Secp256k1 private key.
Sourcepub fn from_aip80(s: &str) -> AptosResult<Self>
pub fn from_aip80(s: &str) -> AptosResult<Self>
Creates a private key from AIP-80 format string.
AIP-80 format: secp256k1-priv-0x{hex_bytes}
§Errors
Returns an error if the format is invalid or the key bytes are invalid.
Sourcepub fn to_aip80(&self) -> String
pub fn to_aip80(&self) -> String
Returns the private key in AIP-80 format.
AIP-80 format: secp256k1-priv-0x{hex_bytes}
Sourcepub fn public_key(&self) -> Secp256k1PublicKey
pub fn public_key(&self) -> Secp256k1PublicKey
Returns the corresponding public key.
Sourcepub fn sign(&self, message: &[u8]) -> Secp256k1Signature
pub fn sign(&self, message: &[u8]) -> Secp256k1Signature
Signs message and returns a low-S ECDSA signature over the
SHA3-256 digest of message.
Aptos on-chain verification (see aptos-crypto::secp256k1_ecdsa::Signature::verify)
hashes the signing-message preimage with SHA-3-256 before invoking
ECDSA on the 32-byte digest. We mirror that flow exactly: compute the
SHA-3-256 digest first, then sign it via PrehashSigner so the k256
crate does not apply its default SHA-256 internally.
Historical note: prior versions of this SDK relied on Signer::sign
which does an internal SHA-256, producing a signature over
SHA-256(message) (or, with a SHA-256 pre-hash, over
SHA-256(SHA-256(message))). Both forms verified internally but
were rejected by the chain because the chain hashes with SHA-3-256.
§Panics
Panics only in the (mathematically impossible) case that
k256::ecdsa::SigningKey::sign_prehash returns Err for a 32-byte
prehash, which the signature::hazmat::PrehashSigner contract for
secp256k1 does not produce.
Sourcepub fn sign_prehashed(&self, digest: &[u8; 32]) -> Secp256k1Signature
pub fn sign_prehashed(&self, digest: &[u8; 32]) -> Secp256k1Signature
Signs a 32-byte pre-computed digest directly, with NO further hashing.
The caller is responsible for ensuring digest is the correct hash
for the on-chain verification scheme (Aptos uses SHA-3-256).
§Panics
Panics only if k256::ecdsa::SigningKey::sign_prehash returns Err
for the supplied 32-byte digest, which the
signature::hazmat::PrehashSigner contract for secp256k1 does not
produce.
Trait Implementations§
Source§impl Clone for Secp256k1PrivateKey
impl Clone for Secp256k1PrivateKey
Source§fn clone(&self) -> Secp256k1PrivateKey
fn clone(&self) -> Secp256k1PrivateKey
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more