DeviceKeyStore class final
#include <crypto/device_key_store.hpp>
Persistent device key store.
The store keeps device identity key material in backend files. When key files are missing on first boot, a new key pair is generated and persisted.
Public types
- struct Paths
- File names inside backend root directory.
Constructors, destructors, conversion operators
-
DeviceKeyStore(std::shared_ptr<prf::
config:: IConfigBackend> backend, IRandomSource& random) - Creates device-key store with default backend file paths.
-
DeviceKeyStore(std::shared_ptr<prf::
config:: IConfigBackend> backend, IRandomSource& random, Paths paths) - Creates device-key store with explicit backend file paths.
Public functions
- auto ensure_initialized() -> bool
- Ensures key pair is present. Generates and stores a new pair when missing.
- auto key_id(KeyId* out_key_id) const -> bool
- Reads persisted public key and derives deterministic key identifier.
- auto public_key(Ed25519PublicKey* out_public_key) const -> bool
- Reads currently persisted public key.
- auto sign(std::span<const uint8_t> message, Ed25519Signature* out_signature) const -> bool
- Signs message bytes with device private key.