KeyService class final
#include <crypto/key_service.hpp>
Default key service implementation used by control interface.
This class combines immutable device identity keys from DeviceKeyStore with mutable trusted key database from KeyringStore.
Base classes
- class IKeyService
- Crypto-backed key service used by control interface.
Constructors, destructors, conversion operators
- KeyService(DeviceKeyStore& device_keys, KeyringStore& keyring)
- Creates key service over existing key stores.
Public functions
- auto add_trusted_key(const Ed25519PublicKey& public_key, KeyFlags flags, KeyId* out_key_id) -> bool override
- Adds new trusted key and persists change to backend.
- auto device_identity(Ed25519PublicKey* out_public_key, KeyId* out_key_id) const -> bool override
- Reads device public identity key and derives its key identifier.
- auto for_each_trusted_key(TrustedKeyVisitor visitor, void* user_ctx, size_t* out_count = nullptr) const -> bool override
- Iterates currently trusted keys.
- auto has_admin_trusted_key() const -> bool override
- Returns true when at least one stored key is trusted and admin.
- auto is_admin_key(std::span<const uint8_t> key_id) const -> bool override
- Returns true when key exists and has admin role.
- auto remove_trusted_key(std::span<const uint8_t> key_id) -> bool override
- Removes trusted key by key identifier and persists change.
- auto sign(std::span<const uint8_t> message, Ed25519Signature* out_signature) const -> bool override
- Signs message bytes with device private key.
- auto update_trusted_key_flags(std::span<const uint8_t> key_id, KeyFlags mask, KeyFlags values) -> bool override
- Updates trusted-key role flags and persists change.
- auto verify(std::span<const uint8_t> message, const Ed25519Signature& signature, std::span<const uint8_t> key_id) const -> bool override
- Verifies signature against stored public key selected by key id.