signet::forge::crypto::KeyHandle Class Reference

Opaque handle to AES-256 key material held in a SecureKeyBuffer. More...

#include <pme_facade.hpp>

Public Member Functions
	~KeyHandle ()
	KeyHandle (KeyHandle &&other) noexcept
KeyHandle &	operator= (KeyHandle &&other) noexcept
	KeyHandle (const KeyHandle &)=delete
KeyHandle &	operator= (const KeyHandle &)=delete
bool	is_valid () const noexcept
	Check if the handle holds a valid key.
const uint8_t *	data () const noexcept
	Access raw key bytes. MUST NOT be exposed through FFI.
std::vector< uint8_t >	to_vector () const
	Get key as a vector (copies — use sparingly). For EncryptionConfig construction.

Static Public Member Functions
static KeyHandle	generate ()
	Generate a new random AES-256 key via platform CSPRNG.
static KeyHandle	from_bytes (const uint8_t *data, size_t size)
	Construct from raw bytes (C++ internal use only — NOT exposed to Python).
static KeyHandle	from_seed (const std::string &seed)
	Construct from a deterministic seed (for benchmarking/testing ONLY).
static constexpr size_t	key_size () noexcept
	Key size in bytes (always 32 for AES-256).

Detailed Description

Opaque handle to AES-256 key material held in a SecureKeyBuffer.

Key bytes are mlock'd (pinned to RAM, excluded from swap) and volatile-zeroed on destruction. Python bindings expose this as an opaque type — no __bytes__, no __str__, no way to extract the raw key material from Python.

Thread safety: KeyHandle is NOT thread-safe. Do not share across threads without external synchronisation.

Definition at line 76 of file pme_facade.hpp.

Constructor & Destructor Documentation

~KeyHandle()

signet::forge::crypto::KeyHandle::~KeyHandle ( )

inline

Definition at line 117 of file pme_facade.hpp.

KeyHandle() [1/2]

signet::forge::crypto::KeyHandle::KeyHandle ( KeyHandle &&  other )

inlinenoexcept

Definition at line 126 of file pme_facade.hpp.

KeyHandle() [2/2]

signet::forge::crypto::KeyHandle::KeyHandle ( const KeyHandle &  )

delete

Member Function Documentation

data()

const uint8_t * signet::forge::crypto::KeyHandle::data ( ) const

inlinenoexcept

Access raw key bytes. MUST NOT be exposed through FFI.

Definition at line 160 of file pme_facade.hpp.

from_bytes()

static KeyHandle signet::forge::crypto::KeyHandle::from_bytes ( const uint8_t *  data, size_t  size  )

inlinestatic

Construct from raw bytes (C++ internal use only — NOT exposed to Python).

The input bytes are copied into the secure buffer and the source is NOT zeroed — the caller is responsible for zeroing their copy.

Definition at line 90 of file pme_facade.hpp.

from_seed()

static KeyHandle signet::forge::crypto::KeyHandle::from_seed ( const std::string &  seed )

inlinestatic

Construct from a deterministic seed (for benchmarking/testing ONLY).

Derives the key via HKDF-SHA256 from the seed string.

Definition at line 105 of file pme_facade.hpp.

generate()

static KeyHandle signet::forge::crypto::KeyHandle::generate ( )

inlinestatic

Generate a new random AES-256 key via platform CSPRNG.

Definition at line 79 of file pme_facade.hpp.

is_valid()

bool signet::forge::crypto::KeyHandle::is_valid ( ) const

inlinenoexcept

Check if the handle holds a valid key.

Definition at line 152 of file pme_facade.hpp.

key_size()

static constexpr size_t signet::forge::crypto::KeyHandle::key_size ( )

inlinestaticconstexprnoexcept

Key size in bytes (always 32 for AES-256).

Definition at line 155 of file pme_facade.hpp.

operator=() [1/2]

KeyHandle & signet::forge::crypto::KeyHandle::operator= ( const KeyHandle &  )

delete

operator=() [2/2]

KeyHandle & signet::forge::crypto::KeyHandle::operator= ( KeyHandle &&  other )

inlinenoexcept

Definition at line 133 of file pme_facade.hpp.

to_vector()

std::vector< uint8_t > signet::forge::crypto::KeyHandle::to_vector ( ) const

inline

Get key as a vector (copies — use sparingly). For EncryptionConfig construction.

Definition at line 163 of file pme_facade.hpp.

---

The documentation for this class was generated from the following file:

• include/signet/crypto/pme_facade.hpp