secp256k1

Struct SecretKey

Source 
pub struct SecretKey(/* private fields */);
Expand description

Secret key - a 256-bit key used to create ECDSA and Taproot signatures.

This value should be generated using a cryptographically secure pseudorandom number generator.

§Side channel attacks

We have attempted to reduce the side channel attack surface by implementing a constant time eq method. For similar reasons we explicitly do not implement PartialOrd, Ord, or Hash on SecretKey. If you really want to order secret keys then you can use AsRef to get at the underlying bytes and compare them - however this is almost certainly a bad idea.

§Serde support

Implements de/serialization with the serde feature enabled. We treat the byte value as a tuple of 32 u8s for non-human-readable formats. This representation is optimal for some formats (e.g. bincode) however other formats may be less optimal (e.g. cbor).

§Examples

Basic usage:

use secp256k1::{rand, SecretKey};

let secret_key = SecretKey::new(&mut rand::rng());

Implementations§

Source§

impl SecretKey

Source

pub fn display_secret(&self) -> DisplaySecret

Formats the explicit byte value of the secret key kept inside the type as a little-endian hexadecimal string using the provided formatter.

This is the only method that outputs the actual secret key value, and, thus, should be used with extreme caution.

§Examples
use secp256k1::SecretKey;
let key = SecretKey::from_str("0000000000000000000000000000000000000000000000000000000000000001").unwrap();

// Normal debug hides value (`Display` is not implemented for `SecretKey`).
// E.g., `format!("{:?}", key)` prints "SecretKey(#2518682f7819fb2d)".

// Here we explicitly display the secret value:
assert_eq!(
    "0000000000000000000000000000000000000000000000000000000000000001",
    format!("{}", key.display_secret())
);
// Also, we can explicitly display with `Debug`:
assert_eq!(
    format!("{:?}", key.display_secret()),
    format!("DisplaySecret(\"{}\")", key.display_secret())
);
Source§

impl SecretKey

Source

pub fn non_secure_erase(&mut self)

Attempts to erase the contents of the underlying array.

Note, however, that the compiler is allowed to freely copy or move the contents of this array to other places in memory. Preventing this behavior is very subtle. For more discussion on this, please see the documentation of the zeroize crate.

Source§

impl SecretKey

Source

pub fn to_secret_bytes(&self) -> [u8; 32]

Returns the secret key as a byte value.

§Side channel attacks

Using ordering functions (PartialOrd/Ord) on a reference to secret keys leaks data because the implementations are not constant time. Doing so will make your code vulnerable to side channel attacks. SecretKey::eq is implemented using a constant time algorithm, please consider using it to do comparisons of secret keys.

Source

pub fn as_secret_bytes(&self) -> &[u8; 32]

Returns a reference to the secret key as a byte array.

See note on Self::to_secret_bytes.

Source

pub fn from_secret_bytes(data: [u8; 32]) -> Result<SecretKey, Error>

Converts a 32-byte array to a secret key.

See note on Self::to_secret_bytes.

§Errors

Returns an error when the secret key is invalid: when it is all-zeros or would exceed the curve order when interpreted as a big-endian unsigned integer.

§Examples
use secp256k1::SecretKey;
let sk = SecretKey::from_byte_array([0xcd; 32]).expect("32 bytes, within curve order");
Source§

impl SecretKey

Source

pub fn from_byte_array(data: [u8; 32]) -> Result<SecretKey, Error>

👎Deprecated since 0.32.0: use from_secret_bytes instead

Converts a 32-byte array to a secret key.

Source

pub fn from_keypair(keypair: &Keypair) -> Self

Creates a new secret key using data from BIP-340 Keypair.

§Examples
use secp256k1::{rand, SecretKey, Keypair};

let keypair = Keypair::new(&mut rand::rng());
let secret_key = SecretKey::from_keypair(&keypair);
Source

pub fn secret_bytes(&self) -> [u8; 32]

👎Deprecated since 0.32.0: use to_secret_bytes instead

Returns the secret key as a byte value.

Source

pub fn negate(self) -> SecretKey

Negates the secret key.

Source

pub fn add_tweak(self, tweak: &Scalar) -> Result<SecretKey, Error>

Tweaks a SecretKey by adding tweak modulo the curve order.

§Errors

Returns an error if the resulting key would be invalid.

Source

pub fn mul_tweak(self, tweak: &Scalar) -> Result<SecretKey, Error>

Tweaks a SecretKey by multiplying by tweak modulo the curve order.

§Errors

Returns an error if the resulting key would be invalid.

Source

pub fn sign_ecdsa(&self, msg: impl Into<Message>) -> Signature

Constructs an ECDSA signature for msg.

Source

pub fn keypair(&self) -> Keypair

Returns the Keypair for this SecretKey.

This is equivalent to using Keypair::from_secret_key.

Source

pub fn public_key(&self) -> PublicKey

Returns the PublicKey for this SecretKey.

This is equivalent to using PublicKey::from_secret_key.

Source

pub fn x_only_public_key(&self) -> (XOnlyPublicKey, Parity)

Returns the XOnlyPublicKey (and its Parity) for this SecretKey.

This is equivalent to XOnlyPublicKey::from_keypair(self.keypair(secp)).

Trait Implementations§

Source§

impl AsRef<[u8; 32]> for SecretKey

Source§

fn as_ref(&self) -> &[u8; 32]

Gets a reference to the underlying array.

See note on Self::to_secret_bytes.

Source§

impl CPtr for SecretKey

Source§

type Target = u8

Source§

fn as_c_ptr(&self) -> *const Self::Target

Source§

fn as_mut_c_ptr(&mut self) -> *mut Self::Target

Source§

impl Clone for SecretKey

Source§

fn clone(&self) -> SecretKey

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SecretKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for SecretKey

Source§

fn deserialize<D: Deserializer<'de>>(d: D) -> Result<Self, D::Error>

Deserialize this value from the given Serde deserializer. Read more
Source§

impl<'a> From<&'a Keypair> for SecretKey

Source§

fn from(pair: &'a Keypair) -> Self

Converts to this type from the input type.
Source§

impl From<Keypair> for SecretKey

Source§

fn from(pair: Keypair) -> Self

Converts to this type from the input type.
Source§

impl From<SecretKey> for Scalar

Source§

fn from(value: SecretKey) -> Self

Converts to this type from the input type.
Source§

impl FromStr for SecretKey

Source§

type Err = Error

The associated error which can be returned from parsing.
Source§

fn from_str(s: &str) -> Result<Self, Self::Err>

Parses a string s to return a value of this type. Read more
Source§

impl<I> Index<I> for SecretKey
where [u8]: Index<I>,

Source§

type Output = <[u8] as Index<I>>::Output

The returned type after indexing.
Source§

fn index(&self, index: I) -> &Self::Output

Performs the indexing (container[index]) operation. Read more
Source§

impl PartialEq for SecretKey

Source§

fn eq(&self, other: &Self) -> bool

This implementation is designed to be constant time to help prevent side channel attacks.

1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for SecretKey

Source§

fn serialize<S: Serializer>(&self, s: S) -> Result<S::Ok, S::Error>

Serialize this value into the given Serde serializer. Read more
Source§

impl Copy for SecretKey

Source§

impl Eq for SecretKey

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,