cossacklabs · vixentael · Feb 4, 2019 · Feb 2, 2019 · Feb 2, 2019 · Feb 4, 2019
@@ -30,8 +30,8 @@ FLAGS:
     -V, --version    Prints version information
 
 OPTIONS:
-        --public <path>    Public key file (default: public.key)
-        --secret <path>    Secret key file (default: secret.key)
+        --private <path>    Private key file (default: private.key)
+        --public <path>     Public key file (default: public.key)
 ```
 
 Note that the arguments are passed after `--`.

@@ -22,18 +22,18 @@ fn main() {
     let matches = clap_app!(keygen =>
         (version: env!("CARGO_PKG_VERSION"))
         (about: "Generating ECDSA key pairs.")
-        (@arg secret: --secret [path] "Secret key file (default: secret.key)")
+        (@arg private: --private [path] "Private key file (default: private.key)")
         (@arg public: --public [path] "Public key file (default: public.key)")
     )
     .get_matches();
-    let secret_path = matches.value_of("secret").unwrap_or("secret.key");
+    let private_path = matches.value_of("private").unwrap_or("private.key");
     let public_path = matches.value_of("public").unwrap_or("public.key");
 
-    let (secret_key, public_key) = gen_ec_key_pair().split();
+    let (private_key, public_key) = gen_ec_key_pair().split();
 
-    match write_file(&secret_key, &secret_path) {
-        Ok(_) => eprintln!("wrote secret key to {}", secret_path),
-        Err(e) => eprintln!("failed to write secret key to {}: {}", secret_path, e),
+    match write_file(&private_key, &private_path) {
+        Ok(_) => eprintln!("wrote private key to {}", private_path),
+        Err(e) => eprintln!("failed to write private key to {}: {}", private_path, e),
     }
     match write_file(&public_key, &public_path) {
         Ok(_) => eprintln!("wrote public key to {}", public_path),

@@ -22,7 +22,7 @@ use std::sync::Arc;
 use std::thread;
 
 use clap::clap_app;
-use themis::keys::{KeyPair, PublicKey, SecretKey};
+use themis::keys::{KeyPair, PrivateKey, PublicKey};
 use themis::secure_message::SecureMessage;
 
 fn main() {
@@ -31,21 +31,21 @@ fn main() {
     let matches = clap_app!(secure_message_client_encrypt =>
         (version: env!("CARGO_PKG_VERSION"))
         (about: "Secure Message chat client (encrypt).")
-        (@arg secret: --secret [path] "Secret key file (default: secret.key)")
+        (@arg private: --private [path] "Private key file (default: private.key)")
         (@arg public: --public [path] "Public key file (default: public.key)")
         (@arg address: -c --connect [addr] "Relay server address (default: localhost:7573)")
     )
     .get_matches();
 
-    let secret_path = matches.value_of("secret").unwrap_or("secret.key");
+    let private_path = matches.value_of("private").unwrap_or("private.key");
     let public_path = matches.value_of("public").unwrap_or("public.key");
     let remote_addr = matches.value_of("address").unwrap_or("localhost:7573");
 
-    let secret_key = read_file(&secret_path).expect("read secret key");
-    let secret_key = SecretKey::try_from_slice(secret_key).expect("parse secret key");
+    let private_key = read_file(&private_path).expect("read private key");
+    let private_key = PrivateKey::try_from_slice(private_key).expect("parse private key");
     let public_key = read_file(&public_path).expect("read public key");
     let public_key = PublicKey::try_from_slice(public_key).expect("parse public key");
-    let key_pair = KeyPair::try_join(secret_key, public_key).expect("matching keys");
+    let key_pair = KeyPair::try_join(private_key, public_key).expect("matching keys");
 
     let socket = UdpSocket::bind("localhost:0").expect("client socket");
     socket.connect(&remote_addr).expect("client connection");

@@ -21,7 +21,7 @@ use std::net::UdpSocket;
 use std::thread;
 
 use clap::clap_app;
-use themis::keys::{PublicKey, SecretKey};
+use themis::keys::{PrivateKey, PublicKey};
 use themis::secure_message::{SecureSign, SecureVerify};
 
 fn main() {
@@ -30,18 +30,18 @@ fn main() {
     let matches = clap_app!(secure_message_client_verify =>
         (version: env!("CARGO_PKG_VERSION"))
         (about: "Secure Message chat client (sign/verify).")
-        (@arg secret: --secret [path] "Secret key file (default: secret.key)")
+        (@arg private: --private [path] "Private key file (default: private.key)")
         (@arg public: --public [path] "Public key file (default: public.key)")
         (@arg address: -c --connect [addr] "Relay server address (default: localhost:7573)")
     )
     .get_matches();
 
-    let secret_path = matches.value_of("secret").unwrap_or("secret.key");
+    let private_path = matches.value_of("private").unwrap_or("private.key");
     let public_path = matches.value_of("public").unwrap_or("public.key");
     let remote_addr = matches.value_of("address").unwrap_or("localhost:7573");
 
-    let secret_key = read_file(&secret_path).expect("read secret key");
-    let secret_key = SecretKey::try_from_slice(secret_key).expect("parse secret key");
+    let private_key = read_file(&private_path).expect("read private key");
+    let private_key = PrivateKey::try_from_slice(private_key).expect("parse private key");
     let public_key = read_file(&public_path).expect("read public key");
     let public_key = PublicKey::try_from_slice(public_key).expect("parse public key");
 
@@ -54,7 +54,7 @@ fn main() {
     // Each of the threads is using its own object for message processing.
     // Also note that SecureSign/SecureVerify API is deliberately different from SecureMessage.
     let receive_secure = SecureVerify::new(public_key);
-    let relay_secure = SecureSign::new(secret_key);
+    let relay_secure = SecureSign::new(private_key);
 
     let receive = thread::spawn(move || {
         let receive_message = || -> io::Result<()> {

@@ -14,7 +14,12 @@ The version currently under development.
   `encrypt` and `decrypt` respectively. Their parameters have been
   changed to use _impl Trait_ instead of explicit generics. ([#358])
 
+- Asymmetric key structures have been renamed in order to be consistent
+  with other language wrappers. They are now called `PrivateKey` instead
+  of `SecretKey` (ditto for `RsaSecretKey`, `EcdsaSecretKey`). ([#362])
+
 [#358]: https://github.com/cossacklabs/themis/pull/358
+[#362]: https://github.com/cossacklabs/themis/pull/362
 
 Version 0.0.3 — 2019-01-17
 ==========================

@@ -18,8 +18,8 @@
 //! These keys are used by [`SecureMessage`] and [`SecureSession`] objects.
 //!
 //! This module contains functions for securely generating random key pairs. Note that managing
-//! resulting keys is _your_ responsibility. You have to make sure that secret keys are kept
-//! secret when distributed to your users, and that public keys that you use come from trusted
+//! resulting keys is _your_ responsibility. You have to make sure that private keys are kept
+//! private when distributed to your users, and that public keys that you use come from trusted
 //! sources. You can consult [our guidelines][key-management] for some advice on key management.
 //!
 //! [`SecureMessage`]: ../secure_message/index.html
@@ -51,7 +51,7 @@ use bindings::{themis_gen_ec_key_pair, themis_gen_rsa_key_pair};
 
 use crate::error::{Error, ErrorKind, Result};
 use crate::keys::{
-    EcdsaKeyPair, EcdsaPublicKey, EcdsaSecretKey, RsaKeyPair, RsaPublicKey, RsaSecretKey,
+    EcdsaKeyPair, EcdsaPrivateKey, EcdsaPublicKey, RsaKeyPair, RsaPrivateKey, RsaPublicKey,
 };
 
 /// Generates a pair of RSA keys.
@@ -69,17 +69,17 @@ pub fn gen_rsa_key_pair() -> RsaKeyPair {
     }
 }
 
-/// Generates a secret-public pair of RSA keys.
+/// Generates a private-public pair of RSA keys.
 fn try_gen_rsa_key_pair() -> Result<RsaKeyPair> {
-    let mut secret_key = Vec::new();
+    let mut private_key = Vec::new();
     let mut public_key = Vec::new();
-    let mut secret_key_len = 0;
+    let mut private_key_len = 0;
     let mut public_key_len = 0;
 
     unsafe {
         let status = themis_gen_rsa_key_pair(
             ptr::null_mut(),
-            &mut secret_key_len,
+            &mut private_key_len,
             ptr::null_mut(),
             &mut public_key_len,
         );
@@ -89,29 +89,29 @@ fn try_gen_rsa_key_pair() -> Result<RsaKeyPair> {
         }
     }
 
-    secret_key.reserve(secret_key_len);
-    public_key.reserve(secret_key_len);
+    private_key.reserve(private_key_len);
+    public_key.reserve(public_key_len);
 
     unsafe {
         let status = themis_gen_rsa_key_pair(
-            secret_key.as_mut_ptr(),
-            &mut secret_key_len,
+            private_key.as_mut_ptr(),
+            &mut private_key_len,
             public_key.as_mut_ptr(),
             &mut public_key_len,
         );
         let error = Error::from_themis_status(status);
         if error.kind() != ErrorKind::Success {
             return Err(error);
         }
-        debug_assert!(secret_key_len <= secret_key.capacity());
+        debug_assert!(private_key_len <= private_key.capacity());
         debug_assert!(public_key_len <= public_key.capacity());
-        secret_key.set_len(secret_key_len as usize);
+        private_key.set_len(private_key_len as usize);
         public_key.set_len(public_key_len as usize);
     }
 
-    let secret_key = RsaSecretKey::from_vec(secret_key);
+    let private_key = RsaPrivateKey::from_vec(private_key);
     let public_key = RsaPublicKey::from_vec(public_key);
-    Ok(RsaKeyPair::join(secret_key, public_key))
+    Ok(RsaKeyPair::join(private_key, public_key))
 }
 
 /// Generates a pair of Elliptic Curve (ECDSA) keys.
@@ -129,17 +129,17 @@ pub fn gen_ec_key_pair() -> EcdsaKeyPair {
     }
 }
 
-/// Generates a secret-public pair of ECDSA keys.
+/// Generates a private-public pair of ECDSA keys.
 fn try_gen_ec_key_pair() -> Result<EcdsaKeyPair> {
-    let mut secret_key = Vec::new();
+    let mut private_key = Vec::new();
     let mut public_key = Vec::new();
-    let mut secret_key_len = 0;
+    let mut private_key_len = 0;
     let mut public_key_len = 0;
 
     unsafe {
         let status = themis_gen_ec_key_pair(
             ptr::null_mut(),
-            &mut secret_key_len,
+            &mut private_key_len,
             ptr::null_mut(),
             &mut public_key_len,
         );
@@ -149,27 +149,27 @@ fn try_gen_ec_key_pair() -> Result<EcdsaKeyPair> {
         }
     }
 
-    secret_key.reserve(secret_key_len);
-    public_key.reserve(secret_key_len);
+    private_key.reserve(private_key_len);
+    public_key.reserve(public_key_len);
 
     unsafe {
         let status = themis_gen_ec_key_pair(
-            secret_key.as_mut_ptr(),
-            &mut secret_key_len,
+            private_key.as_mut_ptr(),
+            &mut private_key_len,
             public_key.as_mut_ptr(),
             &mut public_key_len,
         );
         let error = Error::from_themis_status(status);
         if error.kind() != ErrorKind::Success {
             return Err(error);
         }
-        debug_assert!(secret_key_len <= secret_key.capacity());
+        debug_assert!(private_key_len <= private_key.capacity());
         debug_assert!(public_key_len <= public_key.capacity());
-        secret_key.set_len(secret_key_len as usize);
+        private_key.set_len(private_key_len as usize);
         public_key.set_len(public_key_len as usize);
     }
 
-    let secret_key = EcdsaSecretKey::from_vec(secret_key);
+    let private_key = EcdsaPrivateKey::from_vec(private_key);
     let public_key = EcdsaPublicKey::from_vec(public_key);
-    Ok(EcdsaKeyPair::join(secret_key, public_key))
+    Ok(EcdsaKeyPair::join(private_key, public_key))
 }