val generate : unit -> t
generate () is a fresh unguessable service ID. Note: you must initialise `Nocrypto`'s entropy before calling this (you will get a runtime error if you forget).
val derived : secret:string -> string -> t
derived ~secret name is a service ID based on
name. It is calculated as
SHA256.hmac secret name.
secret could be the hash of a private key file, for example.
val public : string -> t
public name is the service ID
name. This may be useful for interoperability with non-secure clients that expect to use a plain-text service ID (e.g. "calculator"). It could also be useful if
name is some unguessable token you have generated yourself.
digest h id is the digest
id is normally a secret token, we must be careful not to allow timing attacks (taking a slightly different amount of time to return an error depending on how much of the ID the caller guessed correctly). Taking a secure hash of the value first is one way to avoid this, since revealing the hash isn't helpful to the attacker.
val to_string : t -> string
to_string t is the raw bytes of