Restorer.IdSourceThe object ID passed in the Cap'n Proto Bootstrap message.
generate () is a fresh unguessable service ID. Note: you must initialise `Nocrypto`'s entropy before calling this (you will get a runtime error if you forget).
derived ~secret name is a service ID based on secret and name. It is calculated as SHA256.hmac secret name. secret could be the hash of a private key file, for example.
public name is the service ID name. This may be useful for interoperability with non-secure clients that expect to use a plain-text service ID (e.g. "calculator"). It could also be useful if name is some unguessable token you have generated yourself.
digest h id is the digest h id.
Since id is normally a secret token, we must be careful not to allow timing attacks (taking a slightly different amount of time to return an error depending on how much of the ID the caller guessed correctly). Taking a secure hash of the value first is one way to avoid this, since revealing the hash isn't helpful to the attacker.