Struct KeyPair

pub struct KeyPair { /* private fields */ }

An RSA key pair, used for signing.

Implementations

impl KeyPair

pub fn generate(size: KeySize) -> Result<Self, Unspecified>

Generate a RSA KeyPair of the specified key-strength.

Supports the following key sizes:

• KeySize::Rsa2048
• KeySize::Rsa3072
• KeySize::Rsa4096
• KeySize::Rsa8192

Errors

• Unspecified: Any key generation failure.

pub fn from_pkcs8(pkcs8: &[u8]) -> Result<Self, KeyRejected>

Parses an unencrypted PKCS#8 DER encoded RSA private key.

Keys can be generated using KeyPair::generate.

ring-compatibility

aws-lc-rs does not impose the same limitations that ring does for RSA keys. Thus signatures may be generated by keys that are not accepted by ring. In particular:

• RSA private keys ranging between 2048-bit keys and 8192-bit keys are supported.
• The public exponent does not have a required minimum size.

Errors

error::KeyRejected if bytes do not encode an RSA private key or if the key is otherwise not acceptable.

pub fn from_der(input: &[u8]) -> Result<Self, KeyRejected>

Parses a DER-encoded RSAPrivateKey structure (RFC 8017).

Errors

error:KeyRejected on error.

pub fn sign( &self, padding_alg: &'static dyn RsaEncoding, _rng: &dyn SecureRandom, msg: &[u8], signature: &mut [u8], ) -> Result<(), Unspecified>

Sign msg. msg is digested using the digest algorithm from padding_alg and the digest is then padded using the padding algorithm from padding_alg. The signature is written into signature; signature’s length must be exactly the length returned by public_modulus_len().

This function does not take a precomputed digest; instead, sign calculates the digest itself. See sign_digest.

ring Compatibility

Our implementation ignores the SecureRandom parameter.

Errors

error::Unspecified on error. With “fips” feature enabled, errors if digest length is greater than u32::MAX.

pub fn sign_digest( &self, padding_alg: &'static dyn RsaEncoding, digest: &Digest, signature: &mut [u8], ) -> Result<(), Unspecified>

The digest is padded using the padding algorithm from padding_alg. The signature is written into signature; signature’s length must be exactly the length returned by public_modulus_len().

ring Compatibility

Our implementation ignores the SecureRandom parameter.

Errors

error::Unspecified on error. With “fips” feature enabled, errors if digest length is greater than u32::MAX.

pub fn public_modulus_len(&self) -> usize

Returns the length in bytes of the key pair’s public modulus.

A signature has the same length as the public modulus.

Trait Implementations

impl AsDer<Pkcs8V1Der<'static>> for KeyPair

fn as_der(&self) -> Result<Pkcs8V1Der<'static>, Unspecified>

Serializes into a DER format.

impl Debug for KeyPair

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl KeyPair for KeyPair

type PublicKey = PublicKey

The type of the public key.

fn public_key(&self) -> &Self::PublicKey

The public key for the key pair.

impl Send for KeyPair

impl Sync for KeyPair