Struct Ed25519KeyPair

pub struct Ed25519KeyPair { /* private fields */ }

An Ed25519 key pair, for signing.

Implementations

impl Ed25519KeyPair

pub fn generate() -> Result<Ed25519KeyPair, Unspecified>

Generates a new key pair and returns the key pair.

Errors

error::Unspecified if key generation fails.

pub fn generate_pkcs8(_rng: &dyn SecureRandom) -> Result<Document, Unspecified>

Generates a new key pair and returns the key pair serialized as a PKCS#8 document.

The PKCS#8 document will be a v2 OneAsymmetricKey with the public key, as described in RFC 5958 Section 2; see RFC 8410 Section 10.3 for an example.

ring Compatibility

The ring 0.16.x API did not produce encoded v2 documents that were compliant with RFC 5958. The aws-lc-ring implementation produces PKCS#8 v2 encoded documents that are compliant per the RFC specification.

Our implementation ignores the SecureRandom parameter.

Errors

error::Unspecified if rng cannot provide enough bits or if there’s an internal error.

pub fn to_pkcs8(&self) -> Result<Document, Unspecified>

Serializes this Ed25519KeyPair into a PKCS#8 v2 document.

Errors

error::Unspecified on internal error.

pub fn generate_pkcs8v1( _rng: &dyn SecureRandom, ) -> Result<Document, Unspecified>

Generates a Ed25519KeyPair using the rng provided, then serializes that key as a PKCS#8 document.

The PKCS#8 document will be a v1 PrivateKeyInfo structure (RFC5208). Use this method when needing to produce documents that are compatible with the OpenSSL CLI.

ring Compatibility

Our implementation ignores the SecureRandom parameter.

Errors

error::Unspecified if rng cannot provide enough bits or if there’s an internal error.

pub fn to_pkcs8v1(&self) -> Result<Document, Unspecified>

Serializes this Ed25519KeyPair into a PKCS#8 v1 document.

Errors

error::Unspecified on internal error.

pub fn from_seed_and_public_key( seed: &[u8], public_key: &[u8], ) -> Result<Ed25519KeyPair, KeyRejected>

Constructs an Ed25519 key pair from the private key seed seed and its public key public_key.

It is recommended to use Ed25519KeyPair::from_pkcs8() instead.

The private and public keys will be verified to be consistent with each other. This helps avoid misuse of the key (e.g. accidentally swapping the private key and public key, or using the wrong private key for the public key). This also detects any corruption of the public or private key.

Errors

error::KeyRejected if parse error, or if key is otherwise unacceptable.

pub fn from_seed_unchecked(seed: &[u8]) -> Result<Ed25519KeyPair, KeyRejected>

Constructs an Ed25519 key pair from the private key seed seed.

It is recommended to use Ed25519KeyPair::from_pkcs8() instead. If the public key is available, prefer to use Ed25519KeyPair::from_seed_and_public_key() as it will verify the validity of the key pair.

CAUTION: Both an Ed25519 seed and its public key are 32-bytes. If the bytes of a public key are provided this function will create an (effectively) invalid Ed25519KeyPair. This problem is undetectable by the API.

Errors

error::KeyRejected if parse error, or if key is otherwise unacceptable.

pub fn from_pkcs8(pkcs8: &[u8]) -> Result<Ed25519KeyPair, KeyRejected>

Constructs an Ed25519 key pair by parsing an unencrypted PKCS#8 v1 or v2 Ed25519 private key.

openssl genpkey -algorithm ED25519 generates PKCS#8 v1 keys.

Ring Compatibility

• This method accepts either v1 or v2 encoded keys, if a v2 encoded key is provided, with the public key component present, it will be verified to match the one derived from the encoded private key.
• The ring 0.16.x API did not produce encoded v2 documents that were compliant with RFC 5958. The aws-lc-ring implementation produces PKCS#8 v2 encoded documents that are compliant per the RFC specification.

Errors

error::KeyRejected on parse error, or if key is otherwise unacceptable.

pub fn from_pkcs8_maybe_unchecked( pkcs8: &[u8], ) -> Result<Ed25519KeyPair, KeyRejected>

Constructs an Ed25519 key pair by parsing an unencrypted PKCS#8 v1 or v2 Ed25519 private key.

openssl genpkey -algorithm ED25519 generates PKCS# v1 keys.

Ring Compatibility

• This method accepts either v1 or v2 encoded keys, if a v2 encoded key is provided, with the public key component present, it will be verified to match the one derived from the encoded private key.
• The ring 0.16.x API did not produce encoded v2 documents that were compliant with RFC 5958. The aws-lc-ring implementation produces PKCS#8 v2 encoded documents that are compliant per the RFC specification.

Errors

error::KeyRejected on parse error, or if key is otherwise unacceptable.

pub fn sign(&self, msg: &[u8]) -> Signature

Returns the signature of the message msg.

Panics

Panics if the message is unable to be signed

pub fn try_sign(&self, msg: &[u8]) -> Result<Signature, Unspecified>

Returns the signature of the message msg.

Errors

Returns error::Unspecified if the signing operation fails.

pub fn seed(&self) -> Result<Seed<'static>, Unspecified>

Provides the private key “seed” for this Ed25519 key pair.

For serialization of the key pair, Ed25519KeyPair::to_pkcs8() is preferred.

Errors

Currently the function cannot fail, but it might in future implementations.

Trait Implementations

impl AsDer<Pkcs8V1Der<'static>> for Ed25519KeyPair

fn as_der(&self) -> Result<Pkcs8V1Der<'static>, Unspecified>

Serializes this Ed25519KeyPair into a PKCS#8 v1 document.

Errors

error::Unspecified on internal error.

impl AsDer<Pkcs8V2Der<'static>> for Ed25519KeyPair

fn as_der(&self) -> Result<Pkcs8V2Der<'static>, Unspecified>

Serializes this Ed25519KeyPair into a PKCS#8 v1 document.

Errors

error::Unspecified on internal error.

impl Debug for Ed25519KeyPair

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl KeyPair for Ed25519KeyPair

type PublicKey = PublicKey

The type of the public key.

fn public_key(&self) -> &<Ed25519KeyPair as KeyPair>::PublicKey

The public key for the key pair.

impl Send for Ed25519KeyPair

impl Sync for Ed25519KeyPair