Struct rama::tls::dep::rcgen::KeyPair

pub struct KeyPair { /* private fields */ }
Expand description

A key pair used to sign certificates and CSRs

Note that ring, the underlying library to handle RSA keys requires them to be in a special format, meaning that openssl genrsa doesn’t work. See ring’s documentation for how to generate RSA keys in the wanted format and conversion between the formats.

Implementations§

§

impl KeyPair

pub fn generate() -> Result<KeyPair, Error>

Generate a new random PKCS_ECDSA_P256_SHA256 key pair

pub fn generate_for(alg: &'static SignatureAlgorithm) -> Result<KeyPair, Error>

Generate a new random key pair for the specified signature algorithm

If you’re not sure which algorithm to use, PKCS_ECDSA_P256_SHA256 is a good choice. If passed an RSA signature algorithm, it depends on the backend whether we return a generated key or an error for key generation being unavailable. Currently, only aws-lc-rs supports RSA key generation.

pub fn algorithm(&self) -> &'static SignatureAlgorithm

Returns the key pair’s signature algorithm

pub fn from_pem(pem_str: &str) -> Result<KeyPair, Error>

Parses the key pair from the ASCII PEM format

If aws_lc_rs feature is used, then the key must be a DER-encoded plaintext private key; as specified in PKCS #8/RFC 5958, SEC1/RFC 5915, or PKCS#1/RFC 3447; Appears as “PRIVATE KEY”, “RSA PRIVATE KEY”, or “EC PRIVATE KEY” in PEM files.

Otherwise if the ring feature is used, then the key must be a DER-encoded plaintext private key; as specified in PKCS #8/RFC 5958; Appears as “PRIVATE KEY” in PEM files.

pub fn from_remote( key_pair: Box<dyn RemoteKeyPair + Send + Sync>, ) -> Result<KeyPair, Error>

Obtains the key pair from a raw public key and a remote private key

pub fn from_pkcs8_pem_and_sign_algo( pem_str: &str, alg: &'static SignatureAlgorithm, ) -> Result<KeyPair, Error>

Obtains the key pair from a DER formatted key using the specified SignatureAlgorithm

The key must be a DER-encoded plaintext private key; as specified in PKCS #8/RFC 5958;

Appears as “PRIVATE KEY” in PEM files Same as from_pkcs8_pem_and_sign_algo.

pub fn from_pkcs8_der_and_sign_algo( pkcs8: &PrivatePkcs8KeyDer<'_>, alg: &'static SignatureAlgorithm, ) -> Result<KeyPair, Error>

Obtains the key pair from a DER formatted key using the specified SignatureAlgorithm

If you have a PrivatePkcs8KeyDer, you can usually rely on the TryFrom implementation to obtain a KeyPair – it will determine the correct SignatureAlgorithm for you. However, sometimes multiple signature algorithms fit for the same DER key. In those instances, you can use this function to precisely specify the SignatureAlgorithm.

rustls_pemfile::private_key() is often used to obtain a PrivateKeyDer from PEM input. If the obtained PrivateKeyDer is a Pkcs8 variant, you can use its contents as input for this function. Alternatively, if you already have a byte slice containing DER, it can trivially be converted into PrivatePkcs8KeyDer using the Into trait.

pub fn from_pem_and_sign_algo( pem_str: &str, alg: &'static SignatureAlgorithm, ) -> Result<KeyPair, Error>

Obtains the key pair from a PEM formatted key using the specified SignatureAlgorithm

If aws_lc_rs feature is used, then the key must be a DER-encoded plaintext private key; as specified in PKCS #8/RFC 5958, SEC1/RFC 5915, or PKCS#1/RFC 3447; Appears as “PRIVATE KEY”, “RSA PRIVATE KEY”, or “EC PRIVATE KEY” in PEM files.

Otherwise if the ring feature is used, then the key must be a DER-encoded plaintext private key; as specified in PKCS #8/RFC 5958; Appears as “PRIVATE KEY” in PEM files.

Same as from_pem_and_sign_algo.

pub fn from_der_and_sign_algo( key: &PrivateKeyDer<'_>, alg: &'static SignatureAlgorithm, ) -> Result<KeyPair, Error>

Obtains the key pair from a DER formatted key using the specified SignatureAlgorithm

Note that using the ring feature, this function only support PrivateKeyDer::Pkcs8 variant. Consider using the aws_lc_rs features to support PrivateKeyDer fully.

If you have a PrivateKeyDer, you can usually rely on the TryFrom implementation to obtain a KeyPair – it will determine the correct SignatureAlgorithm for you. However, sometimes multiple signature algorithms fit for the same DER key. In those instances, you can use this function to precisely specify the SignatureAlgorithm.

You can use rustls_pemfile::private_key to get the key input. If you have already a byte slice, just calling try_into() will convert it to a PrivateKeyDer.

pub fn public_key_raw(&self) -> &[u8]

Get the raw public key of this key pair

The key is in raw format, as how [ring::signature::KeyPair::public_key] would output, and how [ring::signature::UnparsedPublicKey::verify] would accept.

pub fn is_compatible(&self, signature_algorithm: &SignatureAlgorithm) -> bool

Check if this key pair can be used with the given signature algorithm

pub fn compatible_algs( &self, ) -> impl Iterator<Item = &'static SignatureAlgorithm>

Returns (possibly multiple) compatible SignatureAlgorithm’s that the key can be used with

pub fn public_key_der(&self) -> Vec<u8>

Return the key pair’s public key in DER format

The key is formatted according to the SubjectPublicKeyInfo struct of X.509. See RFC 5280 section 4.1.

pub fn public_key_pem(&self) -> String

Return the key pair’s public key in PEM format

The returned string can be interpreted with openssl pkey --inform PEM -pubout -pubin -text

pub fn serialize_der(&self) -> Vec<u8>

Serializes the key pair (including the private key) in PKCS#8 format in DER

Panics if called on a remote key pair.

pub fn serialized_der(&self) -> &[u8]

Returns a reference to the serialized key pair (including the private key) in PKCS#8 format in DER

Panics if called on a remote key pair.

pub fn as_remote(&self) -> Option<&(dyn RemoteKeyPair + Send + Sync)>

Access the remote key pair if it is a remote one

pub fn serialize_pem(&self) -> String

Serializes the key pair (including the private key) in PKCS#8 format in PEM

Trait Implementations§

§

impl Debug for KeyPair

§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
§

impl TryFrom<&[u8]> for KeyPair

§

type Error = Error

The type returned in the event of a conversion error.
§

fn try_from(key: &[u8]) -> Result<KeyPair, Error>

Performs the conversion.
§

impl TryFrom<&PrivateKeyDer<'_>> for KeyPair

§

type Error = Error

The type returned in the event of a conversion error.
§

fn try_from(key: &PrivateKeyDer<'_>) -> Result<KeyPair, Error>

Performs the conversion.
§

impl TryFrom<&PrivatePkcs8KeyDer<'_>> for KeyPair

§

type Error = Error

The type returned in the event of a conversion error.
§

fn try_from(key: &PrivatePkcs8KeyDer<'_>) -> Result<KeyPair, Error>

Performs the conversion.
§

impl TryFrom<Vec<u8>> for KeyPair

§

type Error = Error

The type returned in the event of a conversion error.
§

fn try_from(key: Vec<u8>) -> Result<KeyPair, Error>

Performs the conversion.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> Conv for T

§

fn conv<T>(self) -> T
where Self: Into<T>,

Converts self into T using Into<T>. Read more
§

impl<T> FmtForward for T

§

fn fmt_binary(self) -> FmtBinary<Self>
where Self: Binary,

Causes self to use its Binary implementation when Debug-formatted.
§

fn fmt_display(self) -> FmtDisplay<Self>
where Self: Display,

Causes self to use its Display implementation when Debug-formatted.
§

fn fmt_lower_exp(self) -> FmtLowerExp<Self>
where Self: LowerExp,

Causes self to use its LowerExp implementation when Debug-formatted.
§

fn fmt_lower_hex(self) -> FmtLowerHex<Self>
where Self: LowerHex,

Causes self to use its LowerHex implementation when Debug-formatted.
§

fn fmt_octal(self) -> FmtOctal<Self>
where Self: Octal,

Causes self to use its Octal implementation when Debug-formatted.
§

fn fmt_pointer(self) -> FmtPointer<Self>
where Self: Pointer,

Causes self to use its Pointer implementation when Debug-formatted.
§

fn fmt_upper_exp(self) -> FmtUpperExp<Self>
where Self: UpperExp,

Causes self to use its UpperExp implementation when Debug-formatted.
§

fn fmt_upper_hex(self) -> FmtUpperHex<Self>
where Self: UpperHex,

Causes self to use its UpperHex implementation when Debug-formatted.
§

fn fmt_list(self) -> FmtList<Self>
where &'a Self: for<'a> IntoIterator,

Formats each item in a sequence. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FutureExt for T

§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pipe for T
where T: ?Sized,

§

fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> R
where Self: Sized,

Pipes by value. This is generally the method you want to use. Read more
§

fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> R
where R: 'a,

Borrows self and passes that borrow into the pipe function. Read more
§

fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> R
where R: 'a,

Mutably borrows self and passes that borrow into the pipe function. Read more
§

fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> R
where Self: Borrow<B>, B: 'a + ?Sized, R: 'a,

Borrows self, then passes self.borrow() into the pipe function. Read more
§

fn pipe_borrow_mut<'a, B, R>( &'a mut self, func: impl FnOnce(&'a mut B) -> R, ) -> R
where Self: BorrowMut<B>, B: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.borrow_mut() into the pipe function. Read more
§

fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> R
where Self: AsRef<U>, U: 'a + ?Sized, R: 'a,

Borrows self, then passes self.as_ref() into the pipe function.
§

fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> R
where Self: AsMut<U>, U: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.as_mut() into the pipe function.
§

fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> R
where Self: Deref<Target = T>, T: 'a + ?Sized, R: 'a,

Borrows self, then passes self.deref() into the pipe function.
§

fn pipe_deref_mut<'a, T, R>( &'a mut self, func: impl FnOnce(&'a mut T) -> R, ) -> R
where Self: DerefMut<Target = T> + Deref, T: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.deref_mut() into the pipe function.
§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<S, P, B, E>(self, other: P) -> And<T, P>
where T: Policy<S, B, E>, P: Policy<S, B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
§

fn or<S, P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<S, B, E>, P: Policy<S, B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
source§

impl<T> Same for T

§

type Output = T

Should always be Self
§

impl<T> Tap for T

§

fn tap(self, func: impl FnOnce(&Self)) -> Self

Immutable access to a value. Read more
§

fn tap_mut(self, func: impl FnOnce(&mut Self)) -> Self

Mutable access to a value. Read more
§

fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Self
where Self: Borrow<B>, B: ?Sized,

Immutable access to the Borrow<B> of a value. Read more
§

fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Self
where Self: BorrowMut<B>, B: ?Sized,

Mutable access to the BorrowMut<B> of a value. Read more
§

fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Self
where Self: AsRef<R>, R: ?Sized,

Immutable access to the AsRef<R> view of a value. Read more
§

fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Self
where Self: AsMut<R>, R: ?Sized,

Mutable access to the AsMut<R> view of a value. Read more
§

fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Self
where Self: Deref<Target = T>, T: ?Sized,

Immutable access to the Deref::Target of a value. Read more
§

fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Self
where Self: DerefMut<Target = T> + Deref, T: ?Sized,

Mutable access to the Deref::Target of a value. Read more
§

fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self

Calls .tap() only in debug builds, and is erased in release builds.
§

fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self

Calls .tap_mut() only in debug builds, and is erased in release builds.
§

fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Self
where Self: Borrow<B>, B: ?Sized,

Calls .tap_borrow() only in debug builds, and is erased in release builds.
§

fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Self
where Self: BorrowMut<B>, B: ?Sized,

Calls .tap_borrow_mut() only in debug builds, and is erased in release builds.
§

fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Self
where Self: AsRef<R>, R: ?Sized,

Calls .tap_ref() only in debug builds, and is erased in release builds.
§

fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Self
where Self: AsMut<R>, R: ?Sized,

Calls .tap_ref_mut() only in debug builds, and is erased in release builds.
§

fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Self
where Self: Deref<Target = T>, T: ?Sized,

Calls .tap_deref() only in debug builds, and is erased in release builds.
§

fn tap_deref_mut_dbg<T>(self, func: impl FnOnce(&mut T)) -> Self
where Self: DerefMut<Target = T> + Deref, T: ?Sized,

Calls .tap_deref_mut() only in debug builds, and is erased in release builds.
§

impl<T> TryConv for T

§

fn try_conv<T>(self) -> Result<T, Self::Error>
where Self: TryInto<T>,

Attempts to convert self into T using TryInto<T>. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more