pub struct LAPrivateKey { /* private fields */ }Expand description
Managed wrapper around Apple’s LAPrivateKey.
Implementations§
Source§impl LAPrivateKey
impl LAPrivateKey
Sourcepub fn public_key(&self) -> Result<LAPublicKey>
pub fn public_key(&self) -> Result<LAPublicKey>
Borrow the public-key counterpart of this private key.
§Errors
Returns an error if the Swift bridge rejects the request.
Examples found in repository?
examples/09_public_key.rs (line 45)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13 let store = LARightStore::shared()?;
14 let first_right = LARight::new()?;
15 let second_right = LARight::new()?;
16 let first_identifier = unique_identifier("public-key-a");
17 let second_identifier = unique_identifier("public-key-b");
18
19 match store.save_right(&first_right, &first_identifier) {
20 Ok(first) => {
21 let public_key = first.public_key()?;
22 let sign = SecKeyAlgorithm::ecdsa_signature_message_x962_sha256();
23 let encrypt =
24 SecKeyAlgorithm::ecies_encryption_cofactor_variable_iv_x963_sha256_aes_gcm();
25 let exchange = SecKeyAlgorithm::ecdh_key_exchange_cofactor_x963_sha256();
26 let first_private_key = first.key()?;
27
28 println!("public key bytes: {}", public_key.export_bytes()?.len());
29 println!("can verify: {}", public_key.can_verify_using(&sign)?);
30 println!("can encrypt: {}", public_key.can_encrypt_using(&encrypt)?);
31 println!("private key can sign: {}", first_private_key.can_sign_using(&sign)?);
32 println!(
33 "private key can exchange: {}",
34 first_private_key.can_exchange_keys_using(&exchange)?
35 );
36
37 match store.save_right(&second_right, &second_identifier) {
38 Ok(second) => {
39 let second_private_key = second.key()?;
40 if first_private_key.can_exchange_keys_using(&exchange)?
41 && second_private_key.can_exchange_keys_using(&exchange)?
42 {
43 let parameters = SecKeyExchangeParameters::with_requested_size(32)
44 .with_shared_info(b"localauthentication-rs");
45 let first_public_key = first_private_key.public_key()?.export_bytes()?;
46 let second_public_key = second_private_key.public_key()?.export_bytes()?;
47
48 match (
49 first_private_key.exchange_keys_with_public_key(
50 &second_public_key,
51 &exchange,
52 ¶meters,
53 ),
54 second_private_key.exchange_keys_with_public_key(
55 &first_public_key,
56 &exchange,
57 ¶meters,
58 ),
59 ) {
60 (Ok(first_secret), Ok(second_secret)) => {
61 println!("shared secret bytes: {}", first_secret.len());
62 println!("shared secrets match: {}", first_secret == second_secret);
63 }
64 (Err(error), _) | (_, Err(error)) => {
65 println!("key exchange requires additional system support: {error}");
66 }
67 }
68 }
69 store.remove_right(&second)?;
70 }
71 Err(error) => {
72 println!("key-exchange demo needs two persisted keys: {error}");
73 }
74 }
75
76 store.remove_right(&first)?;
77 }
78 Err(error) => {
79 println!("public-key APIs need entitlements on many systems: {error}");
80 }
81 }
82
83 println!("✅ public-key smoke OK");
84 Ok(())
85}Sourcepub fn can_sign_using(&self, algorithm: &SecKeyAlgorithm) -> Result<bool>
pub fn can_sign_using(&self, algorithm: &SecKeyAlgorithm) -> Result<bool>
Check whether an algorithm can sign with this key.
§Errors
Returns an error if the Swift bridge rejects the request.
Examples found in repository?
examples/09_public_key.rs (line 31)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13 let store = LARightStore::shared()?;
14 let first_right = LARight::new()?;
15 let second_right = LARight::new()?;
16 let first_identifier = unique_identifier("public-key-a");
17 let second_identifier = unique_identifier("public-key-b");
18
19 match store.save_right(&first_right, &first_identifier) {
20 Ok(first) => {
21 let public_key = first.public_key()?;
22 let sign = SecKeyAlgorithm::ecdsa_signature_message_x962_sha256();
23 let encrypt =
24 SecKeyAlgorithm::ecies_encryption_cofactor_variable_iv_x963_sha256_aes_gcm();
25 let exchange = SecKeyAlgorithm::ecdh_key_exchange_cofactor_x963_sha256();
26 let first_private_key = first.key()?;
27
28 println!("public key bytes: {}", public_key.export_bytes()?.len());
29 println!("can verify: {}", public_key.can_verify_using(&sign)?);
30 println!("can encrypt: {}", public_key.can_encrypt_using(&encrypt)?);
31 println!("private key can sign: {}", first_private_key.can_sign_using(&sign)?);
32 println!(
33 "private key can exchange: {}",
34 first_private_key.can_exchange_keys_using(&exchange)?
35 );
36
37 match store.save_right(&second_right, &second_identifier) {
38 Ok(second) => {
39 let second_private_key = second.key()?;
40 if first_private_key.can_exchange_keys_using(&exchange)?
41 && second_private_key.can_exchange_keys_using(&exchange)?
42 {
43 let parameters = SecKeyExchangeParameters::with_requested_size(32)
44 .with_shared_info(b"localauthentication-rs");
45 let first_public_key = first_private_key.public_key()?.export_bytes()?;
46 let second_public_key = second_private_key.public_key()?.export_bytes()?;
47
48 match (
49 first_private_key.exchange_keys_with_public_key(
50 &second_public_key,
51 &exchange,
52 ¶meters,
53 ),
54 second_private_key.exchange_keys_with_public_key(
55 &first_public_key,
56 &exchange,
57 ¶meters,
58 ),
59 ) {
60 (Ok(first_secret), Ok(second_secret)) => {
61 println!("shared secret bytes: {}", first_secret.len());
62 println!("shared secrets match: {}", first_secret == second_secret);
63 }
64 (Err(error), _) | (_, Err(error)) => {
65 println!("key exchange requires additional system support: {error}");
66 }
67 }
68 }
69 store.remove_right(&second)?;
70 }
71 Err(error) => {
72 println!("key-exchange demo needs two persisted keys: {error}");
73 }
74 }
75
76 store.remove_right(&first)?;
77 }
78 Err(error) => {
79 println!("public-key APIs need entitlements on many systems: {error}");
80 }
81 }
82
83 println!("✅ public-key smoke OK");
84 Ok(())
85}Sourcepub fn can_decrypt_using(&self, algorithm: &SecKeyAlgorithm) -> Result<bool>
pub fn can_decrypt_using(&self, algorithm: &SecKeyAlgorithm) -> Result<bool>
Check whether an algorithm can decrypt with this key.
§Errors
Returns an error if the Swift bridge rejects the request.
Sourcepub fn can_exchange_keys_using(
&self,
algorithm: &SecKeyAlgorithm,
) -> Result<bool>
pub fn can_exchange_keys_using( &self, algorithm: &SecKeyAlgorithm, ) -> Result<bool>
Check whether an algorithm can be used for key exchange.
§Errors
Returns an error if the Swift bridge rejects the request.
Examples found in repository?
examples/09_public_key.rs (line 34)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13 let store = LARightStore::shared()?;
14 let first_right = LARight::new()?;
15 let second_right = LARight::new()?;
16 let first_identifier = unique_identifier("public-key-a");
17 let second_identifier = unique_identifier("public-key-b");
18
19 match store.save_right(&first_right, &first_identifier) {
20 Ok(first) => {
21 let public_key = first.public_key()?;
22 let sign = SecKeyAlgorithm::ecdsa_signature_message_x962_sha256();
23 let encrypt =
24 SecKeyAlgorithm::ecies_encryption_cofactor_variable_iv_x963_sha256_aes_gcm();
25 let exchange = SecKeyAlgorithm::ecdh_key_exchange_cofactor_x963_sha256();
26 let first_private_key = first.key()?;
27
28 println!("public key bytes: {}", public_key.export_bytes()?.len());
29 println!("can verify: {}", public_key.can_verify_using(&sign)?);
30 println!("can encrypt: {}", public_key.can_encrypt_using(&encrypt)?);
31 println!("private key can sign: {}", first_private_key.can_sign_using(&sign)?);
32 println!(
33 "private key can exchange: {}",
34 first_private_key.can_exchange_keys_using(&exchange)?
35 );
36
37 match store.save_right(&second_right, &second_identifier) {
38 Ok(second) => {
39 let second_private_key = second.key()?;
40 if first_private_key.can_exchange_keys_using(&exchange)?
41 && second_private_key.can_exchange_keys_using(&exchange)?
42 {
43 let parameters = SecKeyExchangeParameters::with_requested_size(32)
44 .with_shared_info(b"localauthentication-rs");
45 let first_public_key = first_private_key.public_key()?.export_bytes()?;
46 let second_public_key = second_private_key.public_key()?.export_bytes()?;
47
48 match (
49 first_private_key.exchange_keys_with_public_key(
50 &second_public_key,
51 &exchange,
52 ¶meters,
53 ),
54 second_private_key.exchange_keys_with_public_key(
55 &first_public_key,
56 &exchange,
57 ¶meters,
58 ),
59 ) {
60 (Ok(first_secret), Ok(second_secret)) => {
61 println!("shared secret bytes: {}", first_secret.len());
62 println!("shared secrets match: {}", first_secret == second_secret);
63 }
64 (Err(error), _) | (_, Err(error)) => {
65 println!("key exchange requires additional system support: {error}");
66 }
67 }
68 }
69 store.remove_right(&second)?;
70 }
71 Err(error) => {
72 println!("key-exchange demo needs two persisted keys: {error}");
73 }
74 }
75
76 store.remove_right(&first)?;
77 }
78 Err(error) => {
79 println!("public-key APIs need entitlements on many systems: {error}");
80 }
81 }
82
83 println!("✅ public-key smoke OK");
84 Ok(())
85}Sourcepub fn exchange_keys_with_public_key(
&self,
public_key: &[u8],
algorithm: &SecKeyAlgorithm,
parameters: &SecKeyExchangeParameters,
) -> Result<Vec<u8>>
pub fn exchange_keys_with_public_key( &self, public_key: &[u8], algorithm: &SecKeyAlgorithm, parameters: &SecKeyExchangeParameters, ) -> Result<Vec<u8>>
Perform a Diffie-Hellman-style key exchange with a remote public key.
§Errors
Returns a mapped framework or bridge error if key exchange fails.
Examples found in repository?
examples/09_public_key.rs (lines 49-53)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13 let store = LARightStore::shared()?;
14 let first_right = LARight::new()?;
15 let second_right = LARight::new()?;
16 let first_identifier = unique_identifier("public-key-a");
17 let second_identifier = unique_identifier("public-key-b");
18
19 match store.save_right(&first_right, &first_identifier) {
20 Ok(first) => {
21 let public_key = first.public_key()?;
22 let sign = SecKeyAlgorithm::ecdsa_signature_message_x962_sha256();
23 let encrypt =
24 SecKeyAlgorithm::ecies_encryption_cofactor_variable_iv_x963_sha256_aes_gcm();
25 let exchange = SecKeyAlgorithm::ecdh_key_exchange_cofactor_x963_sha256();
26 let first_private_key = first.key()?;
27
28 println!("public key bytes: {}", public_key.export_bytes()?.len());
29 println!("can verify: {}", public_key.can_verify_using(&sign)?);
30 println!("can encrypt: {}", public_key.can_encrypt_using(&encrypt)?);
31 println!("private key can sign: {}", first_private_key.can_sign_using(&sign)?);
32 println!(
33 "private key can exchange: {}",
34 first_private_key.can_exchange_keys_using(&exchange)?
35 );
36
37 match store.save_right(&second_right, &second_identifier) {
38 Ok(second) => {
39 let second_private_key = second.key()?;
40 if first_private_key.can_exchange_keys_using(&exchange)?
41 && second_private_key.can_exchange_keys_using(&exchange)?
42 {
43 let parameters = SecKeyExchangeParameters::with_requested_size(32)
44 .with_shared_info(b"localauthentication-rs");
45 let first_public_key = first_private_key.public_key()?.export_bytes()?;
46 let second_public_key = second_private_key.public_key()?.export_bytes()?;
47
48 match (
49 first_private_key.exchange_keys_with_public_key(
50 &second_public_key,
51 &exchange,
52 ¶meters,
53 ),
54 second_private_key.exchange_keys_with_public_key(
55 &first_public_key,
56 &exchange,
57 ¶meters,
58 ),
59 ) {
60 (Ok(first_secret), Ok(second_secret)) => {
61 println!("shared secret bytes: {}", first_secret.len());
62 println!("shared secrets match: {}", first_secret == second_secret);
63 }
64 (Err(error), _) | (_, Err(error)) => {
65 println!("key exchange requires additional system support: {error}");
66 }
67 }
68 }
69 store.remove_right(&second)?;
70 }
71 Err(error) => {
72 println!("key-exchange demo needs two persisted keys: {error}");
73 }
74 }
75
76 store.remove_right(&first)?;
77 }
78 Err(error) => {
79 println!("public-key APIs need entitlements on many systems: {error}");
80 }
81 }
82
83 println!("✅ public-key smoke OK");
84 Ok(())
85}Trait Implementations§
Auto Trait Implementations§
impl Freeze for LAPrivateKey
impl RefUnwindSafe for LAPrivateKey
impl !Send for LAPrivateKey
impl !Sync for LAPrivateKey
impl Unpin for LAPrivateKey
impl UnsafeUnpin for LAPrivateKey
impl UnwindSafe for LAPrivateKey
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more