Skip to main content

LAPublicKey

localauthentication::la_public_key

Struct LAPublicKey 

Source 
pub struct LAPublicKey { /* private fields */ }
Expand description

Managed wrapper around Apple’s LAPublicKey.

Implementations§

Source§

impl LAPublicKey

Source

pub fn export_bytes(&self) -> Result<Vec<u8>>

Export the public-key bytes.

§Errors

Returns a mapped framework or bridge error if export fails.

Examples found in repository?
examples/09_public_key.rs (line 28)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13    let store = LARightStore::shared()?;
14    let first_right = LARight::new()?;
15    let second_right = LARight::new()?;
16    let first_identifier = unique_identifier("public-key-a");
17    let second_identifier = unique_identifier("public-key-b");
18
19    match store.save_right(&first_right, &first_identifier) {
20        Ok(first) => {
21            let public_key = first.public_key()?;
22            let sign = SecKeyAlgorithm::ecdsa_signature_message_x962_sha256();
23            let encrypt =
24                SecKeyAlgorithm::ecies_encryption_cofactor_variable_iv_x963_sha256_aes_gcm();
25            let exchange = SecKeyAlgorithm::ecdh_key_exchange_cofactor_x963_sha256();
26            let first_private_key = first.key()?;
27
28            println!("public key bytes: {}", public_key.export_bytes()?.len());
29            println!("can verify: {}", public_key.can_verify_using(&sign)?);
30            println!("can encrypt: {}", public_key.can_encrypt_using(&encrypt)?);
31            println!("private key can sign: {}", first_private_key.can_sign_using(&sign)?);
32            println!(
33                "private key can exchange: {}",
34                first_private_key.can_exchange_keys_using(&exchange)?
35            );
36
37            match store.save_right(&second_right, &second_identifier) {
38                Ok(second) => {
39                    let second_private_key = second.key()?;
40                    if first_private_key.can_exchange_keys_using(&exchange)?
41                        && second_private_key.can_exchange_keys_using(&exchange)?
42                    {
43                        let parameters = SecKeyExchangeParameters::with_requested_size(32)
44                            .with_shared_info(b"localauthentication-rs");
45                        let first_public_key = first_private_key.public_key()?.export_bytes()?;
46                        let second_public_key = second_private_key.public_key()?.export_bytes()?;
47
48                        match (
49                            first_private_key.exchange_keys_with_public_key(
50                                &second_public_key,
51                                &exchange,
52                                &parameters,
53                            ),
54                            second_private_key.exchange_keys_with_public_key(
55                                &first_public_key,
56                                &exchange,
57                                &parameters,
58                            ),
59                        ) {
60                            (Ok(first_secret), Ok(second_secret)) => {
61                                println!("shared secret bytes: {}", first_secret.len());
62                                println!("shared secrets match: {}", first_secret == second_secret);
63                            }
64                            (Err(error), _) | (_, Err(error)) => {
65                                println!("key exchange requires additional system support: {error}");
66                            }
67                        }
68                    }
69                    store.remove_right(&second)?;
70                }
71                Err(error) => {
72                    println!("key-exchange demo needs two persisted keys: {error}");
73                }
74            }
75
76            store.remove_right(&first)?;
77        }
78        Err(error) => {
79            println!("public-key APIs need entitlements on many systems: {error}");
80        }
81    }
82
83    println!("✅ public-key smoke OK");
84    Ok(())
85}
Source

pub fn can_encrypt_using(&self, algorithm: &SecKeyAlgorithm) -> Result<bool>

Check whether an algorithm can encrypt with this key.

§Errors

Returns an error if the Swift bridge rejects the request.

Examples found in repository?
examples/09_public_key.rs (line 30)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13    let store = LARightStore::shared()?;
14    let first_right = LARight::new()?;
15    let second_right = LARight::new()?;
16    let first_identifier = unique_identifier("public-key-a");
17    let second_identifier = unique_identifier("public-key-b");
18
19    match store.save_right(&first_right, &first_identifier) {
20        Ok(first) => {
21            let public_key = first.public_key()?;
22            let sign = SecKeyAlgorithm::ecdsa_signature_message_x962_sha256();
23            let encrypt =
24                SecKeyAlgorithm::ecies_encryption_cofactor_variable_iv_x963_sha256_aes_gcm();
25            let exchange = SecKeyAlgorithm::ecdh_key_exchange_cofactor_x963_sha256();
26            let first_private_key = first.key()?;
27
28            println!("public key bytes: {}", public_key.export_bytes()?.len());
29            println!("can verify: {}", public_key.can_verify_using(&sign)?);
30            println!("can encrypt: {}", public_key.can_encrypt_using(&encrypt)?);
31            println!("private key can sign: {}", first_private_key.can_sign_using(&sign)?);
32            println!(
33                "private key can exchange: {}",
34                first_private_key.can_exchange_keys_using(&exchange)?
35            );
36
37            match store.save_right(&second_right, &second_identifier) {
38                Ok(second) => {
39                    let second_private_key = second.key()?;
40                    if first_private_key.can_exchange_keys_using(&exchange)?
41                        && second_private_key.can_exchange_keys_using(&exchange)?
42                    {
43                        let parameters = SecKeyExchangeParameters::with_requested_size(32)
44                            .with_shared_info(b"localauthentication-rs");
45                        let first_public_key = first_private_key.public_key()?.export_bytes()?;
46                        let second_public_key = second_private_key.public_key()?.export_bytes()?;
47
48                        match (
49                            first_private_key.exchange_keys_with_public_key(
50                                &second_public_key,
51                                &exchange,
52                                &parameters,
53                            ),
54                            second_private_key.exchange_keys_with_public_key(
55                                &first_public_key,
56                                &exchange,
57                                &parameters,
58                            ),
59                        ) {
60                            (Ok(first_secret), Ok(second_secret)) => {
61                                println!("shared secret bytes: {}", first_secret.len());
62                                println!("shared secrets match: {}", first_secret == second_secret);
63                            }
64                            (Err(error), _) | (_, Err(error)) => {
65                                println!("key exchange requires additional system support: {error}");
66                            }
67                        }
68                    }
69                    store.remove_right(&second)?;
70                }
71                Err(error) => {
72                    println!("key-exchange demo needs two persisted keys: {error}");
73                }
74            }
75
76            store.remove_right(&first)?;
77        }
78        Err(error) => {
79            println!("public-key APIs need entitlements on many systems: {error}");
80        }
81    }
82
83    println!("✅ public-key smoke OK");
84    Ok(())
85}
Source

pub fn encrypt( &self, data: &[u8], algorithm: &SecKeyAlgorithm, ) -> Result<Vec<u8>>

Encrypt data with this key.

§Errors

Returns a mapped framework or bridge error if encryption fails.

Source

pub fn can_verify_using(&self, algorithm: &SecKeyAlgorithm) -> Result<bool>

Check whether an algorithm can verify signatures with this key.

§Errors

Returns an error if the Swift bridge rejects the request.

Examples found in repository?
examples/09_public_key.rs (line 29)
12fn main() -> Result<(), Box<dyn std::error::Error>> {
13    let store = LARightStore::shared()?;
14    let first_right = LARight::new()?;
15    let second_right = LARight::new()?;
16    let first_identifier = unique_identifier("public-key-a");
17    let second_identifier = unique_identifier("public-key-b");
18
19    match store.save_right(&first_right, &first_identifier) {
20        Ok(first) => {
21            let public_key = first.public_key()?;
22            let sign = SecKeyAlgorithm::ecdsa_signature_message_x962_sha256();
23            let encrypt =
24                SecKeyAlgorithm::ecies_encryption_cofactor_variable_iv_x963_sha256_aes_gcm();
25            let exchange = SecKeyAlgorithm::ecdh_key_exchange_cofactor_x963_sha256();
26            let first_private_key = first.key()?;
27
28            println!("public key bytes: {}", public_key.export_bytes()?.len());
29            println!("can verify: {}", public_key.can_verify_using(&sign)?);
30            println!("can encrypt: {}", public_key.can_encrypt_using(&encrypt)?);
31            println!("private key can sign: {}", first_private_key.can_sign_using(&sign)?);
32            println!(
33                "private key can exchange: {}",
34                first_private_key.can_exchange_keys_using(&exchange)?
35            );
36
37            match store.save_right(&second_right, &second_identifier) {
38                Ok(second) => {
39                    let second_private_key = second.key()?;
40                    if first_private_key.can_exchange_keys_using(&exchange)?
41                        && second_private_key.can_exchange_keys_using(&exchange)?
42                    {
43                        let parameters = SecKeyExchangeParameters::with_requested_size(32)
44                            .with_shared_info(b"localauthentication-rs");
45                        let first_public_key = first_private_key.public_key()?.export_bytes()?;
46                        let second_public_key = second_private_key.public_key()?.export_bytes()?;
47
48                        match (
49                            first_private_key.exchange_keys_with_public_key(
50                                &second_public_key,
51                                &exchange,
52                                &parameters,
53                            ),
54                            second_private_key.exchange_keys_with_public_key(
55                                &first_public_key,
56                                &exchange,
57                                &parameters,
58                            ),
59                        ) {
60                            (Ok(first_secret), Ok(second_secret)) => {
61                                println!("shared secret bytes: {}", first_secret.len());
62                                println!("shared secrets match: {}", first_secret == second_secret);
63                            }
64                            (Err(error), _) | (_, Err(error)) => {
65                                println!("key exchange requires additional system support: {error}");
66                            }
67                        }
68                    }
69                    store.remove_right(&second)?;
70                }
71                Err(error) => {
72                    println!("key-exchange demo needs two persisted keys: {error}");
73                }
74            }
75
76            store.remove_right(&first)?;
77        }
78        Err(error) => {
79            println!("public-key APIs need entitlements on many systems: {error}");
80        }
81    }
82
83    println!("✅ public-key smoke OK");
84    Ok(())
85}
Source

pub fn verify( &self, signed_data: &[u8], signature: &[u8], algorithm: &SecKeyAlgorithm, ) -> Result<()>

Verify a signature with this key.

§Errors

Returns a mapped framework or bridge error if verification fails.

Trait Implementations§

Source§

impl Debug for LAPublicKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.