Struct biscotti::config::CryptoRule

source · 
pub struct CryptoRule {
    pub cookie_names: Vec<String>,
    pub type: CryptoType,
    pub key: Key,
    pub secondary_keys: Vec<Key>,
}
Expand description

CryptoRule specifies whether certain cookies should be encrypted or signed.

Fields§

§cookie_names: Vec<String>

The names of the cookies to which this rule applies.

§type: CryptoType

How the cookies should be secured: either encryption or signing.

§key: Key

The key to use for encryption or signing.

§Requirements

The key must be at least 64 bytes long and should be generated using a cryptographically secure random number generator.

§secondary_keys: Vec<Key>

Secondary keys are used to decrypt/verify request cookies that failed to be decrypted/verified using the primary key.
Secondary keys are never used to encrypt/sign response cookies.

§Key rotation

Secondary keys exist to enable key rotation.
From time to time, you may want to change the key used to sign or encrypt cookies.
If you do this naively (i.e. change CryptoRule::key to a new value), the server
will immediately start rejecting all existing cookies because they were signed/encrypted with the old key.

Using secondary keys, you can start using the new key without invalidating all existing cookies. The process is as follows:

  1. Generate a new key
  2. Set key to the new key, and add the old key to the secondary_keys vector
  3. Wait for the expiration of all cookies signed/encrypted with the old key
  4. Remove the old key from the secondary_keys vector

Trait Implementations§

source§

impl Clone for CryptoRule

source§

fn clone(&self) -> CryptoRule

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for CryptoRule

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl<'de> Deserialize<'de> for CryptoRule

source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

source§

fn vzip(self) -> V

source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,