Struct RsaSigningKey 

pub struct RsaSigningKey { /* private fields */ }

An RSA key pair capable of producing PKCS#1 v1.5 SHA-256 signatures.

Internally stores the aws-lc-rs rsa::KeyPair for signing, together with the original PKCS#8 DER so that the key can be serialised back out symmetrically (Mastodon and friends distribute PEM-wrapped PKCS#8). The modulus width in bits is cached for convenience.

Implementations

impl RsaSigningKey

pub fn generate(bits: RsaBits) -> Result<Self, Error>

Generates a fresh RSA key pair of the requested size.

Errors

Returns Error::KeyGeneration on RNG or key-scheduling failure.

pub fn from_pkcs8_der(der: &[u8]) -> Result<Self, Error>

Loads an RSA key pair from a PKCS#8 DER blob.

Accepts any 256-bit-aligned modulus width in the 2048..=8192 range, matching the backend’s RSA_PKCS1_2048_8192_SHA256 verification profile. The lower bound is the NIST SP 800-131A minimum and the upper bound is the largest key size the backend supports; values outside the range are rejected, as are odd widths that cannot represent valid RSA moduli.

Errors

Returns Error::InvalidPkcs8 if the DER cannot be decoded as an RSA PrivateKeyInfo, and Error::UnsupportedRsaSize for any other width.

pub fn to_pkcs8_der(&self) -> &[u8]

Returns the PKCS#8 v1 DER encoding of the private key.

pub const fn bits(&self) -> u32

Returns the modulus length in bits.

pub fn public_key(&self) -> RsaPublicKey

Returns the public half of this key pair.

pub fn sign(&self, message: &[u8]) -> Result<Vec<u8>, Error>

Signs message using RSA PKCS#1 v1.5 SHA-256.

Errors

Returns Error::Crypto if the low-level primitive fails, which only happens on internal allocator exhaustion.

Trait Implementations

impl Debug for RsaSigningKey

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.