Skip to main content

RsaSigningKey

actpub_httpsig

Struct RsaSigningKey 

Source 
pub struct RsaSigningKey { /* private fields */ }
Expand description

An RSA key pair capable of producing PKCS#1 v1.5 SHA-256 signatures.

Internally stores the aws-lc-rs rsa::KeyPair for signing, together with the original PKCS#8 DER so that the key can be serialised back out symmetrically (Mastodon and friends distribute PEM-wrapped PKCS#8). The modulus width in bits is cached for convenience.

Implementations§

Source§

impl RsaSigningKey

Source

pub fn generate(bits: RsaBits) -> Result<Self, Error>

Generates a fresh RSA key pair of the requested size.

§Errors

Returns Error::KeyGeneration on RNG or key-scheduling failure.

Source

pub fn from_pkcs8_der(der: &[u8]) -> Result<Self, Error>

Loads an RSA key pair from a PKCS#8 DER blob.

Accepts any byte-aligned modulus width in the 2048..=8192 range, matching the backend’s RSA_PKCS1_2048_8192_SHA256 verification profile. The lower bound is the NIST SP 800-131A minimum and the upper bound is the largest key size the backend supports; widths outside this range are rejected. Non-standard widths like 2304 or 2560 are tolerated because aws-lc-rs itself accepts them.

§Errors

Returns Error::InvalidPkcs8 if the DER cannot be decoded as an RSA PrivateKeyInfo, and Error::UnsupportedRsaSize for any other width.

Source

pub fn to_pkcs8_der(&self) -> &[u8]

Returns the PKCS#8 v1 DER encoding of the private key.

Source

pub const fn bits(&self) -> u32

Returns the modulus length in bits.

Source

pub fn public_key(&self) -> RsaPublicKey

Returns the public half of this key pair.

Source

pub fn sign(&self, message: &[u8]) -> Result<Vec<u8>, Error>

Signs message using RSA PKCS#1 v1.5 SHA-256.

§Errors

Returns Error::Crypto if the low-level primitive fails, which only happens on internal allocator exhaustion.

Trait Implementations§

Source§

impl Debug for RsaSigningKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more