Struct cookie::Key

source ·

pub struct Key(_);

Available on crate features private or signed only.

Expand description

A cryptographic master key for use with Signed and/or Private jars.

This structure encapsulates secure, cryptographic keys for use with both PrivateJar and SignedJar. A single instance of a Key can be used for both a PrivateJar and a SignedJar simultaneously with no notable security implications.

Implementations§

source §

impl Key

source

pub fn from(key: &[u8]) -> Key

Creates a new Key from a 512-bit cryptographically random string.

The supplied key must be at least 512-bits (64 bytes). For security, the master key must be cryptographically random.

Panics

Panics if key is less than 64 bytes in length.

For a non-panicking version, use Key::try_from() or generate a key with Key::generate() or Key::try_generate().

Example

use cookie::Key;

let key = { /* a cryptographically random key >= 64 bytes */ };

let key = Key::from(key);

source

pub fn derive_from(master_key: &[u8]) -> Self

Available on crate feature key-expansion only.

Derives new signing/encryption keys from a master key.

The master key must be at least 256-bits (32 bytes). For security, the master key must be cryptographically random. The keys are derived deterministically from the master key.

Panics

Panics if key is less than 32 bytes in length.

Example

use cookie::Key;

let master_key = { /* a cryptographically random key >= 32 bytes */ };

let key = Key::derive_from(master_key);

source

pub fn generate() -> Key

Generates signing/encryption keys from a secure, random source. Keys are generated nondeterministically.

Panics

Panics if randomness cannot be retrieved from the operating system. See Key::try_generate() for a non-panicking version.

Example

use cookie::Key;

let key = Key::generate();

source

pub fn try_generate() -> Option<Key>

Attempts to generate signing/encryption keys from a secure, random source. Keys are generated nondeterministically. If randomness cannot be retrieved from the underlying operating system, returns None.

Example

use cookie::Key;

let key = Key::try_generate();

source

pub fn signing(&self) -> &[u8] ⓘ

Returns the raw bytes of a key suitable for signing cookies. Guaranteed to be at least 32 bytes.

Example

use cookie::Key;

let key = Key::generate();
let signing_key = key.signing();

source

pub fn encryption(&self) -> &[u8] ⓘ

Returns the raw bytes of a key suitable for encrypting cookies. Guaranteed to be at least 32 bytes.

Example

use cookie::Key;

let key = Key::generate();
let encryption_key = key.encryption();

source

pub fn master(&self) -> &[u8] ⓘ

Returns the raw bytes of the master key. Guaranteed to be at least 64 bytes.

Example

use cookie::Key;

let key = Key::generate();
let master_key = key.master();

Trait Implementations§

source §

impl Clone for Key

source §

fn clone(&self) -> Key

Returns a copy of the value. Read more

1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

source §

impl PartialEq<Key> for Key

source §

fn eq(&self, other: &Self) -> bool

This method tests for self and other values to be equal, and is used by ==.

1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

source §

impl TryFrom<&[u8]> for Key

source §

fn try_from(key: &[u8]) -> Result<Self, Self::Error>

A fallible version of Key::from().

Succeeds when Key::from() succeds and returns an error where Key::from() panics, namely, if key is too short.

Example

use cookie::Key;

let key = { /* a cryptographically random key >= 64 bytes */ };
assert!(Key::try_from(key).is_ok());

// A key that's far too short to use.
let key = &[1, 2, 3, 4][..];
assert!(Key::try_from(key).is_err());