p256 0.14.0

Pure Rust implementation of the NIST P-256 (a.k.a. secp256r1, prime256v1) elliptic curve as defined in SP 800-186, with support for ECDH, ECDSA signing/verification, and general purpose curve arithmetic
Documentation

RustCrypto: NIST P-256 (secp256r1) elliptic curve

crate Docs Build Status Apache2/MIT licensed Rust Version Project Chat

Pure Rust implementation of the NIST P-256 (a.k.a. secp256r1, prime256v1) elliptic curve with support for ECDH, ECDSA signing/verification, and general purpose curve arithmetic support implemented in terms of traits from the elliptic-curve crate.

Documentation

⚠️ Security Warning

The elliptic curve arithmetic contained in this crate has never been independently audited!

This crate has been designed with the goal of ensuring that secret-dependent operations are performed in constant time (using the subtle crate and constant-time formulas). However, it has not been thoroughly assessed to ensure that generated assembly is constant time on common CPU architectures.

USE AT YOUR OWN RISK!

Supported Algorithms

PKCS#8 Key Encoding

PKCS#8 is a private key format with support for multiple algorithms. It can be encoded as binary DER or text PEM.

You can recognize PEM encoded PKCS#8 private keys because they do not have an algorithm name in the type label, e.g.:

-----BEGIN PRIVATE KEY-----

PKCS#8 support is gated under the pkcs8 feature. The pem feature, which is enabled by default, adds PEM decoding and also enables pkcs8.

The same pattern is used by the other curve crates in this repository which re-export pkcs8.

The following traits can be used to decode/encode secret and public keys as PKCS#8/SPKI. Note that [pkcs8] is re-exported from p256 when the pkcs8 feature is enabled:

  • [pkcs8::DecodePrivateKey]: decode private keys from PKCS#8
  • [pkcs8::EncodePrivateKey]: encode private keys to PKCS#8
  • [pkcs8::DecodePublicKey]: decode public keys from SPKI
  • [pkcs8::EncodePublicKey]: encode public keys to SPKI

For private keys, [SecretKey::from_der] and [SecretKey::from_pem] provide convenience methods which can decode PKCS#8 keys. Use the trait methods above when the input is expected to be specifically PKCS#8.

Example

# fn main() -> Result<(), Box<dyn std::error::Error>> {
# #[cfg(feature = "pem")]
# {
use p256::SecretKey;

// WARNING: Do not hardcode private keys in your source code. This is for demonstration purposes only.
let pem = r#"-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgaWJBcVYaYzQN4OfY
afKgVJJVjhoEhotqn4VKhmeIGI2hRANCAAQcrP+1Xy8s79idies3SyaBFSRSgC3u
oJkWBoE32DnPf8SBpESSME1+9mrBF77+g6jQjxVfK1L59hjdRHApBI4P
-----END PRIVATE KEY-----"#;
let secret_key = SecretKey::from_pem(pem)?;
# let _ = secret_key;
# }
# Ok(())
# }

About NIST P-256

NIST P-256 is a Weierstrass curve specified in SP 800-186: Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters.

Also known as prime256v1 (ANSI X9.62) and secp256r1 (SECG), it's included in the US National Security Agency's "Suite B" and is widely used in protocols like TLS and the associated X.509 PKI.

License

All crates licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.