RustCrypto: NIST P-256 (secp256r1) elliptic curve
Pure Rust implementation of the NIST P-256 (a.k.a. secp256r1, prime256v1)
elliptic curve with support for ECDH, ECDSA signing/verification, and general
purpose curve arithmetic support implemented in terms of traits from the
elliptic-curve crate.
⚠️ Security Warning
The elliptic curve arithmetic contained in this crate has never been independently audited!
This crate has been designed with the goal of ensuring that secret-dependent
operations are performed in constant time (using the subtle crate and
constant-time formulas). However, it has not been thoroughly assessed to ensure
that generated assembly is constant time on common CPU architectures.
USE AT YOUR OWN RISK!
Supported Algorithms
- Elliptic Curve Diffie-Hellman (ECDH): gated under the
ecdhfeature. - Elliptic Curve Digital Signature Algorithm (ECDSA): gated under the
ecdsafeature.
PKCS#8 Key Encoding
PKCS#8 is a private key format with support for multiple algorithms. It can be encoded as binary DER or text PEM.
You can recognize PEM encoded PKCS#8 private keys because they do not have an algorithm name in the type label, e.g.:
-----BEGIN PRIVATE KEY-----
PKCS#8 support is gated under the pkcs8 feature. The pem feature, which is
enabled by default, adds PEM decoding and also enables pkcs8.
The same pattern is used by the other curve crates in this repository which
re-export pkcs8.
The following traits can be used to decode/encode secret and public keys as
PKCS#8/SPKI. Note that [pkcs8] is re-exported from p256 when the pkcs8
feature is enabled:
- [
pkcs8::DecodePrivateKey]: decode private keys from PKCS#8 - [
pkcs8::EncodePrivateKey]: encode private keys to PKCS#8 - [
pkcs8::DecodePublicKey]: decode public keys from SPKI - [
pkcs8::EncodePublicKey]: encode public keys to SPKI
For private keys, [SecretKey::from_der] and [SecretKey::from_pem] provide
convenience methods which can decode PKCS#8 keys. Use the trait methods above
when the input is expected to be specifically PKCS#8.
Example
#
About NIST P-256
NIST P-256 is a Weierstrass curve specified in SP 800-186: Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters.
Also known as prime256v1 (ANSI X9.62) and secp256r1 (SECG), it's included in the US National Security Agency's "Suite B" and is widely used in protocols like TLS and the associated X.509 PKI.
License
All crates licensed under either of
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.