Crate pkcs8[−][src]
Expand description
Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification (RFC 5208), with additional support for PKCS#8v2 asymmetric key packages (RFC 5958)
About
This library provides generalized PKCS#8 support designed to work with a
number of different algorithms. It supports no_std
platforms including
ones without a heap (albeit with reduced functionality).
It supports decoding/encoding the following types:
EncryptedPrivateKeyInfo
: (withpkcs5
feature) encrypted key.PrivateKeyInfo
: algorithm identifier and data representing a private key. Optionally also includes public key data for asymmetric keys.SubjectPublicKeyInfo
: algorithm identifier and data representing a public key (re-exported from thespki
crate)
When the alloc
feature is enabled, the following additional types are
available which provide more convenient decoding/encoding support:
EncryptedPrivateKeyDocument
: (withpkcs5
feature) heap-backed encrypted key.PrivateKeyDocument
: heap-backed storage for serializedPrivateKeyInfo
.PublicKeyDocument
: heap-backed storage for serializedSubjectPublicKeyInfo
.
When the pem
feature is enabled, it also supports decoding/encoding
documents from “PEM encoding” format as defined in RFC 7468.
Supported Algorithms
This crate has been written generically so it can be used to implement PKCS#8 support for any algorithm.
However, it’s only tested against keys generated by OpenSSL for the following algorithms:
- ECC (
id-ecPublicKey
) - Ed25519 (
Ed25519
) - RSA (
rsaEncryption
)
Please open an issue if you encounter trouble using it with other algorithms.
Encrypted Private Key Support
EncryptedPrivateKeyInfo
supports decoding/encoding encrypted PKCS#8
private keys and is gated under the pkcs5
feature. The corresponding
EncryptedPrivateKeyDocument
type provides heap-backed storage
(alloc
feature required).
When the encryption
feature of this crate is enabled, it provides
EncryptedPrivateKeyInfo::decrypt
and PrivateKeyInfo::encrypt
functions which are able to decrypt/encrypt keys using the following
algorithms:
Minimum Supported Rust Version
This crate requires Rust 1.51 at a minimum.
Re-exports
Structs
X.509 AlgorithmIdentifier
as defined in RFC 5280 Section 4.1.1.2.
Attributes as defined in RFC 5958 Section 2.
alloc
and pkcs5
Encrypted PKCS#8 private key document.
PKCS#8 EncryptedPrivateKeyInfo
.
Object identifier (OID).
alloc
PKCS#8 private key document.
PKCS#8 PrivateKeyInfo
.
alloc
SPKI public key document.
X.509 SubjectPublicKeyInfo
(SPKI) as defined in RFC 5280 Section 4.1.2.7.
Enums
Traits
Parse a private key object from a PKCS#8 encoded document.
Parse a public key object from an encoded SPKI document.
alloc
Serialize a private key object to a PKCS#8 encoded document.
alloc
Serialize a public key object to a SPKI-encoded document.
Type Definitions
Result type