[][src]Enum trust_dns_client::rr::dnssec::KeyPair

pub enum KeyPair<K> {
    // some variants omitted
}

A public and private key pair, the private portion is not required.

This supports all the various public/private keys which Trust-DNS is capable of using. Given differing features, some key types may not be available. The openssl feature will enable RSA and EC (P256 and P384). The ring feature enables ED25519, in the future, Ring will also be used for other keys.

Implementations

impl<K: HasPublic> KeyPair<K>[src]

pub fn to_public_bytes(&self) -> DnsSecResult<Vec<u8>>[src]

Converts this keypair to the DNS binary form of the public_key.

If there is a private key associated with this keypair, it will not be included in this format. Only the public key material will be included.

pub fn to_public_key(&self) -> DnsSecResult<PublicKeyBuf>[src]

Returns a PublicKeyBuf of the KeyPair

pub fn key_tag(&self) -> DnsSecResult<u16>[src]

The key tag is calculated as a hash to more quickly lookup a DNSKEY.

RFC 1035, DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION, November 1987

RFC 2535                DNS Security Extensions               March 1999

4.1.6 Key Tag Field

 The "key Tag" is a two octet quantity that is used to efficiently
 select between multiple keys which may be applicable and thus check
 that a public key about to be used for the computationally expensive
 effort to check the signature is possibly valid.  For algorithm 1
 (MD5/RSA) as defined in [RFC 2537], it is the next to the bottom two
 octets of the public key modulus needed to decode the signature
 field.  That is to say, the most significant 16 of the least
 significant 24 bits of the modulus in network (big endian) order. For
 all other algorithms, including private algorithms, it is calculated
 as a simple checksum of the KEY RR as described in Appendix C.

Appendix C: Key Tag Calculation

 The key tag field in the SIG RR is just a means of more efficiently
 selecting the correct KEY RR to use when there is more than one KEY
 RR candidate available, for example, in verifying a signature.  It is
 possible for more than one candidate key to have the same tag, in
 which case each must be tried until one works or all fail.  The
 following reference implementation of how to calculate the Key Tag,
 for all algorithms other than algorithm 1, is in ANSI C.  It is coded
 for clarity, not efficiency.  (See section 4.1.6 for how to determine
 the Key Tag of an algorithm 1 key.)

 /* assumes int is at least 16 bits
    first byte of the key tag is the most significant byte of return
    value
    second byte of the key tag is the least significant byte of
    return value
    */

 int keytag (

         unsigned char key[],  /* the RDATA part of the KEY RR */
         unsigned int keysize, /* the RDLENGTH */
         )
 {
 long int    ac;    /* assumed to be 32 bits or larger */

 for ( ac = 0, i = 0; i < keysize; ++i )
     ac += (i&1) ? key[i] : key[i]<<8;
 ac += (ac>>16) & 0xFFFF;
 return ac & 0xFFFF;
 }

pub fn to_dnskey(&self, algorithm: Algorithm) -> DnsSecResult<DNSKEY>[src]

Creates a Record that represents the public key for this Signer

Arguments

  • algorithm - algorithm of the DNSKEY

Return

the DNSKEY record data

pub fn to_sig0key(&self, algorithm: Algorithm) -> DnsSecResult<KEY>[src]

Convert this keypair into a KEY record type for usage with SIG0 with key type entity (KeyUsage::Entity).

Arguments

  • algorithm - algorithm of the KEY

Return

the KEY record data

pub fn to_sig0key_with_usage(
    &self,
    algorithm: Algorithm,
    usage: KeyUsage
) -> DnsSecResult<KEY>[src]

Convert this keypair into a KEY record type for usage with SIG0 with a given key (usage) type.

Arguments

  • algorithm - algorithm of the KEY
  • usage - the key type

Return

the KEY record data

impl<K: HasPrivate> KeyPair<K>[src]

pub fn sign(&self, algorithm: Algorithm, tbs: &TBS) -> DnsSecResult<Vec<u8>>[src]

Signs a hash.

This will panic if the key is not a private key and can be used for signing.

Arguments

  • message - the message bytes to be signed, see rrset_tbs.

Return value

The signature, ready to be stored in an RData::RRSIG.

impl KeyPair<Private>[src]

pub fn generate(algorithm: Algorithm) -> DnsSecResult<Self>[src]

Generates a new private and public key pair for the specified algorithm.

RSA keys are hardcoded to 2048bits at the moment. Other keys have predefined sizes.

Auto Trait Implementations

impl<K> RefUnwindSafe for KeyPair<K> where
    K: RefUnwindSafe

impl<K> Send for KeyPair<K> where
    K: Send

impl<K> Sync for KeyPair<K> where
    K: Sync

impl<K> Unpin for KeyPair<K> where
    K: Unpin

impl<K> UnwindSafe for KeyPair<K> where
    K: UnwindSafe

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>,