Skip to main content

Rsa

jwt_compact::alg

Struct Rsa 

Source 
pub struct Rsa { /* private fields */ }
Available on crate feature rsa only.
Expand description

Integrity algorithm using RSA digital signatures.

Depending on the variation, the algorithm employs PKCS#1 v1.5 or PSS padding and one of the hash functions from the SHA-2 family: SHA-256, SHA-384, or SHA-512. See RFC 7518 for more details. Depending on the chosen parameters, the name of the algorithm is one of RS256, RS384, RS512, PS256, PS384, PS512:

  • R / P denote the padding scheme: PKCS#1 v1.5 for R, PSS for P
  • 256 / 384 / 512 denote the hash function

The length of RSA keys is not unequivocally specified by the algorithm; nevertheless, it MUST be at least 2048 bits as per RFC 7518. To minimize risks of misconfiguration, use StrongAlg wrapper around Rsa:

const ALG: StrongAlg<Rsa> = StrongAlg(Rsa::rs256());
// `ALG` will not support RSA keys with unsecure lengths by design!

Implementations§

Source§

impl Rsa

Source

pub const fn rs256() -> Rsa

RSA with SHA-256 and PKCS#1 v1.5 padding.

Source

pub const fn rs384() -> Rsa

RSA with SHA-384 and PKCS#1 v1.5 padding.

Source

pub const fn rs512() -> Rsa

RSA with SHA-512 and PKCS#1 v1.5 padding.

Source

pub const fn ps256() -> Rsa

RSA with SHA-256 and PSS padding.

Source

pub const fn ps384() -> Rsa

RSA with SHA-384 and PSS padding.

Source

pub const fn ps512() -> Rsa

RSA with SHA-512 and PSS padding.

Source

pub fn with_name(name: &str) -> Self

RSA based on the specified algorithm name.

§Panics
  • Panics if the name is not one of the six RSA-based JWS algorithms. Prefer using the FromStr trait if the conversion is potentially fallible.
Source

pub fn generate<R: CryptoRng + RngCore>( rng: &mut R, modulus_bits: ModulusBits, ) -> Result<(StrongKey<RsaPrivateKey>, StrongKey<RsaPublicKey>)>

Generates a new key pair with the specified modulus bit length (aka key length).

Trait Implementations§

Source§

impl Algorithm for Rsa

Source§

type SigningKey = RsaPrivateKey

Key used when issuing new tokens.
Source§

type VerifyingKey = RsaPublicKey

Key used when verifying tokens. May coincide with Self::SigningKey for symmetric algorithms (e.g., HS*).
Source§

type Signature = RsaSignature

Signature produced by the algorithm.
Source§

fn name(&self) -> Cow<'static, str>

Returns the name of this algorithm, as mentioned in the alg field of the JWT header.
Source§

fn sign( &self, signing_key: &Self::SigningKey, message: &[u8], ) -> Self::Signature

Signs a message with the signing_key.
Source§

fn verify_signature( &self, signature: &Self::Signature, verifying_key: &Self::VerifyingKey, message: &[u8], ) -> bool

Verifies the message against the signature and verifying_key.
Source§

impl Clone for Rsa

Source§

fn clone(&self) -> Rsa

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Copy for Rsa

Source§

impl Debug for Rsa

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Eq for Rsa

Source§

impl FromStr for Rsa

Source§

type Err = RsaParseError

The associated error which can be returned from parsing.
Source§

fn from_str(s: &str) -> Result<Self, Self::Err>

Parses a string s to return a value of this type. Read more
Source§

impl PartialEq for Rsa

Source§

fn eq(&self, other: &Rsa) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl StructuralPartialEq for Rsa

Auto Trait Implementations§

§

impl Freeze for Rsa

§

impl RefUnwindSafe for Rsa

§

impl Send for Rsa

§

impl Sync for Rsa

§

impl Unpin for Rsa

§

impl UnsafeUnpin for Rsa

§

impl UnwindSafe for Rsa

Blanket Implementations§

Source§

impl<A> AlgorithmExt for A
where A: Algorithm,

Source§

fn token<T>( &self, header: &Header<impl Serialize>, claims: &Claims<T>, signing_key: &<A as Algorithm>::SigningKey, ) -> Result<String, CreationError>
where T: Serialize,

Creates a new token and serializes it to string.
Source§

fn compact_token<T>( &self, header: &Header<impl Serialize>, claims: &Claims<T>, signing_key: &<A as Algorithm>::SigningKey, ) -> Result<String, CreationError>
where T: Serialize,

Available on crate feature ciborium only.
Creates a new token with CBOR-encoded claims and serializes it to string.
Source§

fn validator<'a, T>( &'a self, verifying_key: &'a <A as Algorithm>::VerifyingKey, ) -> Validator<'a, A, T>

Creates a JWT validator for the specified verifying key and the claims type. The validator can then be used to validate integrity of one or more tokens.
Source§

fn validate_integrity<T>( &self, token: &UntrustedToken<'_>, verifying_key: &<A as Algorithm>::VerifyingKey, ) -> Result<Token<T>, ValidationError>
where T: DeserializeOwned,

👎Deprecated:

Use .validator().validate() for added flexibility

Validates the token integrity against the provided verifying_key.
Source§

fn validate_for_signed_token<T>( &self, token: &UntrustedToken<'_>, verifying_key: &<A as Algorithm>::VerifyingKey, ) -> Result<SignedToken<A, T>, ValidationError>
where T: DeserializeOwned,

👎Deprecated:

Use .validator().validate_for_signed_token() for added flexibility

Validates the token integrity against the provided verifying_key. Read more
Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V