Crate pkcs8[−][src]

Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8:

Private-Key Information Syntax Specification (as defined in RFC 5208).

About

This library provides generalized PKCS#8 support designed to work with a number of different algorithms. It supports no_std platforms including ones without a heap (albeit with reduced functionality).

It supports decoding/encoding the following types:

EncryptedPrivateKeyInfo: (with pkcs5 feature) encrypted key.
PrivateKeyInfo: algorithm identifier and data representing a private key.
SubjectPublicKeyInfo: algorithm identifier and data representing a public key (re-exported from the spki crate)

When the alloc feature is enabled, the following additional types are available which provide more convenient decoding/encoding support:

EncryptedPrivateKeyDocument: (with pkcs5 feature) heap-backed encrypted key.
PrivateKeyDocument: heap-backed storage for serialized PrivateKeyInfo.
PublicKeyDocument: heap-backed storage for serialized SubjectPublicKeyInfo.

When the pem feature is enabled, it also supports decoding/encoding documents from “PEM encoding” format as defined in RFC 7468.

Supported Algorithms

This crate has been tested against keys generated by OpenSSL for the following algorithms:

ECC (id-ecPublicKey)
Ed25519 (Ed25519)
RSA (rsaEncryption)

It may work with other algorithms which use an optional OID for AlgorithmIdentifier parameters.

Encrypted Private Key Support

EncryptedPrivateKeyInfo supports decoding/encoding encrypted PKCS#8 private keys and is gated under the pkcs5 feature. The corresponding EncryptedPrivateKeyDocument type provides heap-backed storage (alloc feature required).

When the encryption feature of this crate is enabled, it provides EncryptedPrivateKeyInfo::decrypt and PrivateKeyInfo::encrypt functions which are able to decrypt/encrypt keys using the following algorithms:

PKCS#5v2 Password Based Encryption Scheme 2 (RFC 8018)
- Key derivation function: PBKDF2 with HMAC-SHA256 as the PRF
- Symmetric encryption: AES-128-CBC or AES-256-CBC

Minimum Supported Rust Version

This crate requires Rust 1.47 at a minimum.

Re-exports

pub use der;

pub use pkcs5;

Structs

AlgorithmIdentifier	X.509 `AlgorithmIdentifier` as defined in RFC 5280 Section 4.1.1.2.
EncryptedPrivateKeyDocument	`alloc` and `pkcs5` Encrypted PKCS#8 private key document.
EncryptedPrivateKeyInfo	`pkcs5` PKCS#8 `EncryptedPrivateKeyInfo`.
ObjectIdentifier	Object identifier (OID).
PrivateKeyDocument	`alloc` PKCS#8 private key document.
PrivateKeyInfo	PKCS#8 `PrivateKeyInfo`.
PublicKeyDocument	`alloc` SPKI public key document.
SubjectPublicKeyInfo	X.509 `SubjectPublicKeyInfo` (SPKI).

Enums

Error

Error type

Traits

FromPrivateKey	Parse a private key object from a PKCS#8 encoded document.
FromPublicKey	Parse a public key object from an encoded SPKI document.
ToPrivateKey	`alloc` Serialize a private key object to a PKCS#8 encoded document.
ToPublicKey	`alloc` Serialize a public key object to a SPKI-encoded document.

Type Definitions

Result

Result type