Struct ring::hmac::SigningKey
[−]
[src]
pub struct SigningKey { /* fields omitted */ }
A key to use for HMAC signing.
Methods
impl SigningKey
[src]
fn generate(
digest_alg: &'static Algorithm,
rng: &SecureRandom
) -> Result<SigningKey, Unspecified>
[src]
digest_alg: &'static Algorithm,
rng: &SecureRandom
) -> Result<SigningKey, Unspecified>
Generate an HMAC signing key using the given digest algorithm with a
random value generated from rng
.
The key will be recommended_key_len(digest_alg)
bytes long.
fn generate_serializable(
digest_alg: &'static Algorithm,
rng: &SecureRandom,
key_bytes: &mut [u8]
) -> Result<SigningKey, Unspecified>
[src]
digest_alg: &'static Algorithm,
rng: &SecureRandom,
key_bytes: &mut [u8]
) -> Result<SigningKey, Unspecified>
Generate an HMAC signing key using the given digest algorithm with a
random value generated from rng
, and puts the raw key value in
key_bytes
.
The key will be recommended_key_len(digest_alg)
bytes long. The raw
value of the random key is put in key_bytes
so that it can be
serialized for later use, so key_bytes
must be exactly
recommended_key_len(digest_alg)
. This serialized value can be
deserialized with SigningKey::new()
.
fn new(digest_alg: &'static Algorithm, key_value: &[u8]) -> SigningKey
[src]
Construct an HMAC signing key using the given digest algorithm and key value.
key_value
should be a value generated using a secure random number
generator (e.g. the key_value
output by
SealingKey::generate_serializable()
) or derived from a random key by
a key derivation function (e.g. ring::hkdf
). In particular,
key_value
shouldn't be a password.
As specified in RFC 2104, if key_value
is shorter than the digest
algorithm's block length (as returned by digest::Algorithm::block_len
,
not the digest length returned by digest::Algorithm::output_len
) then
it will be padded with zeros. Similarly, if it is longer than the block
length then it will be compressed using the digest algorithm.
You should not use keys larger than the digest_alg.block_len
because
the truncation described above reduces their strength to only
digest_alg.output_len * 8
bits. Support for such keys is likely to be
removed in a future version of ring.
fn digest_algorithm(&self) -> &'static Algorithm
[src]
The digest algorithm for the key.