Struct ring::hmac::SigningKey

pub struct SigningKey { /* fields omitted */ }

A key to use for HMAC signing.

Methods

impl SigningKey

fn generate(digest_alg: &'static Algorithm,
            rng: &SecureRandom)
            -> Result<SigningKey, Unspecified>

Generate an HMAC signing key for the given digest algorithm using |ring::rand|. The key will be digest_alg.chaining_len bytes long. The key size choice is based on the recommendation of NIST SP 800-107, Section 5.3.4: Security Effect of the HMAC Key, and is consistent with the key lengths chosen for TLS as described in RFC 5246, Appendix C.

fn new(digest_alg: &'static Algorithm, key_value: &[u8]) -> SigningKey

Construct an HMAC signing key using the given digest algorithm and key value.

As specified in RFC 2104, if key_value is shorter than the digest algorithm's block length (as returned by digest::Algorithm::block_len, not the digest length returned by digest::Algorithm::output_len) then it will be padded with zeros. Similarly, if it is longer than the block length then it will be compressed using the digest algorithm.

You should not use keys larger than the digest_alg.block_len because the truncation described above reduces their strength to only digest_alg.output_len * 8 bits. Support for such keys is likely to be removed in a future version of ring.

fn digest_algorithm(&self) -> &'static Algorithm

The digest algorithm for the key.