Struct ring::hmac::SigningKey
[−]
[src]
pub struct SigningKey { /* fields omitted */ }
A key to use for HMAC signing.
Methods
impl SigningKey
[src]
fn generate(digest_alg: &'static Algorithm,
rng: &SecureRandom)
-> Result<SigningKey, Unspecified>
rng: &SecureRandom)
-> Result<SigningKey, Unspecified>
Generate an HMAC signing key for the given digest algorithm using
|ring::rand|. The key will be digest_alg.chaining_len
bytes long. The
key size choice is based on the recommendation of
NIST SP 800-107, Section 5.3.4: Security Effect of the HMAC
Key, and is consistent with the key lengths chosen for TLS as
described in RFC 5246, Appendix C.
fn new(digest_alg: &'static Algorithm, key_value: &[u8]) -> SigningKey
Construct an HMAC signing key using the given digest algorithm and key value.
As specified in RFC 2104, if key_value
is shorter than the digest
algorithm's block length (as returned by digest::Algorithm::block_len
,
not the digest length returned by digest::Algorithm::output_len
) then
it will be padded with zeros. Similarly, if it is longer than the block
length then it will be compressed using the digest algorithm.
You should not use keys larger than the digest_alg.block_len
because
the truncation described above reduces their strength to only
digest_alg.output_len * 8
bits. Support for such keys is likely to be
removed in a future version of ring.
fn digest_algorithm(&self) -> &'static Algorithm
The digest algorithm for the key.