Struct rsa::RSAPrivateKey

pub struct RSAPrivateKey { /* fields omitted */ }

Represents a whole RSA key, public and private parts.

Implementations

impl RSAPrivateKey

pub fn new<R: Rng>(rng: &mut R, bit_size: usize) -> Result<RSAPrivateKey>

Generate a new RSA key pair of the given bit size using the passed in rng.

pub fn new_with_exp<R: Rng>(
    rng: &mut R,
    bit_size: usize,
    exp: &BigUint
) -> Result<RSAPrivateKey>

Generate a new RSA key pair of the given bit size and the public exponent using the passed in rng.

Unless you have specific needs, you should use RSAPrivateKey::new instead.

pub fn from_components(
    n: BigUint,
    e: BigUint,
    d: BigUint,
    primes: Vec<BigUint>
) -> RSAPrivateKey

Constructs an RSA key pair from the individual components.

pub fn from_pkcs1(der: &[u8]) -> Result<RSAPrivateKey>

Parse a PKCS1 encoded RSA Private Key.

The der data is expected to be the base64 decoded content following a -----BEGIN RSA PRIVATE KEY----- header.

https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem

Example

use rsa::RSAPrivateKey;

let file_content = r#"
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAK5Z7jk1ql5DquRvlPmFgyBDCvdPQ0T2si2oPAUmNw2Z/qb2Sr/B
EBoWpagFf8Gl1K4PRipJSudDl6N/Vdb2CYkCAwEAAQJBAI3vWCfqsE8c9zoQPE8F
icHx0jOSq0ixLExO8M2gVqESq3SJpWbEbvPPbRb1sIqZHe5wV3Xmj09zvUzfdeB7
C6ECIQDjoB/kp7QlRiNhgudhQPct8XUf6Cgp7hBxL2K9Q9UzawIhAMQVvtH1TUOd
aSWiqrFx7w+54o58fIpkecI5Kl0TaWfbAiBrnye1Kn2IKhNMZWIUn2y+8izYeyGS
QZbQjQD4T3wcJQIgKGgWv2teNZ29ai0AIbrJuaLjhdsvStFzqctf6Hg0k1sCIQCj
JdwDGF7Kanex70KAacmOlw3vfx6XWT+2PH6Qh8tLug==
-----END RSA PRIVATE KEY-----
"#;

let der_encoded = file_content
    .lines()
    .filter(|line| !line.starts_with("-"))
    .fold(String::new(), |mut data, line| {
        data.push_str(&line);
        data
    });
let der_bytes = base64::decode(&der_encoded).expect("failed to decode base64 content");
let private_key = RSAPrivateKey::from_pkcs1(&der_bytes).expect("failed to parse key");

pub fn from_pkcs8(der: &[u8]) -> Result<RSAPrivateKey>

Parse a PKCS8 encoded RSA Private Key.

The der data is expected to be the base64 decoded content following a -----BEGIN PRIVATE KEY----- header.

https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem

Example

use rsa::RSAPrivateKey;

let file_content = r#"
-----BEGIN PRIVATE KEY-----
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEArlnuOTWqXkOq5G+U
+YWDIEMK909DRPayLag8BSY3DZn+pvZKv8EQGhalqAV/waXUrg9GKklK50OXo39V
1vYJiQIDAQABAkEAje9YJ+qwTxz3OhA8TwWJwfHSM5KrSLEsTE7wzaBWoRKrdIml
ZsRu889tFvWwipkd7nBXdeaPT3O9TN914HsLoQIhAOOgH+SntCVGI2GC52FA9y3x
dR/oKCnuEHEvYr1D1TNrAiEAxBW+0fVNQ51pJaKqsXHvD7nijnx8imR5wjkqXRNp
Z9sCIGufJ7UqfYgqE0xlYhSfbL7yLNh7IZJBltCNAPhPfBwlAiAoaBa/a141nb1q
LQAhusm5ouOF2y9K0XOpy1/oeDSTWwIhAKMl3AMYXspqd7HvQoBpyY6XDe9/HpdZ
P7Y8fpCHy0u6
-----END PRIVATE KEY-----
"#;

let der_encoded = file_content
    .lines()
    .filter(|line| !line.starts_with("-"))
    .fold(String::new(), |mut data, line| {
        data.push_str(&line);
        data
    });
let der_bytes = base64::decode(&der_encoded).expect("failed to decode base64 content");
let private_key = RSAPrivateKey::from_pkcs8(&der_bytes).expect("failed to parse key");

pub fn to_public_key(&self) -> RSAPublicKey

Get the public key from the private key, cloning n and e.

Generally this is not needed since RSAPrivateKey implements the PublicKey trait, but it can occationally be useful to discard the private information entirely.

pub fn precompute(&mut self) -> Result<()>

Performs some calculations to speed up private key operations.

pub fn d(&self) -> &BigUint

Returns the private exponent of the key.

pub fn primes(&self) -> &[BigUint]

Returns the prime factors.

pub fn validate(&self) -> Result<()>

Performs basic sanity checks on the key. Returns Ok(()) if everything is good, otherwise an approriate error.

pub fn decrypt(
    &self,
    padding: PaddingScheme,
    ciphertext: &[u8]
) -> Result<Vec<u8>>

Decrypt the given message.

pub fn decrypt_blinded<R: Rng>(
    &self,
    rng: &mut R,
    padding: PaddingScheme,
    ciphertext: &[u8]
) -> Result<Vec<u8>>

Decrypt the given message.

Uses rng to blind the decryption process.

pub fn sign(&self, padding: PaddingScheme, digest_in: &[u8]) -> Result<Vec<u8>>

Sign the given digest.

pub fn sign_blinded<R: Rng>(
    &self,
    rng: &mut R,
    padding: PaddingScheme,
    digest_in: &[u8]
) -> Result<Vec<u8>>

Sign the given digest.

Use rng for blinding.

Methods from Deref<Target = RSAPublicKey>

Trait Implementations

impl Clone for RSAPrivateKey

fn clone(&self) -> RSAPrivateKey

Returns a copy of the value.

pub fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for RSAPrivateKey

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Deref for RSAPrivateKey

type Target = RSAPublicKey

The resulting type after dereferencing.

fn deref(&self) -> &RSAPublicKey

Dereferences the value.

impl Drop for RSAPrivateKey

fn drop(&mut self)

Executes the destructor for this type.

impl Eq for RSAPrivateKey

impl From<&'_ RSAPrivateKey> for RSAPublicKey

fn from(private_key: &RSAPrivateKey) -> Self

Performs the conversion.

impl From<RSAPrivateKey> for RSAPublicKey

fn from(private_key: RSAPrivateKey) -> Self

Performs the conversion.

impl PartialEq<RSAPrivateKey> for RSAPrivateKey

fn eq(&self, other: &RSAPrivateKey) -> bool

This method tests for self and other values to be equal, and is used by ==.

#[must_use]pub fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl PrivateKeyEncoding for RSAPrivateKey

fn to_pkcs1(&self) -> Result<Vec<u8>>

Encodes a Private key to into PKCS1 bytes.

fn to_pkcs8(&self) -> Result<Vec<u8>>

Encodes a Private key to into PKCS8 bytes.

impl PrivateKeyPemEncoding for RSAPrivateKey

const PKCS1_HEADER: &'static str

const PKCS8_HEADER: &'static str

fn to_pem_pkcs1(&self) -> Result<String>

Converts a Private key into PKCS1 encoded bytes in pem format.

fn to_pem_pkcs1_with_config(&self, config: EncodeConfig) -> Result<String>

Converts a Private key into PKCS1 encoded bytes in pem format with encoding config.

fn to_pem_pkcs8(&self) -> Result<String>

Converts a Private key into PKCS8 encoded bytes in pem format.

fn to_pem_pkcs8_with_config(&self, config: EncodeConfig) -> Result<String>

Converts a Private key into PKCS8 encoded bytes in pem format with encoding config.

impl PublicKeyParts for RSAPrivateKey

fn n(&self) -> &BigUint

Returns the modulus of the key.

fn e(&self) -> &BigUint

Returns the public exponent of the key.

fn size(&self) -> usize

Returns the modulus size in bytes. Raw signatures and ciphertexts for or by this public key will have the same size.

impl<'a> PublicKeyParts for &'a RSAPrivateKey

fn n(&self) -> &BigUint

Returns the modulus of the key.

fn e(&self) -> &BigUint

Returns the public exponent of the key.

fn size(&self) -> usize

Returns the modulus size in bytes. Raw signatures and ciphertexts for or by this public key will have the same size.

impl TryFrom<Pem> for RSAPrivateKey

type Error = Error

The type returned in the event of a conversion error.

fn try_from(pem: Pem) -> Result<RSAPrivateKey>

Parses a PKCS8 or PKCS1 encoded RSA Private Key.

Expects one of the following pem headers:

• -----BEGIN PRIVATE KEY-----
• -----BEGIN RSA PRIVATE KEY-----

Example

use std::convert::TryFrom;
use rsa::RSAPrivateKey;

let file_content = r#"
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAK5Z7jk1ql5DquRvlPmFgyBDCvdPQ0T2si2oPAUmNw2Z/qb2Sr/B
EBoWpagFf8Gl1K4PRipJSudDl6N/Vdb2CYkCAwEAAQJBAI3vWCfqsE8c9zoQPE8F
icHx0jOSq0ixLExO8M2gVqESq3SJpWbEbvPPbRb1sIqZHe5wV3Xmj09zvUzfdeB7
C6ECIQDjoB/kp7QlRiNhgudhQPct8XUf6Cgp7hBxL2K9Q9UzawIhAMQVvtH1TUOd
aSWiqrFx7w+54o58fIpkecI5Kl0TaWfbAiBrnye1Kn2IKhNMZWIUn2y+8izYeyGS
QZbQjQD4T3wcJQIgKGgWv2teNZ29ai0AIbrJuaLjhdsvStFzqctf6Hg0k1sCIQCj
JdwDGF7Kanex70KAacmOlw3vfx6XWT+2PH6Qh8tLug==
-----END RSA PRIVATE KEY-----
"#;

let pem = rsa::pem::parse(file_content).expect("failed to parse pem file");
let private_key = RSAPrivateKey::try_from(pem).expect("failed to parse key");

impl Zeroize for RSAPrivateKey

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.