Struct RsaPrivateKey

Source

pub struct RsaPrivateKey { /* private fields */ }

Available on crate feature private-key only.

Expand description

Represents a whole RSA key, public and private parts.

Implementations§

Source §

impl RsaPrivateKey

Source

pub fn new<R: CryptoRng + ?Sized>(rng: &mut R, bit_size: usize) -> Result<Self>

Generate a new RSA key pair with a modulus of the given bit size using the passed in rng.

§Errors

If bit_size is lower than the minimum 1024-bits.

Source

pub fn new_unchecked<R: CryptoRng + ?Sized>( rng: &mut R, bit_size: usize, ) -> Result<Self>

Available on crate feature hazmat only.

Generate a new RSA key pair of the given bit size.

#⚠️Warning: Hazmat! This version does not apply minimum key size checks, and as such may generate keys which are insecure!

Source

pub fn new_with_exp<R: CryptoRng + ?Sized>( rng: &mut R, bit_size: usize, exp: BoxedUint, ) -> Result<RsaPrivateKey>

Generate a new RSA key pair of the given bit size and the public exponent using the passed in rng.

Unless you have specific needs, you should use RsaPrivateKey::new instead.

Source

pub fn new_with_exp_unchecked<R: CryptoRng + ?Sized>( rng: &mut R, bit_size: usize, exp: BoxedUint, ) -> Result<RsaPrivateKey>

Available on crate feature hazmat only.

Generate a new RSA key pair of the given bit size and the public exponent using the passed in rng.

Unless you have specific needs, you should use RsaPrivateKey::new instead.

#⚠️Warning: Hazmat! This version does not apply minimum key size checks, and as such may generate keys which are insecure!

Source

pub fn from_components_with_large_exponent( n: BoxedUint, e: BoxedUint, d: BoxedUint, primes: Vec<BoxedUint>, ) -> Result<RsaPrivateKey>

Available on crate feature hazmat only.

Constructs an RSA key pair from individual components, accepting exponents outside the normal size bounds.

See RsaPrivateKey::from_components for an explanation on the parameters.

§⚠️ Warning: Hazmat!

This method accepts public exponents outside the standard bounds (2 ≤ e ≤ 2^33-1), but still performs full cryptographic validation to ensure the key is mathematically correct (i.e., verifies that de ≡ 1 mod λ(n)).

Note: This method is dangerous as it can be used as a DOS vector if used with untrusted input https://www.imperialviolet.org/2012/03/17/rsados.html

This is intended for interoperating with systems that use non-standard exponents or loading legacy keys. Use RsaPrivateKey::from_components for standard key construction.

Source

pub fn from_components( n: BoxedUint, e: BoxedUint, d: BoxedUint, primes: Vec<BoxedUint>, ) -> Result<RsaPrivateKey>

Constructs an RSA key pair from individual components:

n: RSA modulus
e: public exponent (i.e. encrypting exponent)
d: private exponent (i.e. decrypting exponent)
primes: prime factors of n: typically two primes p and q. More than two primes can be provided for multiprime RSA, however this is generally not recommended. If no primes are provided, a prime factor recovery algorithm will be employed to attempt to recover the factors (as described in NIST SP 800-56B Revision 2 Appendix C.2). This algorithm only works if there are just two prime factors p and q (as opposed to multiprime), and e is between 2^16 and 2^256.

Source

pub fn from_p_q( p: BoxedUint, q: BoxedUint, public_exponent: BoxedUint, ) -> Result<RsaPrivateKey>

Constructs an RSA key pair from its two primes p and q.

This will rebuild the private exponent and the modulus.

Private exponent will be rebuilt using the method defined in NIST 800-56B Section 6.2.1.

Source

pub fn from_primes( primes: Vec<BoxedUint>, public_exponent: BoxedUint, ) -> Result<RsaPrivateKey>

Constructs an RSA key pair from its primes.

This will rebuild the private exponent and the modulus.

Source

pub fn as_public_key(&self) -> &RsaPublicKey

Get the public key from the private key.

Specific alternative to AsRef::as_ref.

Source

pub fn to_public_key(&self) -> RsaPublicKey

Get the public key from the private key, cloning n and e.

Generally this is not needed since RsaPrivateKey implements the PublicKey trait, but it can occasionally be useful to discard the private information entirely.

Source

pub fn precompute(&mut self) -> Result<()>

Performs some calculations to speed up private key operations.

Source

pub fn clear_precomputed(&mut self)

Clears precomputed values by setting to None

Source

pub fn crt_coefficient(&self) -> Option<BoxedUint>

Compute CRT coefficient: (1/q) mod p.

Source

pub fn validate(&self) -> Result<()>

Performs basic sanity checks on the key. Returns Ok(()) if everything is good, otherwise an appropriate error.

Source

pub fn decrypt<P: PaddingScheme>( &self, padding: P, ciphertext: &[u8], ) -> Result<Vec<u8>>

Decrypt the given message.

Source

pub fn decrypt_blinded<R: CryptoRng + ?Sized, P: PaddingScheme>( &self, rng: &mut R, padding: P, ciphertext: &[u8], ) -> Result<Vec<u8>>

Decrypt the given message.

Uses rng to blind the decryption process.

Source

pub fn sign<S: SignatureScheme>( &self, padding: S, digest_in: &[u8], ) -> Result<Vec<u8>>

Sign the given digest.

Source

pub fn sign_with_rng<R: CryptoRng + ?Sized, S: SignatureScheme>( &self, rng: &mut R, padding: S, digest_in: &[u8], ) -> Result<Vec<u8>>

Sign the given digest using the provided rng, which is used in the following ways depending on the SignatureScheme:

Pkcs1v15Sign padding: uses the RNG to mask the private key operation with random blinding, which helps mitigate sidechannel attacks.
Pss always requires randomness. Use Pss::new for a standard RSASSA-PSS signature, or Pss::new_blinded for RSA-BSSA blind signatures.

Trait Implementations§

Source §

impl AsRef<GenericRsaPublicKey<BoxedUint, BoxedMontyParams>> for RsaPrivateKey

Source §

fn as_ref(&self) -> &RsaPublicKey

Converts this type into a shared reference of the (usually inferred) input type.

Source §

impl<D> AsRef<RsaPrivateKey> for BlindedSigningKey<D>
where D: Digest,

Source §

fn as_ref(&self) -> &RsaPrivateKey

Converts this type into a shared reference of the (usually inferred) input type.

Source §

impl<D> AsRef<RsaPrivateKey> for SigningKey<D>
where D: Digest,

Source §

fn as_ref(&self) -> &RsaPrivateKey

Converts this type into a shared reference of the (usually inferred) input type.

Source §

impl<D> AsRef<RsaPrivateKey> for SigningKey<D>
where D: Digest,

Source §

fn as_ref(&self) -> &RsaPrivateKey

Converts this type into a shared reference of the (usually inferred) input type.

Source §

impl Clone for RsaPrivateKey

Source §

fn clone(&self) -> RsaPrivateKey

Returns a duplicate of the value. Read more

1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Source §

impl Debug for RsaPrivateKey

Source §

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Source §

impl DecodeRsaPrivateKey for RsaPrivateKey

Available on crate feature encoding only.

Source §

fn from_pkcs1_der(bytes: &[u8]) -> Result<Self>

Deserialize PKCS#1 private key from ASN.1 DER-encoded data (binary format).

Source §

fn from_pkcs1_pem(s: &str) -> Result<Self, Error>

Available on crate feature pem only.

Deserialize PKCS#1-encoded private key from PEM. Read more

Source §

fn read_pkcs1_der_file(path: impl AsRef<Path>) -> Result<Self, Error>

Available on crate feature std only.

Load PKCS#1 private key from an ASN.1 DER-encoded file on the local filesystem (binary format).

Source §

fn read_pkcs1_pem_file(path: impl AsRef<Path>) -> Result<Self, Error>

Available on crate features pem and std only.

Load PKCS#1 private key from a PEM-encoded file on the local filesystem.

Source §

impl<'de> Deserialize<'de> for RsaPrivateKey

Available on crate feature serde only.

Source §

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

Source §

impl Drop for RsaPrivateKey

Source §

fn drop(&mut self)

Executes the destructor for this type. Read more

Source §

fn pin_drop(self: Pin<&mut Self>)

🔬This is a nightly-only experimental API. (pin_ergonomics)

Execute the destructor for this type, but different to Drop::drop, it requires self to be pinned. Read more

Source §

impl EncodePrivateKey for RsaPrivateKey

Available on crate feature encoding only.

Source §

fn to_pkcs8_der(&self) -> Result<SecretDocument>

Serialize a SecretDocument containing a PKCS#8-encoded private key. Read more

Source §

fn to_pkcs8_pem( &self, line_ending: LineEnding, ) -> Result<Zeroizing<String>, Error>

Available on crate feature pem only.

Serialize this private key as PEM-encoded PKCS#8 with the given LineEnding. Read more

Source §

fn write_pkcs8_der_file(&self, path: impl AsRef<Path>) -> Result<(), Error>

Available on crate feature std only.

Write ASN.1 DER-encoded PKCS#8 private key to the given path. Read more

Source §

fn write_pkcs8_pem_file( &self, path: impl AsRef<Path>, line_ending: LineEnding, ) -> Result<(), Error>

Available on crate features pem and std only.

Write ASN.1 PEM-encoded PKCS#8 private key to the given path. Read more

Source §

impl EncodeRsaPrivateKey for RsaPrivateKey

Available on crate feature encoding only.

Source §

fn to_pkcs1_der(&self) -> Result<SecretDocument>

Serialize a SecretDocument containing a PKCS#1-encoded private key.

Source §

fn to_pkcs1_pem( &self, line_ending: LineEnding, ) -> Result<Zeroizing<String>, Error>

Available on crate feature pem only.

Serialize this private key as PEM-encoded PKCS#1 with the given LineEnding.

Source §

fn write_pkcs1_der_file(&self, path: impl AsRef<Path>) -> Result<(), Error>

Available on crate feature std only.

Write ASN.1 DER-encoded PKCS#1 private key to the given path.

Source §

fn write_pkcs1_pem_file( &self, path: impl AsRef<Path>, line_ending: LineEnding, ) -> Result<(), Error>

Available on crate features pem and std only.

Write ASN.1 PEM-encoded PKCS#1 private key to the given path.

Source §