Trait rustls::sign::SigningKey

pub trait SigningKey: Debug + Send + Sync {
    // Required methods
    fn choose_scheme(
        &self,
        offered: &[SignatureScheme]
    ) -> Option<Box<dyn Signer>>;
    fn algorithm(&self) -> SignatureAlgorithm;
}

An abstract signing key.

This interface is used by rustls to use a private signing key for authentication. This includes server and client authentication.

Objects of this type are always used within Rustls as Arc<dyn SigningKey>. There are no concrete public structs in Rustls that implement this trait.

There are two main ways to get a signing key:

• KeyProvider::load_private_key(), or
• some other method outside of the KeyProvider extension trait, for instance:
  • crypto::ring::sign::any_ecdsa_type()
  • crypto::ring::sign::any_eddsa_type()
  • crypto::ring::sign::any_supported_type()
  • crypto::aws_lc_rs::sign::any_ecdsa_type()
  • crypto::aws_lc_rs::sign::any_eddsa_type()
  • crypto::aws_lc_rs::sign::any_supported_type()

The KeyProvider method load_private_key() is called under the hood by ConfigBuilder::with_single_cert(), ConfigBuilder::with_client_auth_cert(), and ConfigBuilder::with_single_cert_with_ocsp().

A signing key created outside of the KeyProvider extension trait can be used to create a CertifiedKey, which in turn can be used to create a ResolvesServerCertUsingSni. Alternately, a CertifiedKey can be returned from a custom implementation of the ResolvesServerCert or ResolvesClientCert traits.

Required Methods

fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option<Box<dyn Signer>>

Choose a SignatureScheme from those offered.

Expresses the choice by returning something that implements Signer, using the chosen scheme.

fn algorithm(&self) -> SignatureAlgorithm

What kind of key we have.

Implementors