Expand description
Local file-based signing backend for secretx.
Loads a private key from a file (PKCS#8 DER) and implements SigningBackend
for Ed25519, ECDSA P-256/SHA-256, and RSA-PSS-2048/SHA-256.
§URI format
secretx:local-signing:<key_path>[?algorithm=<algo>]Where <algo> is one of ed25519, p256, or rsa-pss-2048, and
<key_path> is the path to the PKCS#8 DER-encoded private key file.
When ?algorithm= is omitted the algorithm is auto-detected from the
PKCS#8 DER AlgorithmIdentifier OID embedded in the key file.
Use a leading / for absolute paths:
secretx:local-signing:/etc/secrets/ed25519.der
secretx:local-signing:/etc/secrets/ed25519.der?algorithm=ed25519
secretx:local-signing:relative/key.der?algorithm=p256
secretx:local-signing:/etc/secrets/rsa.der?algorithm=rsa-pss-2048§Example
use secretx_local_signing::LocalSigningBackend;
use secretx_core::SigningBackend;
let backend = LocalSigningBackend::from_uri(
"secretx:local-signing:/etc/secrets/ed25519.der?algorithm=ed25519",
)?;
let sig = backend.sign(b"hello world").await?;Structs§
- Local
Signing Backend - Signing backend that loads a private key from a local file.