Skip to main content

PublicKeyAlgorithmSpecification

Struct PublicKeyAlgorithmSpecification 

Source
pub struct PublicKeyAlgorithmSpecification { /* private fields */ }
Expand description

A full specification of a public key algorithm.

OpenPGP’s PublicKeyAlgorithm type does not completely specify the public key algorithm. For some ECC keys, a curve parameter is also required, and for some algorithms like RSA and DSA, a size parameter is required. This data structure captures all of the required parameters.

Implementations§

Source§

impl PublicKeyAlgorithmSpecification

Source

pub fn pk_algo(&self) -> PublicKeyAlgorithm

Returns the OpenPGP public key algorithm.

Source

pub fn curve(&self) -> Option<Curve>

Returns the elliptical curve parameter, if any.

Note: Not all elliptical curve algorithms have an elliptical curve parameter.

Source

pub fn bits(&self) -> Option<usize>

Returns the bits parameter.

Note: Not all algorithms have a bits parameter.

Source§

impl PublicKeyAlgorithmSpecification

Source

pub fn is_supported(&self) -> bool

Returns whether this algorithm is supported.

Source

pub fn for_signing(&self) -> bool

Returns whether this algorithm is for signing.

Source

pub fn for_encryption(&self) -> bool

Returns whether this algorithm is for signing.

Source

pub fn rsa(bits: usize) -> Self

RSA

According to RFC 9580, Section 9.1, RSA keys are deprecated and should not be generated, but may be interpreted.

Source

pub fn dsa(bits: usize) -> Self

DSA

According to RFC 9580, Section 9.1, DSA keys are deprecated and must not be generated.

This library still allows the generation of v4 DSA keys, but forbids the generation of v6 keys.

Source

pub fn elgamal(bits: usize) -> Self

Elgamal

According to RFC 9580, Section 9.1, ElGamal keys are deprecated and must not be generated.

This library still allows the generation of v4 Elgamal keys, but forbids the generation of v6 keys.

Source

pub fn legacy_ed25519() -> Self

Ed25519

D.J. Bernstein’s “Twisted” Edwards curve Ed25519.

RFC 9580, Section 9.1 deprecates this legacy variant of Cv25519 in favor of a new Ed25519 variant. However, if you are using v4 instead of v6 keys due to interopability concerns, then you should prefer the legacy algorithm as well.

Source

pub fn legacy_cv25519() -> Self

Cv25519

Elliptic curve Diffie-Hellman using D.J. Bernstein’s Curve25519, legacy variant.

RFC 9580, Section 9.1 deprecates this legacy variant of Cv25519 in favor of a new X25519 variant. However, if you are using v4 instead of v6 keys due to interopability concerns, then you should prefer the legacy algorithm as well.

Source

pub fn ed25519() -> Self

Cv25519

Elliptic curve Diffie-Hellman using D.J. Bernstein’s Curve25519, new variant.

This variant can be used with v4 keys, but if you are using v4 instead of v6 keys due to interopability concerns, then you should prefer the legacy algorithm, PublicKeyAlgorithmSpecification::legacy_ed25519 as well.

Source

pub fn x25519() -> Self

Cv25519

Elliptic curve Diffie-Hellman using D.J. Bernstein’s Curve25519, new variant.

This variant can be used with v4 keys, but if you are using v4 instead of v6 keys due to interopability concerns, then you should prefer the legacy algorithm, PublicKeyAlgorithmSpecification::legacy_cv25519 as well.

Source

pub fn ed448() -> Self

Ed448

Elliptic curve Diffie-Hellman using D.J. Bernstein’s Ed448.

See RFC 9580, Section 11.1.

Source

pub fn x448() -> Self

X448

Elliptic curve Diffie-Hellman using D.J. Bernstein’s X448.

See RFC 9580, Section 11.1.

Source

pub fn nistp256_for_encryption() -> Self

NIST curve P-256 for encryption.

See RFC 9580, Section 11.1.

Source

pub fn nistp256_for_signing() -> Self

NIST curve P-256 for signing.

See RFC 9580, Section 11.1.

Source

pub fn nistp384_for_encryption() -> Self

NIST curve P-384 for encryption.

See RFC 9580, Section 11.1.

Source

pub fn nistp384_for_signing() -> Self

NIST curve P-384 for signing.

See RFC 9580, Section 11.1.

Source

pub fn nistp521_for_encryption() -> Self

NIST curve P-521 for encryption.

See RFC 9580, Section 11.1.

Source

pub fn nistp521_for_signing() -> Self

NIST curve P-521 for signing.

See RFC 9580, Section 11.1.

Source

pub fn brainpoolp256_for_encryption() -> Self

BRAINPOOL curve P256r1 for encryption.

See RFC 9580, Section 11.1.

Source

pub fn brainpoolp256_for_signing() -> Self

Brainpool curve P256r1 for signing.

See RFC 9580, Section 11.1.

Source

pub fn brainpoolp384_for_encryption() -> Self

Brainpool curve P384r1 for encryption.

See RFC 9580, Section 11.1.

Source

pub fn brainpoolp384_for_signing() -> Self

Brainpool curve P384r1 for signing.

See RFC 9580, Section 11.1.

Source

pub fn brainpoolp512_for_encryption() -> Self

Brainpool curve P512r1 for encryption.

See RFC 9580, Section 11.1.

Source

pub fn brainpoolp512_for_signing() -> Self

Brainpool curve P512r1 for signing.

See RFC 9580, Section 11.1.

Source

pub fn mldsa65_ed25519() -> Self

MLDSA65+Ed25519.

MLDSA65+Ed25519 is a post-quantum secure signing algorithm, which includes a fallback to classical Ed25519. It’s appropriate for use in general-purpose certificates.

MLDSA65+Ed25519 is defined in RFC 9980.

Source

pub fn mldsa87_ed448() -> Self

MLDSA87+Ed448.

MLDSA87+Ed448 is a post-quantum secure signing algorithm, which includes a fallback to classical Ed448. It has a higher security margin than than MLDSA65+Ed25519 and is consequently slower.

MLDSA87+Ed448 is defined in RFC 9980.

Source

pub fn slhdsa128s() -> Self

SLHDSA128s.

SLHDSA128s is a post-quantum secure signing algorithm. There is more confidence that SLHDSA is secure than MLDSA and as such there is no classical fallback. SLHDSA is very slow and thus this algorithm is only recommended for infrequent signing (e.g., software releases) and asynchronous operations. SLHDSA128f is faster than SLHDSA128s (but still not recommended for frequent synchronous use), but it generates larger artifacts.

SLHDSA128s is defined in RFC 9980.

Source

pub fn slhdsa128f() -> Self

SLHDSA128f.

SLHDSA128f is a post-quantum secure signing algorithm. There is more confidence that SLHDSA is secure than MLDSA and as such there is no classical fallback. SLHDSA is very slow and thus this algorithm is only recommended for infrequent signing (e.g., software releases) and asynchronous operations. SLHDSA128f is faster than SLHDSA128s (but still not recommended for frequent synchronous use), but generates larger artifacts.

SLHDSA128f is defined in RFC 9980.

Source

pub fn slhdsa256s() -> Self

SLHDSA256s.

SLHDSA256s is a post-quantum secure signing algorithm. There is more confidence that SLHDSA is secure than MLDSA and as such there is no classical fallback. SLHDSA is very slow and thus this algorithm is only recommended for infrequent signing (e.g., software releases) and asynchronous operations. SLHDSA256s has a higher security margin than SLHDSA256s and SLHDSA256f and in consequently even slower.

SLHDSA256s is defined in RFC 9980.

Source

pub fn mlkem768_x25519() -> Self

MLKEM768+X25519.

MLKEM768+X25519 is a post-quantum secure encryption algorithm, which includes a fallback to classical X25519. It’s appropriate for use in general purpose certificates.

MLKEM768+X25519 is defined in RFC 9980.

Source

pub fn mlkem1024_x448() -> Self

MLKEM1024+X448.

MLKEM1024+X448 is a post-quantum secure encryption algorithm, which includes a fallback to classical X448. It has a higher security margin than than MLKEM768+X25519 and is consequently slower.

MLKEM1024+X448 is defined in RFC 9980.

Source

pub fn generate_key( &self, profile: Profile, ) -> Result<Key<SecretParts, UnspecifiedRole>>

Generates a key according to the specification.

Source

pub fn generate_key_for<K>( &self, profile: Profile, key_flags: K, ) -> Result<Key<SecretParts, UnspecifiedRole>>
where K: AsRef<KeyFlags>,

Generates a key according to the specification and checks that it is compatible with the key flags.

Trait Implementations§

Source§

impl Clone for PublicKeyAlgorithmSpecification

Source§

fn clone(&self) -> PublicKeyAlgorithmSpecification

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for PublicKeyAlgorithmSpecification

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.