Struct actix_web::cookie::Key

pub struct Key(/* private fields */);

Available on crate feature cookies only.

A cryptographic master key for use with Signed and/or Private jars.

This structure encapsulates secure, cryptographic keys for use with both PrivateJar and SignedJar. A single instance of a Key can be used for both a PrivateJar and a SignedJar simultaneously with no notable security implications.

Implementations

impl Key

pub fn from(key: &[u8]) -> Key

Creates a new Key from a 512-bit cryptographically random string.

The supplied key must be at least 512-bits (64 bytes). For security, the master key must be cryptographically random.

Panics

Panics if key is less than 64 bytes in length.

For a non-panicking version, use Key::try_from() or generate a key with Key::generate() or Key::try_generate().

Example

use cookie::Key;

let key = { /* a cryptographically random key >= 64 bytes */ };

let key = Key::from(key);

pub fn derive_from(master_key: &[u8]) -> Key

Available on crate feature key-expansion only.

Derives new signing/encryption keys from a master key.

The master key must be at least 256-bits (32 bytes). For security, the master key must be cryptographically random. The keys are derived deterministically from the master key.

Panics

Panics if key is less than 32 bytes in length.

Example

use cookie::Key;

let master_key = { /* a cryptographically random key >= 32 bytes */ };

let key = Key::derive_from(master_key);

pub fn generate() -> Key

Generates signing/encryption keys from a secure, random source. Keys are generated nondeterministically.

Panics

Panics if randomness cannot be retrieved from the operating system. See Key::try_generate() for a non-panicking version.

Example

use cookie::Key;

let key = Key::generate();

pub fn try_generate() -> Option<Key>

Attempts to generate signing/encryption keys from a secure, random source. Keys are generated nondeterministically. If randomness cannot be retrieved from the underlying operating system, returns None.

Example

use cookie::Key;

let key = Key::try_generate();

pub fn signing(&self) -> &[u8]

Returns the raw bytes of a key suitable for signing cookies. Guaranteed to be at least 32 bytes.

Example

use cookie::Key;

let key = Key::generate();
let signing_key = key.signing();

pub fn encryption(&self) -> &[u8]

Returns the raw bytes of a key suitable for encrypting cookies. Guaranteed to be at least 32 bytes.

Example

use cookie::Key;

let key = Key::generate();
let encryption_key = key.encryption();

pub fn master(&self) -> &[u8]

Returns the raw bytes of the master key. Guaranteed to be at least 64 bytes.

Example

use cookie::Key;

let key = Key::generate();
let master_key = key.master();

Trait Implementations

impl Clone for Key

fn clone(&self) -> Key

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl PartialEq for Key

fn eq(&self, other: &Key) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl TryFrom<&[u8]> for Key

fn try_from(key: &[u8]) -> Result<Key, <Key as TryFrom<&[u8]>>::Error>

A fallible version of Key::from().

Succeeds when Key::from() succeds and returns an error where Key::from() panics, namely, if key is too short.

Example

use cookie::Key;

let key = { /* a cryptographically random key >= 64 bytes */ };
assert!(Key::try_from(key).is_ok());

// A key that's far too short to use.
let key = &[1, 2, 3, 4][..];
assert!(Key::try_from(key).is_err());

type Error = KeyError

The type returned in the event of a conversion error.