pub struct Key { /* private fields */ }
Expand description
A key to use for HMAC signing.
Implementations§
Source§impl Key
impl Key
Sourcepub fn generate(
algorithm: Algorithm,
rng: &dyn SecureRandom,
) -> Result<Self, Unspecified>
pub fn generate( algorithm: Algorithm, rng: &dyn SecureRandom, ) -> Result<Self, Unspecified>
Generate an HMAC signing key using the given digest algorithm with a
random value generated from rng
.
The key will be digest_alg.output_len
bytes long, based on the
recommendation in RFC 2104 Section 3.
§Errors
error::Unspecified
is the rng
fails.
Sourcepub fn new(algorithm: Algorithm, key_value: &[u8]) -> Self
pub fn new(algorithm: Algorithm, key_value: &[u8]) -> Self
Construct an HMAC signing key using the given digest algorithm and key value.
key_value
should be a value generated using a secure random number
generator (e.g. the key_value
output by
SealingKey::generate_serializable()
) or derived from a random key by
a key derivation function (e.g. aws_lc_rs::hkdf
). In particular,
key_value
shouldn’t be a password.
As specified in RFC 2104, if key_value
is shorter than the digest
algorithm’s block length (as returned by digest::Algorithm::block_len
,
not the digest length returned by digest::Algorithm::output_len
) then
it will be padded with zeros. Similarly, if it is longer than the block
length then it will be compressed using the digest algorithm.
You should not use keys larger than the digest_alg.block_len
because
the truncation described above reduces their strength to only
digest_alg.output_len * 8
bits.
§Panics
Panics if the HMAC context cannot be constructed