Module rsa

RSA Signature and Encryption Support.

OAEP Encryption / Decryption

use aws_lc_rs::{
    encoding::{AsDer, Pkcs8V1Der, PublicKeyX509Der},
    rsa::{KeySize, OAEP_SHA256_MGF1SHA256, OaepPublicEncryptingKey, OaepPrivateDecryptingKey, PublicEncryptingKey, PrivateDecryptingKey}
};

// Generate a RSA 2048-bit key.
let private_key = PrivateDecryptingKey::generate(KeySize::Rsa2048)?;

// Serialize the RSA private key to DER encoded PKCS#8 format for later usage.
let private_key_der = AsDer::<Pkcs8V1Der>::as_der(&private_key)?;
let private_key_der_bytes = private_key_der.as_ref();

// Load a RSA private key from DER encoded PKCS#8 document.
let private_key = PrivateDecryptingKey::from_pkcs8(private_key_der_bytes)?;

// Retrieve the RSA public key
let public_key = private_key.public_key();

// Serialize the RSA public key to DER encoded X.509 SubjectPublicKeyInfo for later usage.
let public_key_der = AsDer::<PublicKeyX509Der>::as_der(&public_key)?;
let public_key_der_bytes = public_key_der.as_ref();

// Load a RSA public key from DER encoded X.509 SubjectPublicKeyInfo.
let public_key = PublicEncryptingKey::from_der(public_key_der_bytes)?;

// Construct a RSA-OAEP public encrypting key
let public_key = OaepPublicEncryptingKey::new(public_key)?;

// The maximum size plaintext can be determined by calling `OaepPublicEncryptingKey::max_plaintext_size`
let message = b"hello world";
let mut ciphertext = vec![0u8; public_key.ciphertext_size()]; // Output will be the size of the RSA key length in bytes rounded up.

// Encrypt a message with the public key without the optional label provided.
let ciphertext = public_key.encrypt(&OAEP_SHA256_MGF1SHA256, message, &mut ciphertext, None)?;

assert_ne!(message, ciphertext);

// Construct a RSA-OAEP private decrypting key
let private_key = OaepPrivateDecryptingKey::new(private_key)?;

// Decrypt a message with the private key.
let mut plaintext = vec![0u8; private_key.min_output_size()];
let plaintext = private_key.decrypt(&OAEP_SHA256_MGF1SHA256, ciphertext, &mut plaintext, None)?;

assert_eq!(message, plaintext);

Structs

• KeyPair
  An RSA key pair, used for signing.
• OaepAlgorithm
  An RSA-OAEP algorithm.
• OaepPrivateDecryptingKey
  An RSA-OAEP private key for decryption.
• OaepPublicEncryptingKey
  An RSA-OAEP public key for encryption.
• Pkcs1PrivateDecryptingKey
  RSA PKCS1-v1.5 private key for decryption.
• Pkcs1PublicEncryptingKey
  RSA PKCS1-v1.5 public key for encryption.
• PrivateDecryptingKey
  An RSA private key used for decrypting ciphertext encrypted by a PublicEncryptingKey.
• PublicEncryptingKey
  An RSA public key used for encrypting plaintext that is decrypted by a PrivateDecryptingKey.
• PublicKey
  A serialized RSA public key.
• PublicKeyComponents
  Low-level API for the verification of RSA signatures.
• RsaParameters
  Parameters for RSA verification.

Enums

• EncryptionAlgorithmId
  RSA Encryption Algorithm Identifier
• KeySize
  RSA key-size.

Constants

• OAEP_SHA1_MGF1SHA1
  RSA-OAEP with SHA1 Hash and SHA1 MGF1
• OAEP_SHA256_MGF1SHA256
  RSA-OAEP with SHA256 Hash and SHA256 MGF1
• OAEP_SHA384_MGF1SHA384
  RSA-OAEP with SHA384 Hash and SHA384 MGF1
• OAEP_SHA512_MGF1SHA512
  RSA-OAEP with SHA512 Hash and SHA512 MGF1