Struct Ed25519KeyPair

Source

pub struct Ed25519KeyPair { /* private fields */ }

Expand description

An Ed25519 key pair, for signing.

Implementations§

Source §

impl Ed25519KeyPair

Source

pub fn generate() -> Result<Self, Unspecified>

Generates a new key pair and returns the key pair.

§Errors

error::Unspecified if key generation fails.

Source

pub fn generate_pkcs8(_rng: &dyn SecureRandom) -> Result<Document, Unspecified>

Generates a new key pair and returns the key pair serialized as a PKCS#8 document.

The PKCS#8 document will be a v2 OneAsymmetricKey with the public key, as described in RFC 5958 Section 2; see RFC 8410 Section 10.3 for an example.

§ring Compatibility

The ring 0.16.x API did not produce encoded v2 documents that were compliant with RFC 5958. The aws-lc-ring implementation produces PKCS#8 v2 encoded documents that are compliant per the RFC specification.

Our implementation ignores the SecureRandom parameter.

§Errors

error::Unspecified if rng cannot provide enough bits or if there’s an internal error.

Source

pub fn to_pkcs8(&self) -> Result<Document, Unspecified>

Serializes this Ed25519KeyPair into a PKCS#8 v2 document.

§Errors

error::Unspecified on internal error.

Source

pub fn generate_pkcs8v1( _rng: &dyn SecureRandom, ) -> Result<Document, Unspecified>

Generates a Ed25519KeyPair using the rng provided, then serializes that key as a PKCS#8 document.

The PKCS#8 document will be a v1 PrivateKeyInfo structure (RFC5208). Use this method when needing to produce documents that are compatible with the OpenSSL CLI.

§ring Compatibility

Our implementation ignores the SecureRandom parameter.

§Errors

error::Unspecified if rng cannot provide enough bits or if there’s an internal error.

Source

pub fn to_pkcs8v1(&self) -> Result<Document, Unspecified>

Serializes this Ed25519KeyPair into a PKCS#8 v1 document.

§Errors

error::Unspecified on internal error.

Source

pub fn from_seed_and_public_key( seed: &[u8], public_key: &[u8], ) -> Result<Self, KeyRejected>

Constructs an Ed25519 key pair from the private key seed seed and its public key public_key.

It is recommended to use Ed25519KeyPair::from_pkcs8() instead.

The private and public keys will be verified to be consistent with each other. This helps avoid misuse of the key (e.g. accidentally swapping the private key and public key, or using the wrong private key for the public key). This also detects any corruption of the public or private key.

§Errors

error::KeyRejected if parse error, or if key is otherwise unacceptable.

Source

pub fn from_pkcs8(pkcs8: &[u8]) -> Result<Self, KeyRejected>

Constructs an Ed25519 key pair by parsing an unencrypted PKCS#8 v1 or v2 Ed25519 private key.

openssl genpkey -algorithm ED25519 generates PKCS#8 v1 keys.

§Ring Compatibility

This method accepts either v1 or v2 encoded keys, if a v2 encoded key is provided, with the public key component present, it will be verified to match the one derived from the encoded private key.
The ring 0.16.x API did not produce encoded v2 documents that were compliant with RFC 5958. The aws-lc-ring implementation produces PKCS#8 v2 encoded documents that are compliant per the RFC specification.

§Errors

error::KeyRejected on parse error, or if key is otherwise unacceptable.

Source

pub fn from_pkcs8_maybe_unchecked(pkcs8: &[u8]) -> Result<Self, KeyRejected>

Constructs an Ed25519 key pair by parsing an unencrypted PKCS#8 v1 or v2 Ed25519 private key.

openssl genpkey -algorithm ED25519 generates PKCS# v1 keys.

§Ring Compatibility

This method accepts either v1 or v2 encoded keys, if a v2 encoded key is provided, with the public key component present, it will be verified to match the one derived from the encoded private key.
The ring 0.16.x API did not produce encoded v2 documents that were compliant with RFC 5958. The aws-lc-ring implementation produces PKCS#8 v2 encoded documents that are compliant per the RFC specification.