Expand description
RSA Signature and Encryption Support.
§OAEP Encryption / Decryption
use aws_lc_rs::{
encoding::{AsDer, Pkcs8V1Der, PublicKeyX509Der},
rsa::{KeySize, OAEP_SHA256_MGF1SHA256, OaepPublicEncryptingKey, OaepPrivateDecryptingKey, PublicEncryptingKey, PrivateDecryptingKey}
};
// Generate a RSA 2048-bit key.
let private_key = PrivateDecryptingKey::generate(KeySize::Rsa2048)?;
// Serialize the RSA private key to DER encoded PKCS#8 format for later usage.
let private_key_der = AsDer::<Pkcs8V1Der>::as_der(&private_key)?;
let private_key_der_bytes = private_key_der.as_ref();
// Load a RSA private key from DER encoded PKCS#8 document.
let private_key = PrivateDecryptingKey::from_pkcs8(private_key_der_bytes)?;
// Retrieve the RSA public key
let public_key = private_key.public_key();
// Serialize the RSA public key to DER encoded X.509 SubjectPublicKeyInfo for later usage.
let public_key_der = AsDer::<PublicKeyX509Der>::as_der(&public_key)?;
let public_key_der_bytes = public_key_der.as_ref();
// Load a RSA public key from DER encoded X.509 SubjectPublicKeyInfo.
let public_key = PublicEncryptingKey::from_der(public_key_der_bytes)?;
// Construct a RSA-OAEP public encrypting key
let public_key = OaepPublicEncryptingKey::new(public_key)?;
// The maximum size plaintext can be determined by calling `OaepPublicEncryptingKey::max_plaintext_size`
let message = b"hello world";
let mut ciphertext = vec![0u8; public_key.ciphertext_size()]; // Output will be the size of the RSA key length in bytes rounded up.
// Encrypt a message with the public key without the optional label provided.
let ciphertext = public_key.encrypt(&OAEP_SHA256_MGF1SHA256, message, &mut ciphertext, None)?;
assert_ne!(message, ciphertext);
// Construct a RSA-OAEP private decrypting key
let private_key = OaepPrivateDecryptingKey::new(private_key)?;
// Decrypt a message with the private key.
let mut plaintext = vec![0u8; private_key.min_output_size()];
let plaintext = private_key.decrypt(&OAEP_SHA256_MGF1SHA256, ciphertext, &mut plaintext, None)?;
assert_eq!(message, plaintext);
Structs§
- KeyPair
- An RSA key pair, used for signing.
- Oaep
Algorithm - An RSA-OAEP algorithm.
- Oaep
Private Decrypting Key - An RSA-OAEP private key for decryption.
- Oaep
Public Encrypting Key - An RSA-OAEP public key for encryption.
- Pkcs1
Private Decrypting Key - RSA PKCS1-v1.5 private key for decryption.
- Pkcs1
Public Encrypting Key - RSA PKCS1-v1.5 public key for encryption.
- Private
Decrypting Key - An RSA private key used for decrypting ciphertext encrypted by a
PublicEncryptingKey. - Public
Encrypting Key - An RSA public key used for encrypting plaintext that is decrypted by a
PrivateDecryptingKey. - Public
Key - A serialized RSA public key.
- Public
KeyComponents - Low-level API for RSA public keys.
- RsaParameters
- Parameters for RSA verification.
Enums§
- Encryption
Algorithm Id - RSA Encryption Algorithm Identifier
- KeySize
- RSA key-size.
Constants§
- OAEP_
SHA1_ MGF1SH A1 - RSA-OAEP with SHA1 Hash and SHA1 MGF1
- OAEP_
SHA256_ MGF1SH A256 - RSA-OAEP with SHA256 Hash and SHA256 MGF1
- OAEP_
SHA384_ MGF1SH A384 - RSA-OAEP with SHA384 Hash and SHA384 MGF1
- OAEP_
SHA512_ MGF1SH A512 - RSA-OAEP with SHA512 Hash and SHA512 MGF1