pub struct Key(/* private fields */);
cookie
and (crate features cookie-signed
or cookie-private
) only.Expand description
A cryptographic master key for use with Signed
and/or Private
jars.
This structure encapsulates secure, cryptographic keys for use with both
PrivateJar
and SignedJar
. A
single instance of a Key
can be used for both a PrivateJar
and a
SignedJar
simultaneously with no notable security implications.
Implementations§
Source§impl Key
impl Key
Sourcepub fn from(key: &[u8]) -> Key
pub fn from(key: &[u8]) -> Key
Creates a new Key
from a 512-bit cryptographically random string.
The supplied key must be at least 512-bits (64 bytes). For security, the master key must be cryptographically random.
§Panics
Panics if key
is less than 64 bytes in length.
For a non-panicking version, use Key::try_from()
or generate a key with
Key::generate()
or Key::try_generate()
.
§Example
use cookie::Key;
let key = { /* a cryptographically random key >= 64 bytes */ };
let key = Key::from(key);
Sourcepub fn derive_from(master_key: &[u8]) -> Key
Available on crate feature key-expansion
only.
pub fn derive_from(master_key: &[u8]) -> Key
key-expansion
only.Derives new signing/encryption keys from a master key.
The master key must be at least 256-bits (32 bytes). For security, the master key must be cryptographically random. The keys are derived deterministically from the master key.
§Panics
Panics if key
is less than 32 bytes in length.
§Example
use cookie::Key;
let master_key = { /* a cryptographically random key >= 32 bytes */ };
let key = Key::derive_from(master_key);
Sourcepub fn generate() -> Key
pub fn generate() -> Key
Generates signing/encryption keys from a secure, random source. Keys are generated nondeterministically.
§Panics
Panics if randomness cannot be retrieved from the operating system. See
Key::try_generate()
for a non-panicking version.
§Example
use cookie::Key;
let key = Key::generate();
Sourcepub fn try_generate() -> Option<Key>
pub fn try_generate() -> Option<Key>
Attempts to generate signing/encryption keys from a secure, random
source. Keys are generated nondeterministically. If randomness cannot be
retrieved from the underlying operating system, returns None
.
§Example
use cookie::Key;
let key = Key::try_generate();
Sourcepub fn signing(&self) -> &[u8] ⓘ
pub fn signing(&self) -> &[u8] ⓘ
Returns the raw bytes of a key suitable for signing cookies. Guaranteed to be at least 32 bytes.
§Example
use cookie::Key;
let key = Key::generate();
let signing_key = key.signing();
Sourcepub fn encryption(&self) -> &[u8] ⓘ
pub fn encryption(&self) -> &[u8] ⓘ
Returns the raw bytes of a key suitable for encrypting cookies. Guaranteed to be at least 32 bytes.
§Example
use cookie::Key;
let key = Key::generate();
let encryption_key = key.encryption();
Trait Implementations§
Source§impl TryFrom<&[u8]> for Key
impl TryFrom<&[u8]> for Key
Source§fn try_from(key: &[u8]) -> Result<Key, <Key as TryFrom<&[u8]>>::Error>
fn try_from(key: &[u8]) -> Result<Key, <Key as TryFrom<&[u8]>>::Error>
A fallible version of Key::from()
.
Succeeds when Key::from()
succeds and returns an error where
Key::from()
panics, namely, if key
is too short.
§Example
use cookie::Key;
let key = { /* a cryptographically random key >= 64 bytes */ };
assert!(Key::try_from(key).is_ok());
// A key that's far too short to use.
let key = &[1, 2, 3, 4][..];
assert!(Key::try_from(key).is_err());