Struct elliptic_curve::SecretKey

pub struct SecretKey<C: Curve> { /* private fields */ }

Elliptic curve secret keys.

This type wraps a secret scalar value, helping to prevent accidental exposure and securely erasing the value from memory when dropped.

Parsing PKCS#8 Keys

PKCS#8 is a commonly used format for encoding secret keys (especially ones generated by OpenSSL).

Keys in PKCS#8 format are either binary (ASN.1 BER/DER), or PEM encoded (ASCII) and begin with the following:

-----BEGIN PRIVATE KEY-----

To decode an elliptic curve private key from PKCS#8, enable the pkcs8 feature of this crate (or the pkcs8 feature of a specific RustCrypto elliptic curve crate) and use the elliptic_curve::pkcs8::DecodePrivateKey trait to parse it.

When the pem feature of this crate (or a specific RustCrypto elliptic curve crate) is enabled, a FromStr impl is also available.

Implementations

impl<C> SecretKey<C> where
    C: Curve, 

pub fn random(rng: impl CryptoRng + RngCore) -> Self where
    C: ProjectiveArithmetic, 

This is supported on crate feature arithmetic only.

Generate a random SecretKey.

pub fn new(scalar: ScalarCore<C>) -> Self

Create a new secret key from a scalar value.

pub fn as_scalar_core(&self) -> &ScalarCore<C>

Borrow the inner secret ScalarCore value.

⚠️ Warning

This value is key material.

Please treat it with the care it deserves!

pub fn to_nonzero_scalar(&self) -> NonZeroScalar<C> where
    C: Curve + ProjectiveArithmetic, 

This is supported on crate feature arithmetic only.

Get the secret NonZeroScalar value for this key.

⚠️ Warning

This value is key material.

Please treat it with the care it deserves!

pub fn public_key(&self) -> PublicKey<C> where
    C: Curve + ProjectiveArithmetic, 

This is supported on crate feature arithmetic only.

Get the PublicKey which corresponds to this secret key

pub fn from_be_bytes(bytes: &[u8]) -> Result<Self>

Deserialize raw secret scalar as a big endian integer.

pub fn to_be_bytes(&self) -> FieldBytes<C>

Serialize raw secret scalar as a big endian integer.

pub fn from_sec1_der(der_bytes: &[u8]) -> Result<Self> where
    C: Curve + ValidatePublicKey,
    FieldSize<C>: ModulusSize, 

This is supported on crate feature sec1 only.

Deserialize secret key encoded in the SEC1 ASN.1 DER ECPrivateKey format.

pub fn to_sec1_der(&self) -> Result<Zeroizing<Vec<u8>>> where
    C: Curve + ProjectiveArithmetic,
    AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
    FieldSize<C>: ModulusSize, 

This is supported on crate features alloc and arithmetic and sec1 only.

Serialize secret key in the SEC1 ASN.1 DER ECPrivateKey format.

pub fn from_sec1_pem(s: &str) -> Result<Self> where
    C: Curve + ValidatePublicKey,
    FieldSize<C>: ModulusSize, 

This is supported on crate feature pem only.

Parse SecretKey from PEM-encoded SEC1 ECPrivateKey format.

PEM-encoded SEC1 keys can be identified by the leading delimiter:

-----BEGIN EC PRIVATE KEY-----

pub fn to_pem(&self, line_ending: LineEnding) -> Result<Zeroizing<String>> where
    C: Curve + ProjectiveArithmetic,
    AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
    FieldSize<C>: ModulusSize, 

This is supported on crate feature pem only.

Serialize private key as self-zeroizing PEM-encoded SEC1 ECPrivateKey with the given pem::LineEnding.

Pass Default::default() to use the OS’s native line endings.

pub fn from_jwk(jwk: &JwkEcKey) -> Result<Self> where
    C: JwkParameters + ValidatePublicKey,
    FieldSize<C>: ModulusSize, 

This is supported on crate feature jwk only.

Parse a JwkEcKey JSON Web Key (JWK) into a SecretKey.

pub fn from_jwk_str(jwk: &str) -> Result<Self> where
    C: JwkParameters + ValidatePublicKey,
    FieldSize<C>: ModulusSize, 

This is supported on crate feature jwk only.

Parse a string containing a JSON Web Key (JWK) into a SecretKey.

pub fn to_jwk(&self) -> JwkEcKey where
    C: Curve + JwkParameters + ProjectiveArithmetic,
    AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
    FieldSize<C>: ModulusSize, 

This is supported on crate features arithmetic and jwk only.

Serialize this secret key as JwkEcKey JSON Web Key (JWK).

pub fn to_jwk_string(&self) -> Zeroizing<String> where
    C: Curve + JwkParameters + ProjectiveArithmetic,
    AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
    FieldSize<C>: ModulusSize, 

This is supported on crate features arithmetic and jwk only.

Serialize this secret key as JSON Web Key (JWK) string.

Trait Implementations

impl<C: Clone + Curve> Clone for SecretKey<C>

fn clone(&self) -> SecretKey<C>

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<C> ConstantTimeEq for SecretKey<C> where
    C: Curve, 

fn ct_eq(&self, other: &Self) -> Choice

Determine if two items are equal.

impl<C> Debug for SecretKey<C> where
    C: Curve, 

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<C> DecodePrivateKey for SecretKey<C> where
    C: Curve + AlgorithmParameters + ValidatePublicKey,
    FieldSize<C>: ModulusSize, 

This is supported on crate feature pkcs8 only.

fn from_pkcs8_der(bytes: &[u8]) -> Result<Self, Error>

Deserialize PKCS#8 private key from ASN.1 DER-encoded data (binary format).

fn from_pkcs8_doc(doc: &PrivateKeyDocument) -> Result<Self, Error>

Deserialize PKCS#8 private key from a PrivateKeyDocument.

fn from_pkcs8_pem(s: &str) -> Result<Self, Error>

Deserialize PKCS#8-encoded private key from PEM.

impl<C> Drop for SecretKey<C> where
    C: Curve, 

fn drop(&mut self)

Executes the destructor for this type.

impl<C> EncodePrivateKey for SecretKey<C> where
    C: Curve + AlgorithmParameters + ProjectiveArithmetic,
    AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
    FieldSize<C>: ModulusSize, 

This is supported on crate features arithmetic and pem only.

fn to_pkcs8_der(&self) -> Result<PrivateKeyDocument>

Serialize a PrivateKeyDocument containing a PKCS#8-encoded private key.

fn to_pkcs8_pem(
    &self,
    line_ending: LineEnding
) -> Result<Zeroizing<String>, Error>

Serialize this private key as PEM-encoded PKCS#8 with the given LineEnding.

impl<C> From<&'_ NonZeroScalar<C>> for SecretKey<C> where
    C: Curve + ProjectiveArithmetic, 

This is supported on crate feature arithmetic only.

fn from(scalar: &NonZeroScalar<C>) -> SecretKey<C>

Performs the conversion.

impl<C> From<&'_ SecretKey<C>> for NonZeroScalar<C> where
    C: Curve + ScalarArithmetic, 

fn from(sk: &SecretKey<C>) -> NonZeroScalar<C>

Performs the conversion.

impl<C> From<&'_ SecretKey<C>> for JwkEcKey where
    C: Curve + JwkParameters + ProjectiveArithmetic,
    AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
    FieldSize<C>: ModulusSize, 

This is supported on crate features arithmetic and jwk only.

fn from(sk: &SecretKey<C>) -> JwkEcKey

Performs the conversion.

impl<C> From<NonZeroScalar<C>> for SecretKey<C> where
    C: Curve + ProjectiveArithmetic, 

This is supported on crate feature arithmetic only.

fn from(scalar: NonZeroScalar<C>) -> SecretKey<C>

Performs the conversion.

impl<C> From<SecretKey<C>> for NonZeroScalar<C> where
    C: Curve + ScalarArithmetic, 

fn from(sk: SecretKey<C>) -> NonZeroScalar<C>

Performs the conversion.

impl<C> From<SecretKey<C>> for JwkEcKey where
    C: Curve + JwkParameters + ProjectiveArithmetic,
    AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
    FieldSize<C>: ModulusSize, 

This is supported on crate features arithmetic and jwk only.

fn from(sk: SecretKey<C>) -> JwkEcKey

Performs the conversion.

impl<C> FromStr for SecretKey<C> where
    C: Curve + AlgorithmParameters + ValidatePublicKey,
    FieldSize<C>: ModulusSize, 

This is supported on crate feature pem only.

type Err = Error

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<Self>

Parses a string s to return a value of this type.

impl<C> PartialEq<SecretKey<C>> for SecretKey<C> where
    C: Curve, 

fn eq(&self, other: &Self) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl<C> TryFrom<&'_ JwkEcKey> for SecretKey<C> where
    C: Curve + JwkParameters + ValidatePublicKey,
    FieldSize<C>: ModulusSize, 

This is supported on crate feature jwk only.

type Error = Error

The type returned in the event of a conversion error.

fn try_from(jwk: &JwkEcKey) -> Result<SecretKey<C>>

Performs the conversion.

impl<C> TryFrom<EcPrivateKey<'_>> for SecretKey<C> where
    C: Curve + ValidatePublicKey,
    FieldSize<C>: ModulusSize, 

This is supported on crate feature sec1 only.

type Error = Error

The type returned in the event of a conversion error.

fn try_from(sec1_private_key: EcPrivateKey<'_>) -> Result<Self>

Performs the conversion.

impl<C> TryFrom<JwkEcKey> for SecretKey<C> where
    C: Curve + JwkParameters + ValidatePublicKey,
    FieldSize<C>: ModulusSize, 

This is supported on crate feature jwk only.

type Error = Error

The type returned in the event of a conversion error.

fn try_from(jwk: JwkEcKey) -> Result<SecretKey<C>>

Performs the conversion.

impl<C> TryFrom<PrivateKeyInfo<'_>> for SecretKey<C> where
    C: Curve + AlgorithmParameters + ValidatePublicKey,
    FieldSize<C>: ModulusSize, 

This is supported on crate feature pkcs8 only.

type Error = Error

The type returned in the event of a conversion error.

fn try_from(private_key_info: PrivateKeyInfo<'_>) -> Result<Self>

Performs the conversion.

impl<C: Curve> Eq for SecretKey<C>