Struct jwt_compact::alg::Rsa
source · pub struct Rsa { /* private fields */ }
Available on crate feature
rsa
only.Expand description
Integrity algorithm using RSA digital signatures.
Depending on the variation, the algorithm employs PKCS#1 v1.5 or PSS padding and
one of the hash functions from the SHA-2 family: SHA-256, SHA-384, or SHA-512.
See RFC 7518 for more details. Depending on the chosen parameters,
the name of the algorithm is one of RS256
, RS384
, RS512
, PS256
, PS384
, PS512
:
R
/P
denote the padding scheme: PKCS#1 v1.5 forR
, PSS forP
256
/384
/512
denote the hash function
The length of RSA keys is not unequivocally specified by the algorithm; nevertheless,
it MUST be at least 2048 bits as per RFC 7518. To minimize risks of misconfiguration,
use StrongAlg
wrapper around Rsa
:
const ALG: StrongAlg<Rsa> = StrongAlg(Rsa::rs256());
// `ALG` will not support RSA keys with unsecure lengths by design!
Implementations§
Trait Implementations§
source§impl Algorithm for Rsa
impl Algorithm for Rsa
§type SigningKey = RsaPrivateKey
type SigningKey = RsaPrivateKey
Key used when issuing new tokens.
§type VerifyingKey = RsaPublicKey
type VerifyingKey = RsaPublicKey
Key used when verifying tokens. May coincide with
Self::SigningKey
for symmetric
algorithms (e.g., HS*
).§type Signature = RsaSignature
type Signature = RsaSignature
Signature produced by the algorithm.
source§fn name(&self) -> Cow<'static, str>
fn name(&self) -> Cow<'static, str>
Returns the name of this algorithm, as mentioned in the
alg
field of the JWT header.source§fn sign(
&self,
signing_key: &Self::SigningKey,
message: &[u8]
) -> Self::Signature
fn sign( &self, signing_key: &Self::SigningKey, message: &[u8] ) -> Self::Signature
Signs a
message
with the signing_key
.source§fn verify_signature(
&self,
signature: &Self::Signature,
verifying_key: &Self::VerifyingKey,
message: &[u8]
) -> bool
fn verify_signature( &self, signature: &Self::Signature, verifying_key: &Self::VerifyingKey, message: &[u8] ) -> bool
Verifies the
message
against the signature
and verifying_key
.impl Copy for Rsa
impl Eq for Rsa
impl StructuralEq for Rsa
impl StructuralPartialEq for Rsa
Auto Trait Implementations§
impl RefUnwindSafe for Rsa
impl Send for Rsa
impl Sync for Rsa
impl Unpin for Rsa
impl UnwindSafe for Rsa
Blanket Implementations§
source§impl<A> AlgorithmExt for Awhere
A: Algorithm,
impl<A> AlgorithmExt for Awhere
A: Algorithm,
source§fn token<T>(
&self,
header: &Header<impl Serialize>,
claims: &Claims<T>,
signing_key: &<A as Algorithm>::SigningKey
) -> Result<String, CreationError>where
T: Serialize,
fn token<T>(
&self,
header: &Header<impl Serialize>,
claims: &Claims<T>,
signing_key: &<A as Algorithm>::SigningKey
) -> Result<String, CreationError>where
T: Serialize,
Creates a new token and serializes it to string.
source§fn compact_token<T>(
&self,
header: &Header<impl Serialize>,
claims: &Claims<T>,
signing_key: &<A as Algorithm>::SigningKey
) -> Result<String, CreationError>where
T: Serialize,
fn compact_token<T>(
&self,
header: &Header<impl Serialize>,
claims: &Claims<T>,
signing_key: &<A as Algorithm>::SigningKey
) -> Result<String, CreationError>where
T: Serialize,
Available on crate feature
ciborium
only.Creates a new token with CBOR-encoded claims and serializes it to string.
source§fn validator<T, 'a>(
&'a self,
verifying_key: &'a <A as Algorithm>::VerifyingKey
) -> Validator<'a, A, T>
fn validator<T, 'a>( &'a self, verifying_key: &'a <A as Algorithm>::VerifyingKey ) -> Validator<'a, A, T>
Creates a JWT validator for the specified verifying key and the claims type.
The validator can then be used to validate integrity of one or more tokens.
source§fn validate_integrity<T>(
&self,
token: &UntrustedToken<'_>,
verifying_key: &<A as Algorithm>::VerifyingKey
) -> Result<Token<T>, ValidationError>where
T: DeserializeOwned,
fn validate_integrity<T>(
&self,
token: &UntrustedToken<'_>,
verifying_key: &<A as Algorithm>::VerifyingKey
) -> Result<Token<T>, ValidationError>where
T: DeserializeOwned,
👎Deprecated: Use
.validator().validate()
for added flexibilityValidates the token integrity against the provided
verifying_key
.source§fn validate_for_signed_token<T>(
&self,
token: &UntrustedToken<'_>,
verifying_key: &<A as Algorithm>::VerifyingKey
) -> Result<SignedToken<A, T>, ValidationError>where
T: DeserializeOwned,
fn validate_for_signed_token<T>(
&self,
token: &UntrustedToken<'_>,
verifying_key: &<A as Algorithm>::VerifyingKey
) -> Result<SignedToken<A, T>, ValidationError>where
T: DeserializeOwned,
👎Deprecated: Use
.validator().validate_for_signed_token()
for added flexibilityValidates the token integrity against the provided
verifying_key
. Read moresource§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more