#[non_exhaustive]
pub enum JsonWebKey<'a> { Rsa { modulus: Cow<'a, [u8]>, public_exponent: Cow<'a, [u8]>, private_parts: Option<RsaPrivateParts<'a>>, }, EllipticCurve { curve: Cow<'a, str>, x: Cow<'a, [u8]>, y: Cow<'a, [u8]>, secret: Option<SecretBytes<'a>>, }, Symmetric { secret: SecretBytes<'a>, }, KeyPair { curve: Cow<'a, str>, x: Cow<'a, [u8]>, secret: Option<SecretBytes<'a>>, }, }
Expand description

Basic JWK functionality: (de)serialization and creating thumbprints.

See RFC 7518 for the details about the fields for various key types.

Self::thumbprint() and the Display implementation allow to get the overall presentation of the key. The latter returns JSON serialization of the key with fields ordered alphabetically. That is, this output for verifying keys can be used to compute key thumbprints.

Serialization

For human-readable formats (e.g., JSON, TOML, YAML), byte fields in JsonWebKey and embedded types (SecretBytes, RsaPrivateParts, RsaPrimeFactor) will be serialized in base64-url encoding with no padding, as per the JWK spec. For other formats (e.g., CBOR), byte fields will be serialized as byte sequences.

Because of the limitations of the CBOR support in serde, a JsonWebKey serialized in CBOR is not compliant with the CBOR Object Signing and Encryption spec (COSE). It can still be a good way to decrease the serialized key size.

Conversions

A JWK can be obtained from signing and verifying keys defined in the alg module via From / Into traits. Conversion from a JWK to a specific key is fallible and can be performed via TryFrom with JwkError as an error type.

As a part of conversion for asymmetric signing keys, it is checked whether the signing and verifying parts of the JWK match; JwkError::MismatchedKeys is returned otherwise. This check is not performed for verifying keys even if the necessary data is present in the provided JWK.

Warning. Conversions for private RSA keys are not fully compliant with RFC 7518. See the docs for the relevant impls for more details.

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

Rsa

Fields

§modulus: Cow<'a, [u8]>

Key modulus (n).

§public_exponent: Cow<'a, [u8]>

Public exponent (e).

§private_parts: Option<RsaPrivateParts<'a>>

Private RSA parameters. Only present for private keys.

Public or private RSA key. Has kty field set to RSA.

§

EllipticCurve

Fields

§curve: Cow<'a, str>

Curve name (crv), such as secp256k1.

§x: Cow<'a, [u8]>

x coordinate of the curve point.

§y: Cow<'a, [u8]>

y coordinate of the curve point.

§secret: Option<SecretBytes<'a>>

Secret scalar (d); not present for public keys.

Public or private key in an ECDSA crypto system. Has kty field set to EC.

§

Symmetric

Fields

§secret: SecretBytes<'a>

Bytes representing this key.

Generic symmetric key, e.g. for HS256 algorithm. Has kty field set to oct.

§

KeyPair

Fields

§curve: Cow<'a, str>

Curve name (crv), such as Ed25519.

§x: Cow<'a, [u8]>

Public key. For Ed25519, this is the standard 32-byte public key presentation (x coordinate of a point on the curve + sign).

§secret: Option<SecretBytes<'a>>

Secret key (d). For Ed25519, this is the seed.

Generic asymmetric keypair. This key type is used e.g. for Ed25519 keys.

Implementations§

source§

impl JsonWebKey<'_>

source

pub fn key_type(&self) -> KeyType

Gets the type of this key.

source

pub fn is_signing_key(&self) -> bool

Returns true if this key can be used for signing (has SecretBytes fields).

source

pub fn to_verifying_key(&self) -> Self

Returns a copy of this key with parts not necessary for signature verification removed.

source

pub fn thumbprint<D: Digest>(&self) -> Output<D>

Computes a thumbprint of this JWK. The result complies with the key thumbprint defined in RFC 7638.

Trait Implementations§

source§

impl<'a> Clone for JsonWebKey<'a>

source§

fn clone(&self) -> JsonWebKey<'a>

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl<'a> Debug for JsonWebKey<'a>

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl<'de, 'a> Deserialize<'de> for JsonWebKey<'a>

source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
source§

impl Display for JsonWebKey<'_>

source§

fn fmt(&self, formatter: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl<'a> From<&'a Hs256Key> for JsonWebKey<'a>

source§

fn from(key: &'a Hs256Key) -> JsonWebKey<'a>

Converts to this type from the input type.
source§

impl<'a> From<&'a Hs384Key> for JsonWebKey<'a>

source§

fn from(key: &'a Hs384Key) -> JsonWebKey<'a>

Converts to this type from the input type.
source§

impl<'a> From<&'a Hs512Key> for JsonWebKey<'a>

source§

fn from(key: &'a Hs512Key) -> JsonWebKey<'a>

Converts to this type from the input type.
source§

impl<'a> From<&'a PublicKey> for JsonWebKey<'a>

source§

fn from(key: &'a PublicKey) -> JsonWebKey<'a>

Converts to this type from the input type.
source§

impl<'a> From<&'a PublicKey> for JsonWebKey<'a>

source§

fn from(key: &'a PublicKey) -> JsonWebKey<'a>

Converts to this type from the input type.
source§

impl<'a> From<&'a RsaPrivateKey> for JsonWebKey<'a>

Warning. Contrary to RFC 7518, this implementation does not set dp, dq, and qi fields in the JWK root object, as well as d and t fields for additional factors (i.e., in the oth array).

source§

fn from(key: &'a RsaPrivateKey) -> JsonWebKey<'a>

Converts to this type from the input type.
source§

impl<'a> From<&'a RsaPublicKey> for JsonWebKey<'a>

source§

fn from(key: &'a RsaPublicKey) -> JsonWebKey<'a>

Converts to this type from the input type.
source§

impl<'a> From<&'a SecretKey> for JsonWebKey<'a>

source§

fn from(key: &'a SecretKey) -> JsonWebKey<'a>

Converts to this type from the input type.
source§

impl<'a> From<&'a SecretKey> for JsonWebKey<'a>

source§

fn from(key: &'a SecretKey) -> JsonWebKey<'a>

Converts to this type from the input type.
source§

impl<'a> From<&'a SigningKey<NistP256>> for JsonWebKey<'a>

source§

fn from(key: &'a SigningKey) -> JsonWebKey<'a>

Converts to this type from the input type.
source§

impl<'a> From<&'a VerifyingKey<NistP256>> for JsonWebKey<'a>

source§

fn from(key: &'a VerifyingKey) -> JsonWebKey<'a>

Converts to this type from the input type.
source§

impl<'a> PartialEq for JsonWebKey<'a>

source§

fn eq(&self, other: &JsonWebKey<'a>) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl<'a> Serialize for JsonWebKey<'a>

source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
source§

impl TryFrom<&JsonWebKey<'_>> for Hs256Key

§

type Error = JwkError

The type returned in the event of a conversion error.
source§

fn try_from(jwk: &JsonWebKey<'_>) -> Result<Self, Self::Error>

Performs the conversion.
source§

impl TryFrom<&JsonWebKey<'_>> for Hs384Key

§

type Error = JwkError

The type returned in the event of a conversion error.
source§

fn try_from(jwk: &JsonWebKey<'_>) -> Result<Self, Self::Error>

Performs the conversion.
source§

impl TryFrom<&JsonWebKey<'_>> for Hs512Key

§

type Error = JwkError

The type returned in the event of a conversion error.
source§

fn try_from(jwk: &JsonWebKey<'_>) -> Result<Self, Self::Error>

Performs the conversion.
source§

impl TryFrom<&JsonWebKey<'_>> for PublicKey

§

type Error = JwkError

The type returned in the event of a conversion error.
source§

fn try_from(jwk: &JsonWebKey<'_>) -> Result<Self, Self::Error>

Performs the conversion.
source§

impl TryFrom<&JsonWebKey<'_>> for PublicKey

§

type Error = JwkError

The type returned in the event of a conversion error.
source§

fn try_from(jwk: &JsonWebKey<'_>) -> Result<Self, Self::Error>

Performs the conversion.
source§

impl TryFrom<&JsonWebKey<'_>> for RsaPrivateKey

Warning. Contrary to RFC 7518 (at least, in spirit), this conversion ignores dp, dq, and qi fields from JWK, as well as d and t fields for additional factors.

§

type Error = JwkError

The type returned in the event of a conversion error.
source§

fn try_from(jwk: &JsonWebKey<'_>) -> Result<Self, Self::Error>

Performs the conversion.
source§

impl TryFrom<&JsonWebKey<'_>> for RsaPublicKey

§

type Error = JwkError

The type returned in the event of a conversion error.
source§

fn try_from(jwk: &JsonWebKey<'_>) -> Result<Self, Self::Error>

Performs the conversion.
source§

impl TryFrom<&JsonWebKey<'_>> for SecretKey

§

type Error = JwkError

The type returned in the event of a conversion error.
source§

fn try_from(jwk: &JsonWebKey<'_>) -> Result<Self, Self::Error>

Performs the conversion.
source§

impl TryFrom<&JsonWebKey<'_>> for SecretKey

§

type Error = JwkError

The type returned in the event of a conversion error.
source§

fn try_from(jwk: &JsonWebKey<'_>) -> Result<Self, Self::Error>

Performs the conversion.
source§

impl TryFrom<&JsonWebKey<'_>> for SigningKey

§

type Error = JwkError

The type returned in the event of a conversion error.
source§

fn try_from(jwk: &JsonWebKey<'_>) -> Result<Self, Self::Error>

Performs the conversion.
source§

impl TryFrom<&JsonWebKey<'_>> for VerifyingKey

§

type Error = JwkError

The type returned in the event of a conversion error.
source§

fn try_from(jwk: &JsonWebKey<'_>) -> Result<Self, Self::Error>

Performs the conversion.
source§

impl<'a> StructuralPartialEq for JsonWebKey<'a>

Auto Trait Implementations§

§

impl<'a> RefUnwindSafe for JsonWebKey<'a>

§

impl<'a> Send for JsonWebKey<'a>

§

impl<'a> Sync for JsonWebKey<'a>

§

impl<'a> Unpin for JsonWebKey<'a>

§

impl<'a> UnwindSafe for JsonWebKey<'a>

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T> ToString for T
where T: Display + ?Sized,

source§

default fn to_string(&self) -> String

Converts the given value to a String. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,