Enum jwt_compact::jwk::JsonWebKey
source · #[non_exhaustive]pub enum JsonWebKey<'a> {
Rsa {
modulus: Cow<'a, [u8]>,
public_exponent: Cow<'a, [u8]>,
private_parts: Option<RsaPrivateParts<'a>>,
},
EllipticCurve {
curve: Cow<'a, str>,
x: Cow<'a, [u8]>,
y: Cow<'a, [u8]>,
secret: Option<SecretBytes<'a>>,
},
Symmetric {
secret: SecretBytes<'a>,
},
KeyPair {
curve: Cow<'a, str>,
x: Cow<'a, [u8]>,
secret: Option<SecretBytes<'a>>,
},
}
Expand description
Basic JWK functionality: (de)serialization and creating thumbprints.
See RFC 7518 for the details about the fields for various key types.
Self::thumbprint()
and the Display
implementation
allow to get the overall presentation of the key. The latter returns JSON serialization
of the key with fields ordered alphabetically. That is, this output for verifying keys
can be used to compute key thumbprints.
Serialization
For human-readable formats (e.g., JSON, TOML, YAML), byte fields in JsonWebKey
and embedded types (SecretBytes
, RsaPrivateParts
, RsaPrimeFactor
) will be
serialized in base64-url encoding with no padding, as per the JWK spec.
For other formats (e.g., CBOR), byte fields will be serialized as byte sequences.
Because of the limitations
of the CBOR support in serde
, a JsonWebKey
serialized in CBOR is not compliant
with the CBOR Object Signing and Encryption spec (COSE). It can still be a good
way to decrease the serialized key size.
Conversions
A JWK can be obtained from signing and verifying keys defined in the alg
module via From
/ Into
traits. Conversion from a JWK to a specific key is fallible
and can be performed via TryFrom
with JwkError
as an error
type.
As a part of conversion for asymmetric signing keys, it is checked whether
the signing and verifying parts of the JWK match; JwkError::MismatchedKeys
is returned
otherwise. This check is not performed for verifying keys even if the necessary data
is present in the provided JWK.
⚠ Warning. Conversions for private RSA keys are not fully compliant with RFC 7518.
See the docs for the relevant impl
s for more details.
Variants (Non-exhaustive)§
This enum is marked as non-exhaustive
Rsa
Fields
private_parts: Option<RsaPrivateParts<'a>>
Private RSA parameters. Only present for private keys.
Public or private RSA key. Has kty
field set to RSA
.
EllipticCurve
Fields
secret: Option<SecretBytes<'a>>
Secret scalar (d
); not present for public keys.
Public or private key in an ECDSA crypto system. Has kty
field set to EC
.
Symmetric
Fields
secret: SecretBytes<'a>
Bytes representing this key.
Generic symmetric key, e.g. for HS256
algorithm. Has kty
field set to oct
.
KeyPair
Fields
x: Cow<'a, [u8]>
Public key. For Ed25519, this is the standard 32-byte public key presentation
(x
coordinate of a point on the curve + sign).
secret: Option<SecretBytes<'a>>
Secret key (d
). For Ed25519, this is the seed.
Generic asymmetric keypair. This key type is used e.g. for Ed25519 keys.
Implementations§
source§impl JsonWebKey<'_>
impl JsonWebKey<'_>
sourcepub fn is_signing_key(&self) -> bool
pub fn is_signing_key(&self) -> bool
Returns true
if this key can be used for signing (has SecretBytes
fields).
sourcepub fn to_verifying_key(&self) -> Self
pub fn to_verifying_key(&self) -> Self
Returns a copy of this key with parts not necessary for signature verification removed.
sourcepub fn thumbprint<D: Digest>(&self) -> Output<D>
pub fn thumbprint<D: Digest>(&self) -> Output<D>
Computes a thumbprint of this JWK. The result complies with the key thumbprint defined in RFC 7638.
Trait Implementations§
source§impl<'a> Clone for JsonWebKey<'a>
impl<'a> Clone for JsonWebKey<'a>
source§fn clone(&self) -> JsonWebKey<'a>
fn clone(&self) -> JsonWebKey<'a>
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl<'a> Debug for JsonWebKey<'a>
impl<'a> Debug for JsonWebKey<'a>
source§impl<'de, 'a> Deserialize<'de> for JsonWebKey<'a>
impl<'de, 'a> Deserialize<'de> for JsonWebKey<'a>
source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
source§impl Display for JsonWebKey<'_>
impl Display for JsonWebKey<'_>
source§impl<'a> From<&'a Hs256Key> for JsonWebKey<'a>
impl<'a> From<&'a Hs256Key> for JsonWebKey<'a>
source§fn from(key: &'a Hs256Key) -> JsonWebKey<'a>
fn from(key: &'a Hs256Key) -> JsonWebKey<'a>
source§impl<'a> From<&'a Hs384Key> for JsonWebKey<'a>
impl<'a> From<&'a Hs384Key> for JsonWebKey<'a>
source§fn from(key: &'a Hs384Key) -> JsonWebKey<'a>
fn from(key: &'a Hs384Key) -> JsonWebKey<'a>
source§impl<'a> From<&'a Hs512Key> for JsonWebKey<'a>
impl<'a> From<&'a Hs512Key> for JsonWebKey<'a>
source§fn from(key: &'a Hs512Key) -> JsonWebKey<'a>
fn from(key: &'a Hs512Key) -> JsonWebKey<'a>
source§impl<'a> From<&'a PublicKey> for JsonWebKey<'a>
impl<'a> From<&'a PublicKey> for JsonWebKey<'a>
source§fn from(key: &'a PublicKey) -> JsonWebKey<'a>
fn from(key: &'a PublicKey) -> JsonWebKey<'a>
source§impl<'a> From<&'a PublicKey> for JsonWebKey<'a>
impl<'a> From<&'a PublicKey> for JsonWebKey<'a>
source§fn from(key: &'a PublicKey) -> JsonWebKey<'a>
fn from(key: &'a PublicKey) -> JsonWebKey<'a>
source§impl<'a> From<&'a RsaPrivateKey> for JsonWebKey<'a>
impl<'a> From<&'a RsaPrivateKey> for JsonWebKey<'a>
⚠ Warning. Contrary to RFC 7518, this implementation does not set dp
, dq
, and qi
fields in the JWK root object, as well as d
and t
fields for additional factors
(i.e., in the oth
array).
source§fn from(key: &'a RsaPrivateKey) -> JsonWebKey<'a>
fn from(key: &'a RsaPrivateKey) -> JsonWebKey<'a>
source§impl<'a> From<&'a RsaPublicKey> for JsonWebKey<'a>
impl<'a> From<&'a RsaPublicKey> for JsonWebKey<'a>
source§fn from(key: &'a RsaPublicKey) -> JsonWebKey<'a>
fn from(key: &'a RsaPublicKey) -> JsonWebKey<'a>
source§impl<'a> From<&'a SecretKey> for JsonWebKey<'a>
impl<'a> From<&'a SecretKey> for JsonWebKey<'a>
source§fn from(key: &'a SecretKey) -> JsonWebKey<'a>
fn from(key: &'a SecretKey) -> JsonWebKey<'a>
source§impl<'a> From<&'a SecretKey> for JsonWebKey<'a>
impl<'a> From<&'a SecretKey> for JsonWebKey<'a>
source§fn from(key: &'a SecretKey) -> JsonWebKey<'a>
fn from(key: &'a SecretKey) -> JsonWebKey<'a>
source§impl<'a> From<&'a SigningKey<NistP256>> for JsonWebKey<'a>
impl<'a> From<&'a SigningKey<NistP256>> for JsonWebKey<'a>
source§fn from(key: &'a SigningKey) -> JsonWebKey<'a>
fn from(key: &'a SigningKey) -> JsonWebKey<'a>
source§impl<'a> From<&'a VerifyingKey<NistP256>> for JsonWebKey<'a>
impl<'a> From<&'a VerifyingKey<NistP256>> for JsonWebKey<'a>
source§fn from(key: &'a VerifyingKey) -> JsonWebKey<'a>
fn from(key: &'a VerifyingKey) -> JsonWebKey<'a>
source§impl<'a> PartialEq for JsonWebKey<'a>
impl<'a> PartialEq for JsonWebKey<'a>
source§fn eq(&self, other: &JsonWebKey<'a>) -> bool
fn eq(&self, other: &JsonWebKey<'a>) -> bool
self
and other
values to be equal, and is used
by ==
.source§impl<'a> Serialize for JsonWebKey<'a>
impl<'a> Serialize for JsonWebKey<'a>
source§impl TryFrom<&JsonWebKey<'_>> for Hs256Key
impl TryFrom<&JsonWebKey<'_>> for Hs256Key
source§impl TryFrom<&JsonWebKey<'_>> for Hs384Key
impl TryFrom<&JsonWebKey<'_>> for Hs384Key
source§impl TryFrom<&JsonWebKey<'_>> for Hs512Key
impl TryFrom<&JsonWebKey<'_>> for Hs512Key
source§impl TryFrom<&JsonWebKey<'_>> for PublicKey
impl TryFrom<&JsonWebKey<'_>> for PublicKey
source§impl TryFrom<&JsonWebKey<'_>> for PublicKey
impl TryFrom<&JsonWebKey<'_>> for PublicKey
source§impl TryFrom<&JsonWebKey<'_>> for RsaPrivateKey
impl TryFrom<&JsonWebKey<'_>> for RsaPrivateKey
⚠ Warning. Contrary to RFC 7518 (at least, in spirit), this conversion ignores
dp
, dq
, and qi
fields from JWK, as well as d
and t
fields for additional factors.