Struct jwt_compact::alg::Rsa

source · 
pub struct Rsa { /* private fields */ }
Available on crate feature rsa only.
Expand description

Integrity algorithm using RSA digital signatures.

Depending on the variation, the algorithm employs PKCS#1 v1.5 or PSS padding and one of the hash functions from the SHA-2 family: SHA-256, SHA-384, or SHA-512. See RFC 7518 for more details. Depending on the chosen parameters, the name of the algorithm is one of RS256, RS384, RS512, PS256, PS384, PS512:

  • R / P denote the padding scheme: PKCS#1 v1.5 for R, PSS for P
  • 256 / 384 / 512 denote the hash function

The length of RSA keys is not unequivocally specified by the algorithm; nevertheless, it MUST be at least 2048 bits as per RFC 7518. To minimize risks of misconfiguration, use StrongAlg wrapper around Rsa:

const ALG: StrongAlg<Rsa> = StrongAlg(Rsa::rs256());
// `ALG` will not support RSA keys with unsecure lengths by design!

Implementations§

source§

impl Rsa

source

pub const fn rs256() -> Rsa

RSA with SHA-256 and PKCS#1 v1.5 padding.

source

pub const fn rs384() -> Rsa

RSA with SHA-384 and PKCS#1 v1.5 padding.

source

pub const fn rs512() -> Rsa

RSA with SHA-512 and PKCS#1 v1.5 padding.

source

pub const fn ps256() -> Rsa

RSA with SHA-256 and PSS padding.

source

pub const fn ps384() -> Rsa

RSA with SHA-384 and PSS padding.

source

pub const fn ps512() -> Rsa

RSA with SHA-512 and PSS padding.

source

pub fn with_name(name: &str) -> Self

RSA based on the specified algorithm name.

§Panics
  • Panics if the name is not one of the six RSA-based JWS algorithms. Prefer using the FromStr trait if the conversion is potentially fallible.
source

pub fn generate<R: CryptoRng + RngCore>( rng: &mut R, modulus_bits: ModulusBits, ) -> Result<(StrongKey<RsaPrivateKey>, StrongKey<RsaPublicKey>)>

Generates a new key pair with the specified modulus bit length (aka key length).

Trait Implementations§

source§

impl Algorithm for Rsa

§

type SigningKey = RsaPrivateKey

Key used when issuing new tokens.
§

type VerifyingKey = RsaPublicKey

Key used when verifying tokens. May coincide with Self::SigningKey for symmetric algorithms (e.g., HS*).
§

type Signature = RsaSignature

Signature produced by the algorithm.
source§

fn name(&self) -> Cow<'static, str>

Returns the name of this algorithm, as mentioned in the alg field of the JWT header.
source§

fn sign( &self, signing_key: &Self::SigningKey, message: &[u8], ) -> Self::Signature

Signs a message with the signing_key.
source§

fn verify_signature( &self, signature: &Self::Signature, verifying_key: &Self::VerifyingKey, message: &[u8], ) -> bool

Verifies the message against the signature and verifying_key.
source§

impl Clone for Rsa

source§

fn clone(&self) -> Rsa

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for Rsa

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl FromStr for Rsa

§

type Err = RsaParseError

The associated error which can be returned from parsing.
source§

fn from_str(s: &str) -> Result<Self, Self::Err>

Parses a string s to return a value of this type. Read more
source§

impl PartialEq for Rsa

source§

fn eq(&self, other: &Rsa) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Copy for Rsa

source§

impl Eq for Rsa

source§

impl StructuralPartialEq for Rsa

Auto Trait Implementations§

§

impl Freeze for Rsa

§

impl RefUnwindSafe for Rsa

§

impl Send for Rsa

§

impl Sync for Rsa

§

impl Unpin for Rsa

§

impl UnwindSafe for Rsa

Blanket Implementations§

source§

impl<A> AlgorithmExt for A
where A: Algorithm,

source§

fn token<T>( &self, header: &Header<impl Serialize>, claims: &Claims<T>, signing_key: &<A as Algorithm>::SigningKey, ) -> Result<String, CreationError>
where T: Serialize,

Creates a new token and serializes it to string.
source§

fn compact_token<T>( &self, header: &Header<impl Serialize>, claims: &Claims<T>, signing_key: &<A as Algorithm>::SigningKey, ) -> Result<String, CreationError>
where T: Serialize,

Available on crate feature ciborium only.
Creates a new token with CBOR-encoded claims and serializes it to string.
source§

fn validator<'a, T>( &'a self, verifying_key: &'a <A as Algorithm>::VerifyingKey, ) -> Validator<'a, A, T>

Creates a JWT validator for the specified verifying key and the claims type. The validator can then be used to validate integrity of one or more tokens.
source§

fn validate_integrity<T>( &self, token: &UntrustedToken<'_>, verifying_key: &<A as Algorithm>::VerifyingKey, ) -> Result<Token<T>, ValidationError>
where T: DeserializeOwned,

👎Deprecated: Use .validator().validate() for added flexibility
Validates the token integrity against the provided verifying_key.
source§

fn validate_for_signed_token<T>( &self, token: &UntrustedToken<'_>, verifying_key: &<A as Algorithm>::VerifyingKey, ) -> Result<SignedToken<A, T>, ValidationError>
where T: DeserializeOwned,

👎Deprecated: Use .validator().validate_for_signed_token() for added flexibility
Validates the token integrity against the provided verifying_key. Read more
source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Copy,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

default unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V