Struct jwt_compact::alg::Rsa

pub struct Rsa { /* private fields */ }

Available on crate feature rsa only.

Integrity algorithm using RSA digital signatures.

Depending on the variation, the algorithm employs PKCS#1 v1.5 or PSS padding and one of the hash functions from the SHA-2 family: SHA-256, SHA-384, or SHA-512. See RFC 7518 for more details. Depending on the chosen parameters, the name of the algorithm is one of RS256, RS384, RS512, PS256, PS384, PS512:

• R / P denote the padding scheme: PKCS#1 v1.5 for R, PSS for P
• 256 / 384 / 512 denote the hash function

The length of RSA keys is not unequivocally specified by the algorithm; nevertheless, it MUST be at least 2048 bits as per RFC 7518. To minimize risks of misconfiguration, use StrongAlg wrapper around Rsa:

const ALG: StrongAlg<Rsa> = StrongAlg(Rsa::rs256());
// `ALG` will not support RSA keys with unsecure lengths by design!

Implementations

impl Rsa

pub const fn rs256() -> Rsa

RSA with SHA-256 and PKCS#1 v1.5 padding.

pub const fn rs384() -> Rsa

RSA with SHA-384 and PKCS#1 v1.5 padding.

pub const fn rs512() -> Rsa

RSA with SHA-512 and PKCS#1 v1.5 padding.

pub const fn ps256() -> Rsa

RSA with SHA-256 and PSS padding.

pub const fn ps384() -> Rsa

RSA with SHA-384 and PSS padding.

pub const fn ps512() -> Rsa

RSA with SHA-512 and PSS padding.

pub fn with_name(name: &str) -> Self

RSA based on the specified algorithm name.

Panics

• Panics if the name is not one of the six RSA-based JWS algorithms. Prefer using the FromStr trait if the conversion is potentially fallible.

pub fn generate<R: CryptoRng + RngCore>( rng: &mut R, modulus_bits: ModulusBits ) -> Result<(StrongKey<RsaPrivateKey>, StrongKey<RsaPublicKey>)>

Generates a new key pair with the specified modulus bit length (aka key length).

Trait Implementations

impl Algorithm for Rsa

type SigningKey = RsaPrivateKey

Key used when issuing new tokens.

type VerifyingKey = RsaPublicKey

Key used when verifying tokens. May coincide with Self::SigningKey for symmetric algorithms (e.g., HS*).

type Signature = RsaSignature

Signature produced by the algorithm.

fn name(&self) -> Cow<'static, str>

Returns the name of this algorithm, as mentioned in the alg field of the JWT header.

fn sign( &self, signing_key: &Self::SigningKey, message: &[u8] ) -> Self::Signature

Signs a message with the signing_key.

fn verify_signature( &self, signature: &Self::Signature, verifying_key: &Self::VerifyingKey, message: &[u8] ) -> bool

Verifies the message against the signature and verifying_key.

impl Clone for Rsa

fn clone(&self) -> Rsa

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Rsa

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl FromStr for Rsa

type Err = RsaParseError

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<Self, Self::Err>

Parses a string s to return a value of this type.

impl PartialEq for Rsa

fn eq(&self, other: &Rsa) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Copy for Rsa

impl Eq for Rsa

impl StructuralPartialEq for Rsa