pub struct SecretKey<C: Curve> {
inner: ScalarValue<C>,
}Expand description
Elliptic curve secret keys.
This type wraps a secret scalar value, helping to prevent accidental exposure and securely erasing the value from memory when dropped.
§Generating secret keys
SecretKeys can be generated using the Generate trait.
§Parsing PKCS#8 Keys
PKCS#8 is a commonly used format for encoding secret keys (especially ones generated by OpenSSL).
Keys in PKCS#8 format are either binary (ASN.1 BER/DER), or PEM encoded (ASCII) and begin with the following:
-----BEGIN PRIVATE KEY-----To decode an elliptic curve private key from PKCS#8, enable the pkcs8
feature of this crate (or the pkcs8 feature of a specific RustCrypto
elliptic curve crate) and use the DecodePrivateKey trait to parse it.
When the pem feature of this crate (or a specific RustCrypto elliptic
curve crate) is enabled, a FromStr impl is also available.
Fields§
§inner: ScalarValue<C>Scalar value
Implementations§
Source§impl<C> SecretKey<C>where
C: Curve,
impl<C> SecretKey<C>where
C: Curve,
Sourcepub const MIN_SIZE: usize = 24
pub const MIN_SIZE: usize = 24
Minimum allowed size of an elliptic curve secret key in bytes.
This provides the equivalent of 96-bits of symmetric security.
Sourcepub fn from_scalar(scalar: impl Into<ScalarValue<C>>) -> CtOption<Self>
pub fn from_scalar(scalar: impl Into<ScalarValue<C>>) -> CtOption<Self>
Create a new secret key from a scalar value.
§Returns
This will return a none if the scalar is all-zero.
Sourcepub fn as_scalar_value(&self) -> &ScalarValue<C>
pub fn as_scalar_value(&self) -> &ScalarValue<C>
Borrow the inner secret ScalarValue value.
This value is key material. Please treat it with the care it deserves!
Sourcepub fn to_nonzero_scalar(&self) -> NonZeroScalar<C>where
C: CurveArithmetic,
pub fn to_nonzero_scalar(&self) -> NonZeroScalar<C>where
C: CurveArithmetic,
Get the secret NonZeroScalar value for this key.
This value is key material. Please treat it with the care it deserves!
Sourcepub fn public_key(&self) -> PublicKey<C>where
C: CurveArithmetic,
pub fn public_key(&self) -> PublicKey<C>where
C: CurveArithmetic,
Get the PublicKey which corresponds to this secret key
Sourcepub fn from_bytes(bytes: &FieldBytes<C>) -> Result<Self>
pub fn from_bytes(bytes: &FieldBytes<C>) -> Result<Self>
Sourcepub fn from_slice(slice: &[u8]) -> Result<Self>
pub fn from_slice(slice: &[u8]) -> Result<Self>
Deserialize secret key from an encoded secret scalar passed as a byte slice.
The slice is expected to be a minimum of 24-bytes (192-bytes) and at most
C::FieldBytesSize bytes in length.
Byte slices shorter than the field size are handled by zero padding the input.
NOTE: this function is variable-time with respect to the input length. To avoid a timing
sidechannel, always ensure that the input has been pre-padded to C::FieldBytesSize.
§Errors
- if
sliceis shorter thanSelf::MIN_SIZE. - if
sliceis not sized appropriately for the scalar modulus. - if the decoded scalar field element overflows the scalar modulus.
Sourcepub fn to_bytes(&self) -> FieldBytes<C>
pub fn to_bytes(&self) -> FieldBytes<C>
Serialize raw secret scalar as a big endian integer.
Sourcepub fn diffie_hellman(&self, public_key: &PublicKey<C>) -> SharedSecret<C>where
C: CurveArithmetic,
pub fn diffie_hellman(&self, public_key: &PublicKey<C>) -> SharedSecret<C>where
C: CurveArithmetic,
Perform Elliptic Curve Diffie-Hellman with the given public key, returning a shared secret.
See the documentation in the ecdh module for more information.
Sourcepub fn from_der(der_bytes: &[u8]) -> DecodeResult<Self>
pub fn from_der(der_bytes: &[u8]) -> DecodeResult<Self>
Decode SecretKey from DER-encoded private key.
§Supported formats
- PKCS#8: requires
pkcs8feature - SEC1: requires
sec1feature
If you are expecting one format over the other, it’s better to use a more specific method:
§Errors
- Returns
DecodeError::Pkcs8if PKCS#8 key could not be decoded - Returns
DecodeError::Sec1if SEC1 key could not be decoded
Sourcepub fn from_pem(pem: &str) -> DecodeResult<Self>
pub fn from_pem(pem: &str) -> DecodeResult<Self>
Decode SecretKey from PEM-encoded private key.
If you are expecting one format over the other, it’s better to use a more specific method:
§Errors
- Returns
DecodeError::Pemif PEM label is invalid or otherwise malformed - Returns
DecodeError::Pkcs8if PKCS#8 key detected but could not be decoded - Returns
DecodeError::Sec1if SEC1 key detected but could not be decoded
Sourcepub fn from_sec1_der(der_bytes: &[u8]) -> DecodeResult<Self>
pub fn from_sec1_der(der_bytes: &[u8]) -> DecodeResult<Self>
Deserialize secret key encoded in the SEC1 ASN.1 DER ECPrivateKey format.
§Errors
- if
der_bytesdoes not encode a valid SEC1 private key - if the contained document does not encode a valid key for this curve
Sourcepub fn to_sec1_der(&self) -> Result<Zeroizing<Vec<u8>>>where
C: AssociatedOid + CurveArithmetic,
AffinePoint<C>: FromSec1Point<C> + ToSec1Point<C>,
FieldBytesSize<C>: ModulusSize,
pub fn to_sec1_der(&self) -> Result<Zeroizing<Vec<u8>>>where
C: AssociatedOid + CurveArithmetic,
AffinePoint<C>: FromSec1Point<C> + ToSec1Point<C>,
FieldBytesSize<C>: ModulusSize,
Serialize secret key in the SEC1 ASN.1 DER ECPrivateKey format.
§Errors
If an internal error occurs encoding this key.
Sourcepub fn from_sec1_pem(s: &str) -> DecodeResult<Self>
pub fn from_sec1_pem(s: &str) -> DecodeResult<Self>
Sourcepub fn to_sec1_pem(&self, line_ending: LineEnding) -> Result<Zeroizing<String>>where
C: AssociatedOid + CurveArithmetic,
AffinePoint<C>: FromSec1Point<C> + ToSec1Point<C>,
FieldBytesSize<C>: ModulusSize,
pub fn to_sec1_pem(&self, line_ending: LineEnding) -> Result<Zeroizing<String>>where
C: AssociatedOid + CurveArithmetic,
AffinePoint<C>: FromSec1Point<C> + ToSec1Point<C>,
FieldBytesSize<C>: ModulusSize,
Serialize private key as self-zeroizing PEM-encoded SEC1 ECPrivateKey
with the given pem::LineEnding.
Pass Default::default() to use the OS’s native line endings.
§Errors
If an internal error occurs encoding this key.
Trait Implementations§
Source§impl<C> AssociatedAlgorithmIdentifier for SecretKey<C>where
C: AssociatedOid + Curve,
impl<C> AssociatedAlgorithmIdentifier for SecretKey<C>where
C: AssociatedOid + Curve,
Source§const ALGORITHM_IDENTIFIER: AlgorithmIdentifier<ObjectIdentifier>
const ALGORITHM_IDENTIFIER: AlgorithmIdentifier<ObjectIdentifier>
AlgorithmIdentifier for this structure.Source§type Params = ObjectIdentifier
type Params = ObjectIdentifier
Source§impl<C> ConstantTimeEq for SecretKey<C>where
C: Curve,
impl<C> ConstantTimeEq for SecretKey<C>where
C: Curve,
Source§impl<C> DecodeEcPrivateKey for SecretKey<C>
Available on crate feature sec1 only.
impl<C> DecodeEcPrivateKey for SecretKey<C>
sec1 only.Source§fn from_sec1_der(bytes: &[u8]) -> Result<Self>
fn from_sec1_der(bytes: &[u8]) -> Result<Self>
Source§fn from_sec1_pem(s: &str) -> Result<Self, Error>
fn from_sec1_pem(s: &str) -> Result<Self, Error>
Source§impl<C> EncodeEcPrivateKey for SecretKey<C>where
C: AssociatedOid + CurveArithmetic,
AffinePoint<C>: FromSec1Point<C> + ToSec1Point<C>,
FieldBytesSize<C>: ModulusSize,
Available on crate features alloc and arithmetic and sec1 only.
impl<C> EncodeEcPrivateKey for SecretKey<C>where
C: AssociatedOid + CurveArithmetic,
AffinePoint<C>: FromSec1Point<C> + ToSec1Point<C>,
FieldBytesSize<C>: ModulusSize,
alloc and arithmetic and sec1 only.Source§fn to_sec1_der(&self) -> Result<SecretDocument>
fn to_sec1_der(&self) -> Result<SecretDocument>
SecretDocument containing a SEC1-encoded private key.Source§fn to_sec1_pem(
&self,
line_ending: LineEnding,
) -> Result<Zeroizing<String>, Error>
fn to_sec1_pem( &self, line_ending: LineEnding, ) -> Result<Zeroizing<String>, Error>
LineEnding. Read moreSource§fn write_sec1_der_file(&self, path: impl AsRef<Path>) -> Result<(), Error>
fn write_sec1_der_file(&self, path: impl AsRef<Path>) -> Result<(), Error>
Source§fn write_sec1_pem_file(
&self,
path: impl AsRef<Path>,
line_ending: LineEnding,
) -> Result<(), Error>
fn write_sec1_pem_file( &self, path: impl AsRef<Path>, line_ending: LineEnding, ) -> Result<(), Error>
Source§impl<C> EncodePrivateKey for SecretKey<C>where
C: AssociatedOid + CurveArithmetic,
AffinePoint<C>: FromSec1Point<C> + ToSec1Point<C>,
FieldBytesSize<C>: ModulusSize,
Available on crate features alloc and arithmetic only.
impl<C> EncodePrivateKey for SecretKey<C>where
C: AssociatedOid + CurveArithmetic,
AffinePoint<C>: FromSec1Point<C> + ToSec1Point<C>,
FieldBytesSize<C>: ModulusSize,
alloc and arithmetic only.Source§fn to_pkcs8_der(&self) -> Result<SecretDocument>
fn to_pkcs8_der(&self) -> Result<SecretDocument>
SecretDocument containing a PKCS#8-encoded private key. Read moreSource§fn to_pkcs8_pem(
&self,
line_ending: LineEnding,
) -> Result<Zeroizing<String>, Error>
fn to_pkcs8_pem( &self, line_ending: LineEnding, ) -> Result<Zeroizing<String>, Error>
LineEnding. Read moreSource§fn write_pkcs8_der_file(&self, path: impl AsRef<Path>) -> Result<(), Error>
fn write_pkcs8_der_file(&self, path: impl AsRef<Path>) -> Result<(), Error>
Source§fn write_pkcs8_pem_file(
&self,
path: impl AsRef<Path>,
line_ending: LineEnding,
) -> Result<(), Error>
fn write_pkcs8_pem_file( &self, path: impl AsRef<Path>, line_ending: LineEnding, ) -> Result<(), Error>
Source§impl<C> From<&NonZeroScalar<C>> for SecretKey<C>where
C: CurveArithmetic,
Available on crate feature arithmetic only.
impl<C> From<&NonZeroScalar<C>> for SecretKey<C>where
C: CurveArithmetic,
arithmetic only.Source§fn from(scalar: &NonZeroScalar<C>) -> SecretKey<C>
fn from(scalar: &NonZeroScalar<C>) -> SecretKey<C>
Source§impl<C> From<&SecretKey<C>> for NonZeroScalar<C>where
C: CurveArithmetic,
impl<C> From<&SecretKey<C>> for NonZeroScalar<C>where
C: CurveArithmetic,
Source§fn from(sk: &SecretKey<C>) -> NonZeroScalar<C>
fn from(sk: &SecretKey<C>) -> NonZeroScalar<C>
Source§impl<C> From<NonZeroScalar<C>> for SecretKey<C>where
C: CurveArithmetic,
Available on crate feature arithmetic only.
impl<C> From<NonZeroScalar<C>> for SecretKey<C>where
C: CurveArithmetic,
arithmetic only.Source§fn from(scalar: NonZeroScalar<C>) -> SecretKey<C>
fn from(scalar: NonZeroScalar<C>) -> SecretKey<C>
Source§impl<C> From<SecretKey<C>> for NonZeroScalar<C>where
C: CurveArithmetic,
impl<C> From<SecretKey<C>> for NonZeroScalar<C>where
C: CurveArithmetic,
Source§fn from(sk: SecretKey<C>) -> NonZeroScalar<C>
fn from(sk: SecretKey<C>) -> NonZeroScalar<C>
Source§impl<C> Generate for SecretKey<C>where
C: Curve,
impl<C> Generate for SecretKey<C>where
C: Curve,
Source§fn try_generate_from_rng<R: TryCryptoRng + ?Sized>(
rng: &mut R,
) -> Result<Self, R::Error>
fn try_generate_from_rng<R: TryCryptoRng + ?Sized>( rng: &mut R, ) -> Result<Self, R::Error>
TryCryptoRng. Read moreSource§fn generate_from_rng<R>(rng: &mut R) -> Self
fn generate_from_rng<R>(rng: &mut R) -> Self
CryptoRng.Source§impl<C> KeySizeUser for SecretKey<C>where
C: Curve,
impl<C> KeySizeUser for SecretKey<C>where
C: Curve,
Source§impl<C> TryFrom<EcPrivateKey<'_>> for SecretKey<C>
Available on crate feature sec1 only.
impl<C> TryFrom<EcPrivateKey<'_>> for SecretKey<C>
sec1 only.Source§impl<C> TryFrom<PrivateKeyInfo<AnyRef<'_>, &OctetStringRef, BitStringRef<'_>>> for SecretKey<C>
impl<C> TryFrom<PrivateKeyInfo<AnyRef<'_>, &OctetStringRef, BitStringRef<'_>>> for SecretKey<C>
Source§impl<C> TryKeyInit for SecretKey<C>where
C: Curve,
impl<C> TryKeyInit for SecretKey<C>where
C: Curve,
Source§fn new(key_bytes: &FieldBytes<C>) -> Result<Self, InvalidKey>
fn new(key_bytes: &FieldBytes<C>) -> Result<Self, InvalidKey>
Source§fn new_from_slice(key: &[u8]) -> Result<Self, InvalidKey>
fn new_from_slice(key: &[u8]) -> Result<Self, InvalidKey>
impl<C: Curve> Eq for SecretKey<C>
impl<C> ZeroizeOnDrop for SecretKey<C>where
C: Curve,
Auto Trait Implementations§
impl<C> Freeze for SecretKey<C>
impl<C> RefUnwindSafe for SecretKey<C>
impl<C> Send for SecretKey<C>
impl<C> Sync for SecretKey<C>
impl<C> Unpin for SecretKey<C>
impl<C> UnsafeUnpin for SecretKey<C>
impl<C> UnwindSafe for SecretKey<C>
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<T> DecodePrivateKey for Twhere
T: for<'a> TryFrom<PrivateKeyInfo<AnyRef<'a>, &'a OctetStringRef, BitStringRef<'a>>, Error = Error>,
impl<T> DecodePrivateKey for Twhere
T: for<'a> TryFrom<PrivateKeyInfo<AnyRef<'a>, &'a OctetStringRef, BitStringRef<'a>>, Error = Error>,
Source§fn from_pkcs8_der(bytes: &[u8]) -> Result<T, Error>
fn from_pkcs8_der(bytes: &[u8]) -> Result<T, Error>
Source§fn from_pkcs8_pem(s: &str) -> Result<Self, Error>
fn from_pkcs8_pem(s: &str) -> Result<Self, Error>
Source§impl<T> DynAssociatedAlgorithmIdentifier for Twhere
T: AssociatedAlgorithmIdentifier,
impl<T> DynAssociatedAlgorithmIdentifier for Twhere
T: AssociatedAlgorithmIdentifier,
Source§fn algorithm_identifier(&self) -> Result<AlgorithmIdentifier<Any>, Error>
fn algorithm_identifier(&self) -> Result<AlgorithmIdentifier<Any>, Error>
AlgorithmIdentifier for this structure. Read more