特性 SigningKey 

pub trait SigningKey:
    Debug
    + Send
    + Sync {
    // Required methods
    fn choose_scheme(
        &self,
        offered: &[SignatureScheme],
    ) -> Option<Box<dyn Signer>>;
    fn algorithm(&self) -> SignatureAlgorithm;

    // Provided method
    fn public_key(&self) -> Option<SubjectPublicKeyInfoDer<'_>> { ... }
}

抽象签名密钥。

This interface is 用于 rustls 到 use 一个 private signing key 用于 authentication. This includes server 并 client authentication.

Objects of this type are always 用 within Rustls as Arc<dyn SigningKey>。 There are no concrete public structs in Rustls that implement this trait.

There are two main ways 到 get 一个 signing key:

• KeyProvider::load_private_key(), or
• some other method outside of the KeyProvider extension trait, for instance:
  • crypto::ring::sign::any_ecdsa_type()
  • crypto::ring::sign::any_eddsa_type()
  • crypto::ring::sign::any_supported_type()
  • crypto::aws_lc_rs::sign::any_ecdsa_type()
  • crypto::aws_lc_rs::sign::any_eddsa_type()
  • crypto::aws_lc_rs::sign::any_supported_type()

此 KeyProvider method load_private_key() is called under the hood by ConfigBuilder::with_single_cert(), ConfigBuilder::with_client_auth_cert(), 并 ConfigBuilder::with_single_cert_with_ocsp()。

A signing key created outside of the KeyProvider extension trait can be 用 到 create 一个 CertifiedKey, which in turn 可用于 create 一个 ResolvesServerCertUsingSni。 Alternately, 一个 CertifiedKey can be returned 从 一个 custom implementation of the ResolvesServerCert 或 ResolvesClientCert traits.

必需方法

fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option<Box<dyn Signer>>

选择一个 SignatureScheme 从 those offered.

Expresses the choice by returning something that implements Signer, 使用所选的方案。

fn algorithm(&self) -> SignatureAlgorithm

我们有哪种密钥

提供方法

fn public_key(&self) -> Option<SubjectPublicKeyInfoDer<'_>>

获取 RFC 5280-compliant SubjectPublicKeyInfo (SPKI) of this SigningKey if available.

实现者