Trait rustls::crypto::KeyProvider

source ·
pub trait KeyProvider: Send + Sync + Debug {
    // Required method
    fn load_private_key(
        &self,
        key_der: PrivateKeyDer<'static>,
    ) -> Result<Arc<dyn SigningKey>, Error>;

    // Provided method
    fn fips(&self) -> bool { ... }
}
Expand description

A mechanism for loading private SigningKeys from PrivateKeyDer.

This trait is intended to be used with private key material that is sourced from DER, such as a private-key that may be present on-disk. It is not intended to be used with keys held in hardware security modules (HSMs) or physical tokens. For these use-cases see the Rustls manual section on customizing private key usage.

Required Methods§

source

fn load_private_key( &self, key_der: PrivateKeyDer<'static>, ) -> Result<Arc<dyn SigningKey>, Error>

Decode and validate a private signing key from key_der.

This is used by ConfigBuilder::with_client_auth_cert(), ConfigBuilder::with_single_cert(), and ConfigBuilder::with_single_cert_with_ocsp(). The key types and formats supported by this function directly defines the key types and formats supported in those APIs.

Return an error if the key type encoding is not supported, or if the key fails validation.

Provided Methods§

source

fn fips(&self) -> bool

Return true if this is backed by a FIPS-approved implementation.

If this returns true, that must be the case for all possible key types supported by KeyProvider::load_private_key().

Implementors§