Expand description
Server-side key generation per RFC 7030 §4.4.
The /serverkeygen operation generates a key pair on the server (via KRA)
and returns both the certificate and the private key. Critical for ML-KEM
key generation at all security levels (512/768/1024).
Private keys are returned in PKCS#8 format per RFC 5958 (Asymmetric Key
Packages). The Pkcs8PrivateKey struct wraps a DER-encoded
OneAsymmetricKey (v2) or PrivateKeyInfo (v1) structure with algorithm OID
validation. For secure transport per RFC 7030 §4.4.2, the private key
can be wrapped in CMS EnvelopedData via Pkcs8PrivateKey::to_enveloped_data.
Structs§
- Encrypted
Private Key - Encrypted PKCS#8 private key (EncryptedPrivateKeyInfo) per RFC 5958 §3.
- MlKem
KeyGen Hint - ML-KEM key generation hint for
/serverkeygenrequests. - Pkcs8
Private Key - DER-encoded PKCS#8 private key per RFC 5958 §2.
- Server
Keygen Request - Server key generation request (RFC 7030 §4.4.1).
- Server
Keygen Response - Server key generation response (RFC 7030 §4.4.2).
Enums§
- MlKem
Level - ML-KEM security levels supported by the KRA.
- Pkcs8
Version - PKCS#8 version for OneAsymmetricKey / PrivateKeyInfo.