Skip to main content

HsmKeyPair

kipuka_hsm::key

Struct HsmKeyPair 

Source 
pub struct HsmKeyPair { /* private fields */ }
Expand description

HSM key pair reference.

Implementations§

Source§

impl HsmKeyPair

Source

pub fn generate( slot: &HsmSlot, algorithm: KeyAlgorithm, label: &str, id: &[u8], provider_config: &HsmProviderConfig, pqc_mechanisms: &PqcMechanismIds, ) -> HsmResult<Self>

Generate a new key pair.

§Arguments
  • slot - HSM slot
  • algorithm - Key algorithm
  • label - Key label (CKA_LABEL)
  • id - Key ID (CKA_ID), typically SHA-1 hash of public key
  • provider_config - Provider configuration (for PQC mechanism IDs)
§NIAP CA PP Compliance

Generated keys MUST have:

  • CKA_EXTRACTABLE = false (FCS_CKM.1)
  • CKA_SENSITIVE = true (FCS_CKM.1)
§Errors

Returns HsmError::PqcNotSupported if the HSM does not support the requested PQC algorithm and fallback to software is not enabled.

Source

pub fn find_by_label( slot: &HsmSlot, label: &str, algorithm: KeyAlgorithm, ) -> HsmResult<Self>

Find a key pair by label.

Source

pub fn find_by_id( slot: &HsmSlot, id: &[u8], algorithm: KeyAlgorithm, ) -> HsmResult<Self>

Find a key pair by CKA_ID.

Source

pub fn from_uri( slot: &HsmSlot, uri: &str, algorithm: KeyAlgorithm, ) -> HsmResult<Self>

Parse a PKCS#11 URI and find the corresponding key.

§URI Format

pkcs11:token=MyToken;object=MyKey;type=private

Supported attributes:

  • token - Token label
  • object - Key label (CKA_LABEL)
  • id - Key ID (CKA_ID, hex-encoded)
  • type - Object type (private, public, cert)
Source

pub fn private_key(&self) -> ObjectHandle

Get the private key handle.

Source

pub fn public_key(&self) -> ObjectHandle

Get the public key handle.

Source

pub fn session(&self) -> &Session

Get the session.

Source

pub fn algorithm(&self) -> KeyAlgorithm

Get the key algorithm.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more