1 //! Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8:
2 //! Private-Key Information Syntax Specification ([RFC 5208]), with additional
3 //! support for PKCS#8v2 asymmetric key packages ([RFC 5958])
4 //!
5 //! # About
6 //! This library provides generalized PKCS#8 support designed to work with a
7 //! number of different algorithms. It supports `no_std` platforms including
8 //! ones without a heap (albeit with reduced functionality).
9 //!
10 //! It supports decoding/encoding the following types:
11 //!
12 //! - [`EncryptedPrivateKeyInfo`]: (with `pkcs5` feature) encrypted key.
13 //! - [`PrivateKeyInfo`]: algorithm identifier and data representing a private key.
14 //!   Optionally also includes public key data for asymmetric keys.
15 //! - [`SubjectPublicKeyInfo`]: algorithm identifier and data representing a public key
16 //!   (re-exported from the [`spki`] crate)
17 //!
18 //! When the `alloc` feature is enabled, the following additional types are
19 //! available which provide more convenient decoding/encoding support:
20 //!
21 //! - [`EncryptedPrivateKeyDocument`]: (with `pkcs5` feature) heap-backed encrypted key.
22 //! - [`PrivateKeyDocument`]: heap-backed storage for serialized [`PrivateKeyInfo`].
23 //! - [`PublicKeyDocument`]: heap-backed storage for serialized [`SubjectPublicKeyInfo`].
24 //!
25 //! When the `pem` feature is enabled, it also supports decoding/encoding
26 //! documents from "PEM encoding" format as defined in RFC 7468.
27 //!
28 //! # Supported Algorithms
29 //! This crate has been written generically so it can be used to implement
30 //! PKCS#8 support for any algorithm.
31 //!
32 //! However, it's only tested against keys generated by OpenSSL for the
33 //! following algorithms:
34 //!
35 //! - ECC (`id-ecPublicKey`)
36 //! - Ed25519 (`Ed25519`)
37 //! - RSA (`rsaEncryption`)
38 //!
39 //! Please open an issue if you encounter trouble using it with other
40 //! algorithms.
41 //!
42 //! # Encrypted Private Key Support
43 //! [`EncryptedPrivateKeyInfo`] supports decoding/encoding encrypted PKCS#8
44 //! private keys and is gated under the `pkcs5` feature. The corresponding
45 //! [`EncryptedPrivateKeyDocument`] type provides heap-backed storage
46 //! (`alloc` feature required).
47 //!
48 //! When the `encryption` feature of this crate is enabled, it provides
49 //! [`EncryptedPrivateKeyInfo::decrypt`] and [`PrivateKeyInfo::encrypt`]
50 //! functions which are able to decrypt/encrypt keys using the following
51 //! algorithms:
52 //!
53 //! - [PKCS#5v2 Password Based Encryption Scheme 2 (RFC 8018)]
54 //!   - Key derivation function: [scrypt] ([RFC 7914], also supports PBKDF2-HMAC-SHA256)
55 //!   - Symmetric encryption: AES-128-CBC or AES-256-CBC (best available options for PKCS#5v2)
56 //!
57 //! # PKCS#1 support (optional)
58 //! When the `pkcs1` feature of this crate is enabled, this crate provides
59 //! a blanket impl of PKCS#8 support for types which impl the traits from the
60 //! [`pkcs1`] crate (e.g. `FromRsaPrivateKey`, `ToRsaPrivateKey`).
61 //!
62 //! # Minimum Supported Rust Version
63 //!
64 //! This crate requires **Rust 1.51** at a minimum.
65 //!
66 //! [RFC 5208]: https://tools.ietf.org/html/rfc5208
67 //! [RFC 5958]: https://tools.ietf.org/html/rfc5958
68 //! [RFC 7914]: https://datatracker.ietf.org/doc/html/rfc7914
69 //! [PKCS#5v2 Password Based Encryption Scheme 2 (RFC 8018)]: https://tools.ietf.org/html/rfc8018#section-6.2
70 //! [scrypt]: https://en.wikipedia.org/wiki/Scrypt
71 
72 #![no_std]
73 #![cfg_attr(docsrs, feature(doc_cfg))]
74 #![doc(
75     html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
76     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
77     html_root_url = "https://docs.rs/pkcs8/0.7.5"
78 )]
79 #![forbid(unsafe_code, clippy::unwrap_used)]
80 #![warn(missing_docs, rust_2018_idioms, unused_qualifications)]
81 
82 #[cfg(feature = "alloc")]
83 extern crate alloc;
84 #[cfg(feature = "std")]
85 extern crate std;
86 
87 mod attributes;
88 mod error;
89 mod private_key_info;
90 mod traits;
91 mod version;
92 
93 #[cfg(feature = "alloc")]
94 mod document;
95 
96 #[cfg(feature = "pkcs5")]
97 pub(crate) mod encrypted_private_key_info;
98 
99 pub use crate::{
100     attributes::Attributes,
101     error::{Error, Result},
102     private_key_info::PrivateKeyInfo,
103     traits::{FromPrivateKey, FromPublicKey},
104     version::Version,
105 };
106 pub use der::{self, asn1::ObjectIdentifier};
107 pub use spki::{AlgorithmIdentifier, SubjectPublicKeyInfo};
108 
109 #[cfg(feature = "alloc")]
110 pub use crate::{
111     document::{private_key::PrivateKeyDocument, public_key::PublicKeyDocument},
112     traits::{ToPrivateKey, ToPublicKey},
113 };
114 
115 #[cfg(feature = "pem")]
116 #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
117 pub use pem_rfc7468::LineEnding;
118 
119 #[cfg(feature = "pkcs5")]
120 pub use encrypted_private_key_info::EncryptedPrivateKeyInfo;
121 
122 #[cfg(feature = "pkcs1")]
123 pub use pkcs1;
124 
125 #[cfg(feature = "pkcs5")]
126 pub use pkcs5;
127 
128 #[cfg(all(feature = "alloc", feature = "pkcs5"))]
129 pub use crate::document::encrypted_private_key::EncryptedPrivateKeyDocument;
130 
131 #[cfg(feature = "pem")]
132 use pem_rfc7468 as pem;
133