|
|
|
@ -109,22 +109,18 @@ impl PubKey {
|
|
|
|
|
impl PrivKey {
|
|
|
|
|
/// Generate a new private key.
|
|
|
|
|
pub fn new() -> Result<PrivKey> {
|
|
|
|
|
// The rsa crate takes like two orders of magnitude longer to generate a key,
|
|
|
|
|
// so until they get that under control we'll use the raw OpenSSL bindings to
|
|
|
|
|
// generate a key, encode it to PKCS#1 DER, and load it again.
|
|
|
|
|
let pkey = openssl::rsa::Rsa::generate(DEFAULT_KEY_SIZE as u32).unwrap();
|
|
|
|
|
let pkcs1_der = pkey.private_key_to_der().unwrap();
|
|
|
|
|
let pkey =
|
|
|
|
|
<RsaPrivateKey as pkcs1::DecodeRsaPrivateKey>::from_pkcs1_der(pkcs1_der.as_slice())
|
|
|
|
|
.map_err(Error::from)?;
|
|
|
|
|
let der = pkey.to_pkcs8_der().map_err(Error::from)?;
|
|
|
|
|
let der = Vec::from(der.as_bytes());
|
|
|
|
|
let pkey = RsaPrivateKey::new(&mut OsRng, DEFAULT_KEY_SIZE).map_err(Error::from)?;
|
|
|
|
|
let der = pkey.to_public_key_der().map_err(Error::from)?.into_vec();
|
|
|
|
|
Ok(PrivKey {
|
|
|
|
|
pkey: OnceCell::from(pkey),
|
|
|
|
|
der,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Construct a new private key from a DER encoded PKCS#8 key **without validity checks**.
|
|
|
|
|
/// This function is not `unsafe` because if the data is not valid DER, all operations will
|
|
|
|
|
/// simply fail instead of resulting in undefined behaviour. Furthermore, this function
|
|
|
|
|
/// will only be called from keys stored directly in the database, so it should be fine.
|
|
|
|
|
pub fn from_der_unchecked(der: Vec<u8>) -> PrivKey {
|
|
|
|
|
PrivKey {
|
|
|
|
|
pkey: OnceCell::new(),
|
|
|
|
|