This is a simple example program that shows how to use the key interfaces. The key interfaces covers:
- Generating Asymmetric encryption key pair
- Signing with private key
- Exporting the (encrypted) private/public key
- Importing the (encrypted) private/public key
- Verifying signature with public key
The basic implementation for key-interface can be shown in the following diagram
The exposed interfaces (marked as pub) include:
SigStoreSignerenum: wrapper forSigners of different kinds of signing algorithm.SigStoreKeyPairenum: wrapper forKeyPairs of different kinds of asymmetric encryption algorithm.SigningSchemeenum: Different kinds of signing algorithm.CosignVerificationKeystruct: Public key types to verify signatures for different signing algorithm.
To show the different usages for them, there will be three typical scenarios.
This example shows the following operations
- Generating Asymmetric encryption key pair due to given
SigningScheme. - Signing the given test data using private key. The signature will be printed in hex.
- Verifying the signature generated.
The signing process is performed by SigStoreSigner.
The verifying process is performed by CosignVerificationKey.
The following example will create a ECDSA_P256_ASN1 keypair and sign the given data.
cargo run --example key_pair_gen_sign_verifyThis example includes the following steps:
- Randomly generate an
ECDSA_P256_ASN1key pair, which is represented assignerof typeSigStoreSignerand includes a private key and a public key. Here, the type of the key pair is influenced by the givenSigningScheme. - Sign the given data
DATA_TO_BE_SIGNEDusing thesigner's private key. - Derive
verification_keyfrom thesigner. - Verify the signature generated before using the
verification_key.
This example shows the following operations
- Generating Asymmetric encryption key pair due to given
SigningScheme. - Export the public key in both DER and PEM format.
- Export the private key in both DER and PEM format.
- Export the encrypted private key in PEM format.
The key-related operations are performed by SigStoreKeyPair.
The following example will create a ECDSA_P256_ASN1 keypair and sign the given data.
cargo run --example key_pair_gen_and_exportThis example includes the following steps:
- Randomly generate an
ECDSA_P256_ASN1key pair, which is represented assignerof typeSigStoreSignerand includes a private key and a public key. Here, the type of the key pair is influenced by the givenSigningScheme. - Export the public key in PEM format and DER format. The result will be printed (PEM as string, DER as hex).
- Export the private key in PEM format and DER format. The result will be printed (PEM as string, DER as hex).
- Export the encrypted private key in PEM format. The result will be printed.
This example shows the following operations
- Import the public key in both DER and PEM format to
CosignVerificationKey. - Import the private key in both DER and PEM format to
SigStoreKeyPair/ECDSAKeys. - Import the encrypted private key in PEM format to
SigStoreKeyPair/ECDSAKeys. - Convert the
SigStoreKeyPairtoSigStoreSigner.
The following example will create a ECDSA_P256_ASN1 keypair and sign the given data.
cargo run --example key_pair_importThis example includes the following steps:
- Import the public key
ECDSA_P256_ASN1_PUBLIC_PEM.pubasCosignVerificationKey. - Import the public key
ECDSA_P256_ASN1_PUBLIC_DER.pubasCosignVerificationKey. - Import the private key
ECDSA_P256_ASN1_PRIVATE_PEM.keyasSigStoreKeyPair. - Import the private key
ECDSA_P256_ASN1_PRIVATE_PEM.keyasECDSAKeys. - Import the private key
ECDSA_P256_ASN1_PRIVATE_DER.keyasSigStoreKeyPair. - Import the private key
ECDSA_P256_ASN1_PRIVATE_DER.keyasECDSAKeys. - Import the encrypted private key
ECDSA_P256_ASN1_ENCRYPTED_PRIVATE_PEM.keyasSigStoreKeyPair. - Import the encrypted private key
ECDSA_P256_ASN1_ENCRYPTED_PRIVATE_PEM.keyasECDSAKeys. - Convert the last
SigStoreKeyPairtoSigStoreSigner.