Hashing
Calculate the SHA-256 digest of a file
Writes some data to a file, then calculates the SHA-256 digest::Digest⮳ of the file's contents using digest::Context⮳
use std::fs; use std::fs::File; use std::io::BufReader; use std::io::Read; use std::io::Write; use anyhow::Result; use data_encoding::HEXUPPER; use ring::digest::Context; use ring::digest::Digest; use ring::digest::SHA256; fn sha256_digest<R: Read>(mut reader: R) -> Result<Digest> { let mut context = Context::new(&SHA256); let mut buffer = [0; 1024]; loop { let count = reader.read(&mut buffer)?; if count == 0 { break; } context.update(&buffer[..count]); } Ok(context.finish()) } fn main() -> Result<()> { if !fs::exists("temp")? { fs::create_dir("temp")?; } let path = "temp/file.txt"; let mut output = File::create(path)?; write!(output, "We will generate a digest of this text")?; let input = File::open(path)?; let reader = BufReader::new(input); let digest = sha256_digest(reader)?; println!("SHA-256 digest is {}", HEXUPPER.encode(digest.as_ref())); Ok(()) }
Sign and verify a message with a HMAC digest
Uses ring::hmac⮳ to creates a ring::signature::Signature⮳ of a string then verifies the signature is correct.
use ring::error::Unspecified; use ring::hmac; use ring::rand; use ring::rand::SecureRandom; fn main() -> Result<(), Unspecified> { // Create a key let mut key_value = [0u8; 48]; let rng = rand::SystemRandom::new(); rng.fill(&mut key_value)?; let key = hmac::Key::new(hmac::HMAC_SHA256, &key_value); // Sign a message let message = "Legitimate and important message."; let signature = hmac::sign(&key, message.as_bytes()); // Calculates the HMAC of data using the signing key key, // and verifies whether the resultant value equals the signature. hmac::verify(&key, message.as_bytes(), signature.as_ref())?; println!("Message verified."); Ok(()) }
Use general-purpose hashing algorithms
For more algorithms, see Rust Crypto Hashes: sha2, sha1, md-5
Pure Rust implementation of the SHA-2 hash function family, including SHA-224, SHA-256, SHA-384, and SHA-512.
fn main() { todo!(); }
SHA-1 hash function
fn main() { todo!(); }
MD5 hash function
fn main() { todo!(); }
Encrypt with AEAD
For more algorithms, see Rust Crypto AEADs: aes-gcm-siv, aes-gcm, chacha20poly1305
Pure Rust implementation of the AES-GCM-SIV Misuse-Resistant Authenticated Encryption Cipher (RFC 8452) with optional architecture-specific hardware acceleration.
fn main() { todo!(); }
Pure Rust implementation of the AES-GCM (Galois/Counter Mode) Authenticated Encryption with Associated Data (AEAD) Cipher with optional architecture-specific hardware acceleration.
fn main() { todo!(); }
Use the RSA algorithm
Pure Rust RSA implementation.
fn main() { todo!(); }
Compute digital signatures
For more algorithms, see Rust Crypto Signatures:
Edwards Digital Signature Algorithm (EdDSA) over Curve25519 (as specified in RFC 8032) support library providing signature type definitions and PKCS#8 private key decoding/encoding support.
fn main() { todo!(); }
Fast and efficient ed25519 EdDSA key generations, signing, and verification in pure Rust.
Pure Rust implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) as specified in FIPS 186-4 (Digital Signature Standard), providing RFC6979 deterministic signatures as well as support for added entropy.
fn main() { todo!(); }
Pure Rust implementation of the Digital Signature Algorithm (DSA) as specified in FIPS 186-4 (Digital Signature Standard), providing RFC6979 deterministic signatures as well as support for added entropy.
fn main() { todo!(); }
Create certificates
For more formats, see Rust Crypto Formats.
Pure Rust embedded-friendly implementation of the Distinguished Encoding Rules (DER) for Abstract Syntax Notation One (ASN.1) as described in ITU X.690 with full support for heapless no_std targets.
fn main() { todo!(); }
PEM Encoding (RFC 7468) for PKIX, PKCS, and CMS Structures, implementing a strict subset of the original Privacy-Enhanced Mail encoding intended specifically for use with cryptographic keys, certificates, and other messages. Provides a no_std-friendly, constant-time implementation suitable for use with cryptographic private keys.
fn main() { todo!(); }
Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification (RFC 5208), with additional support for PKCS#8v2 asymmetric key packages (RFC 5958).
fn main() { todo!(); }
Pure Rust implementation of the X.509 Public Key Infrastructure Certificate format as described in RFC 5280.
fn main() { todo!(); }
Use TLS / SSL
Rustls is a portable pure-rust high-level implementation of TLS. Implements TLS 1.2 and higher.
fn main() { todo!(); }
A wrapper over a platform's native TLS implementation. Delegates to the system TLS implementations on windows and macOS, and uses OpenSSL on Linux.
fn main() { todo!(); }
Utilities
subtle
Pure-Rust traits and utilities for constant-time cryptographic implementations.
fn main() { todo!(); }
zeroize
Securely clear secrets from memory with a simple trait built on stable Rust primitives which guarantee memory is zeroed using an operation that will not bee optimized away by the compiler. Uses a portable pure Rust implementation that works everywhere, even WASM.
fn main() { todo!(); }