Module pkey 

Pkey<T> — asymmetric key container and operations.

Phase 5 delivers key loading/serialisation (5.1), keygen (5.2), sign/verify (5.3), derive (5.4), asymmetric encrypt/decrypt (5.5), and KEM encapsulate/decapsulate (5.6).

Type-state markers

Pkey<Private>, Pkey<Public>, and Pkey<Params> statically prevent misuse (e.g. signing with a public key). HasPrivate: HasPublic means every Pkey<Private> can also be used wherever Pkey<Public> is needed.

Structs

DecapCtx

KEM decapsulation context (recipient’s private key).

DeriveCtx

Asymmetric key-agreement context (EVP_PKEY_CTX in derive mode).

EncapCtx

KEM encapsulation context (recipient’s public key).

EncapResult

KEM encapsulation output.

KeygenCtx

Context for generating asymmetric key pairs (EVP_PKEY_CTX in keygen mode).

MessageSigner

Stateful signing context using EVP_PKEY_sign_message_* (OpenSSL 3.2+).

MessageVerifier

Stateful verification context using EVP_PKEY_verify_message_* (OpenSSL 3.2+).

Params

Marker: key holds PKEY parameters only (e.g. EC group with no key).

Pkey

An asymmetric key (EVP_PKEY*) with a compile-time role marker.

PkeyDecryptCtx

RSA asymmetric decryption context.

PkeyEncryptCtx

RSA asymmetric encryption context.

Private

Marker: key holds public + private key material.

Public

Marker: key holds public key material only.

RawSigner

Raw (no-digest) signing context wrapping EVP_PKEY_CTX after EVP_PKEY_sign_init.

RawVerifier

Raw (no-digest) verification context wrapping EVP_PKEY_CTX after EVP_PKEY_verify_init.

SigAlg

Algorithm descriptor for EVP_SIGNATURE (OpenSSL 3.2+).

SignInit

Parameters for creating a Signer or Verifier.

Signer

Streaming DigestSign context.

Verifier

Streaming DigestVerify context.

Traits

HasParams

All key markers satisfy this bound.

HasPrivate

Private key material is accessible.

HasPublic

Public key material is accessible (both Public and Private keys).