Module keygen

Expand description

Server-side key generation for EST /serverkeygen (RFC 7030 §4.4).

Generates key pairs in software or via PKCS#11 HSM per NIAP CA PP FCS_CKM.1 (approved key generation methods). Supports RSA and ECDSA key types with configurable sizes.

Structs§

KeyGenConfig: Configuration for key generation.
KeyGenResult: Result of a key generation operation.

Enums§

ClassicalSigningAlg: Classical signing algorithms paired with ML-DSA in composite mode.
EcCurve: Supported elliptic curves for ECDSA.
KeyGenError: Errors during key generation.
KeyType: Supported key types for server-side generation.
MlDsaLevel: ML-DSA security levels per FIPS 204.
MlKemLevel: ML-KEM security levels per FIPS 203.

Functions§

composite_sub_arc: Map a composite ML-DSA key type to the OID sub-arc per draft-ietf-lamps-pq-composite-sigs-19 (sub-arcs 37-54).
generate_key_pair: Generate a key pair for the EST /serverkeygen endpoint.

Module keygen

Module keygen Copy item path

Structs§

Enums§

Functions§

Module keygen