pkcs1 crate has no examples, no obvious way of using

[kornelski]

The docs for pkcs1 have no examples how to use the crate to decode an RsaPrivateKey.

The crate has a DecodeRsaPrivateKey trait, but pkcs1::RsaPrivateKey does not implement it? (or if it does, then only indirectly via a blanket impl on a pkcs8 feature in another crate???)

This seems very weird. Is that a mistake? Why is the type and trait in the same crate if they don't work together?

The only apparent way of creating pkcs1::RsaPrivateKey is via TryFrom<&[u8]> implementation, which is not mentioned anywhere, and the impl itself has zero documentation, so it needs diving into the crate's source code to discover it takes DER.

It's weird that the pkcs1 crate has a pem Cargo feature, and describes possibility of using PEM format, but as far as I can tell, PEM decoding is not supported by the crate.

[kornelski]

The actual working implementation of pkcs1::DecodeRsaPrivateKey is not in this crate, only in the rsa crate, and rsa::RsaPrivateKey is a different type than pkcs1::RsaPrivateKey! In the pkcs8 crate, the equivalent of RsaPrivateKey is called PrivateKeyInfo.

[tarcieri]

Yes, this crate is somewhat unloved relative to the others, and lacks examples.

For reference, the correct trait for decoding pkcs1::RsaPrivateKey is der::Decode. With the trait in scope, pkcs1::RsaPrivateKey::from_der should work.

The DecodeRsaPrivateKey trait is intended for types which can be loaded/instantiated from pkcs1::RsaPrivateKey, notably rsa::RsaPrivateKey as described in these docs: https://docs.rs/rsa/0.9.7/rsa/#pkcs1-rsa-key-encoding

DecodeRsaPrivateKey follows a convention of similar traits in our other key format crates like pkcs8::DecodePrivateKey and sec1::DecodeEcPrivateKey. They can all be thought of as a way to decode a document with the given PEM label, e.g. DecodeRsaPrivateKey decodes a document that starts with BEGIN RSA PRIVATE KEY, or BEGIN PRIVATE KEY for pkcs8, or BEGIN EC PRIVATE KEY for sec1. Any proposed changes to this naming scheme should be made in all of these crates for consistency, which makes things somewhat complicated.

These traits also only work for owned types as they don't have an associated lifetime, whereas pkcs1::RsaPrivateKey borrows from its input and has an associated lifetime, so it's not possible to impl it for this type, despite what the trait name may lead you to believe.

In the latest prerelease of e.g. pkcs8 we now support an owned form of private key gated on the alloc feature: https://docs.rs/pkcs8/0.11.0-rc.1/pkcs8/type.PrivateKeyInfoOwned.html

We could do a similar treatment to pkcs1 and add pkcs1::RsaPrivateKeyOwned, in which case it would be possible to impl the pkcs1::DecodeRsaPrivateKey trait for pkcs1::RsaPrivateKeyOwned. But really the idea is the trait can be used to plug in different RSA implementations and you bound a generic type on the operations you want to perform, e.g. a type like rsa::pss::SigningKey supports the pkcs1::DecodeRsaPrivateKey traits as well as the signature::Signer traits, so you can write code generically against any RSA implementation that can decode a key using that trait and compute a signature.