Struct CryptoRule
pub struct CryptoRule {
pub cookie_names: Vec<String>,
pub algorithm: CryptoAlgorithm,
pub key: Key,
pub fallbacks: Vec<FallbackConfig>,
}
Expand description
CryptoRule
specifies whether certain cookies should be encrypted or signed.
Fields§
The names of the cookies to which this rule applies.
algorithm: CryptoAlgorithm
How the cookies should be secured: either encryption or signing.
key: Key
The key to use for encryption or signing.
§Requirements
The key must be at least 64 bytes long and should be generated using a cryptographically secure random number generator.
fallbacks: Vec<FallbackConfig>
Fallbacks are used to decrypt/verify request cookies that failed to
be decrypted/verified using the primary key.
Fallbacks are never used to encrypt/sign response cookies.
§Key rotation
Fallbacks exist to enable key and algorithm rotation.
From time to time, you may want to change the key used to sign or encrypt cookies, or update
the algorithm.
If you do this naively
(e.g. change CryptoRule::key
or CryptoRule::algorithm
to a new value),
the server will immediately start rejecting all existing cookies
because they were signed/encrypted with the old key/algorithm.
With fallbacks, you can start using the new configuration without invalidating all existing cookies. The process for key rotation goes as follows:
- Generate a new key
- Set
key
to the new key, and add the old key to thefallbacks
vector, using the same algorithm - Wait for the expiration of all cookies signed/encrypted with the old key
- Remove the old key from the
fallbacks
vector
Trait Implementations§
§impl Clone for CryptoRule
impl Clone for CryptoRule
§fn clone(&self) -> CryptoRule
fn clone(&self) -> CryptoRule
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more§impl Debug for CryptoRule
impl Debug for CryptoRule
§impl<'de> Deserialize<'de> for CryptoRule
impl<'de> Deserialize<'de> for CryptoRule
§fn deserialize<__D>(
__deserializer: __D,
) -> Result<CryptoRule, <__D as Deserializer<'de>>::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(
__deserializer: __D,
) -> Result<CryptoRule, <__D as Deserializer<'de>>::Error>where
__D: Deserializer<'de>,
Auto Trait Implementations§
impl Freeze for CryptoRule
impl RefUnwindSafe for CryptoRule
impl Send for CryptoRule
impl Sync for CryptoRule
impl Unpin for CryptoRule
impl UnwindSafe for CryptoRule
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)