Correct API usage for long-lived programs

[edevil]

I was looking at how to use this library in the context of a long-lived application, specifically for sealing/signing emails, and am a bit confused as to what I should create once and reuse vs create at every operation.

My first thought was that I would need to import the RSA private key once at startup, pass it around, and instantiate/configure a sealer each time. However, RsaKey does not implement Clone, and ArcSealer::from_key() doesn't take a reference to a key, so that rules it out.

My second thought was that I would create an ArcSealer at startup and configure it when needed, since it appears to implement Clone. However, it depends, on both the State and the Signing Key being Clone, which they are not. So I could not configure the ArcSealer instance since I did not have a mutable reference.

My third attempt, and current one, is to create an ArcSealer and configure it at startup. Hence what I'm passing around is a Arc<ArcSealer<RsaKey<Sha256>, Done>>. Am I doing this right? :)

Thanks for the library!

[mdecimus]

Your third attempt is the correct one, Arc should be used in long-lived applications. The reason is that the crypto libraries that mail-auth uses do not implement Clone on keys for security reasons.