Lib.rs

Cryptography
#encryption #certificate #vpn #security

corevpn-crypto

Cryptographic primitives for CoreVPN - secure key exchange, encryption, and certificate handling

Owned by Joseph R. Quinn.

6 releases (breaking)

Uses new Rust 2024

new 0.5.1 Feb 16, 2026
0.5.0 Feb 13, 2026
0.4.0 Feb 7, 2026
0.3.0 Feb 6, 2026
0.1.0 Jan 2, 2026

#693 in Cryptography


Used in 7 crates (6 directly)

MIT/Apache

79KB
1.5K SLoC

corevpn-crypto

Crates.io Documentation License

Cryptographic primitives for CoreVPN - secure key exchange, encryption, and certificate handling.

Features

  • Key Exchange: X25519 Diffie-Hellman for perfect forward secrecy
  • Encryption: ChaCha20-Poly1305 and AES-256-GCM AEAD ciphers
  • Signatures: Ed25519 digital signatures
  • Certificates: X.509 certificate generation and validation
  • Key Derivation: HKDF-based key derivation
  • HMAC Authentication: OpenVPN-compatible tls-auth
  • Secure Memory: Zeroization of sensitive data

Usage

use corevpn_crypto::{CipherSuite, KeyMaterial, CertificateAuthority};

// Generate a Certificate Authority
let ca = CertificateAuthority::generate("My VPN CA", 3650)?;

// Generate server certificate
let (server_cert, server_key) = ca.generate_server_cert("vpn.example.com", 365)?;

// Generate client certificate
let (client_cert, client_key) = ca.generate_client_cert("user@example.com", 90)?;

// Create cipher suite for data channel
let cipher = CipherSuite::new_chacha20_poly1305(&key_material)?;
let encrypted = cipher.encrypt(&plaintext)?;

Security

This crate uses only audited, pure-Rust cryptographic implementations:

  • x25519-dalek / ed25519-dalek for Curve25519 operations
  • chacha20poly1305 / aes-gcm for AEAD encryption
  • ring for additional cryptographic primitives
  • zeroize for secure memory handling

License

Licensed under either of:

at your option.

Dependencies

~13–26MB
~418K SLoC