#crypto #gssapi #kerberos

no-std gss-api

Pure Rust implementation for Generic Security Service Application Program Interface (GSS-API)

2 unstable releases

0.1.0 May 20, 2023
0.0.0 May 7, 2023

#2 in #gssapi

Apache-2.0 OR MIT

11K SLoC

RustCrypto: GSS-API

crate Docs Build Status Apache2/MIT licensed Rust Version Project Chat

Pure Rust implementation of Generic Security Service Application Program Interface (RFC1509, RFC2478, RFC4178, MS-SPNG).



The Generic Security Service Application Program Interface (abbreviated GSS-API or GSSAPI) enables programs to access system security services. One of the foremost security protocols used in conjunction with GSS-API is Kerberos.

GSS-API is an IETF standard designed to address the problem of many incompatible security services which provide similar functionality. By itself, does not provide any security, but instead provides a common API implemented by security-service vendors, usually in the form of libraries installed with their security software.

These libraries implement the GSS-API which can be called from application-level code, allowing the security implementation to be replaced without application-level changes.

GSS-API applications exchange opaque messages, i.e. tokens, which hide the security implementation detail from the higher-level application. The client and server sides of the application are written to convey the tokens given to them by their respective GSS-API implementations. GSS-API tokens can usually travel over an insecure network as the mechanisms provide inherent message security.

After the exchange of some number of tokens, the GSS-API implementations at both ends inform their local application that a security context is established. Once a security context is established, sensitive application messages can be wrapped (i.e. encrypted) by the GSS-API for secure communication between client and server.

Typical protections guaranteed by GSS-API wrapping include confidentiality (secrecy) and integrity (authenticity). GSS-API can also provide local guarantees about the identity of the remote user or remote host.

Minimum Supported Rust Version

This crate requires Rust 1.65 at a minimum.

We may change the MSRV in the future, but it will be accompanied by a minor version bump.


Licensed under either of:

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.


~26K SLoC