5 releases

0.2.1 Aug 10, 2023
0.2.0 Jul 30, 2023
0.1.2 Jul 9, 2022
0.1.1 Jun 15, 2022
0.1.0 May 30, 2022

#667 in Cryptography

MIT/Apache

25KB
588 lines

PKI tools for Rust

This project contains Rust library for PKI-related tasks such as generating and validating certificate chains. It can be used to easily create certificate chains on the fly for testing purposes.

See tests/test_gen_chain.rs and examples/tls-server.rs for detailed examples.

Server example (native-tls)

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let key_store = pki::util::create_easy_server_chain(HOSTNAME)?;
    let pkcs8 = key_store.to_pkcs8()?;

    let identity = Identity::from_pkcs8(&pkcs8, &pkcs8)?;
    let acceptor = TlsAcceptor::builder(identity).build()?;
    let server = TcpListener::bind(format!("{}:{}", HOSTNAME, PORT))?;
    for stream in server.incoming() {
        let mut stream = acceptor.accept(stream?)?;
    }
}

Client example (native-tls)

fn client(key_store: &KeyStore) -> Result<(), Box<dyn std::error::Error>> {
    let client = TcpStream::connect(format!("{}:{}", HOSTNAME, PORT))?;
    let connector = TlsConnector::builder()
        .add_root_certificate(Certificate::from_der(
            &key_store.certs().last().unwrap().to_der()?,
        )?)
        .build()?;
    let mut client = connector.connect(HOSTNAME, client)?;
}

License

Licensed under MIT or Apache license (LICENSE-MIT or LICENSE-APACHE)

Dependencies

~1.9–3MB
~71K SLoC