Lib.rs

CryptographyRustls
#rustls #tls #windows #private-key #cng

rustls-cng

Windows CNG API bridge for rustls

by Dmitry Pankratov

10 unstable releases (4 breaking)

0.5.0 Mar 7, 2024
0.4.0 Dec 2, 2023
0.3.3 Jul 21, 2023
0.3.2 May 1, 2023
0.1.3 Jun 13, 2022

#1064 in Cryptography

Download history 4/week @ 2023-12-22 3/week @ 2023-12-29 31/week @ 2024-01-05 91/week @ 2024-01-12 125/week @ 2024-01-19 131/week @ 2024-01-26 86/week @ 2024-02-02 103/week @ 2024-02-09 129/week @ 2024-02-16 132/week @ 2024-02-23 246/week @ 2024-03-01 366/week @ 2024-03-08 232/week @ 2024-03-15 31/week @ 2024-03-22 117/week @ 2024-03-29 71/week @ 2024-04-05

501 downloads per month

MIT/Apache

28KB
656 lines

Windows CNG bridge for rustls

This crate allows you to use the Windows CNG private keys together with rustls for both the client and server sides of the TLS channel.

Rationale: In many situations, it is required to use non-exportable private certificate chains from the Windows certificate store instead of the external PKCS8 file. rustls-cng can use such chains in the rustls context.

Supported key/certificate types: RSA, ECDSA/ECDH. Supported elliptic curves: secp256r1 (prime256v1), secp384r1.

Documentation

Documentation is available here.

Usage

The central struct to use in rustls-cng is CngSigningKey, which can be constructed from the low-level NCryptKey handle. The instance of CngSigningKey can then be used in rustls in the custom ResolvesServerCert or ResolvesClientCert implementation.

See the examples directory for usage examples.

License

Licensed under the MIT or Apache licenses (LICENSE-MIT or LICENSE-APACHE)

Dependencies

~22–45MB
~1M SLoC