13 releases
new 0.5.3 | Dec 10, 2024 |
---|---|
0.5.1 | Oct 13, 2024 |
0.5.0 | Mar 7, 2024 |
0.4.0 | Dec 2, 2023 |
0.3.0 | Jul 24, 2022 |
#1117 in Cryptography
854 downloads per month
31KB
701 lines
Windows CNG bridge for rustls
This crate allows you to use the Windows CNG private keys together with rustls for both the client and server sides of the TLS channel.
Rationale: In many situations, it is required to use non-exportable private certificate chains
from the Windows certificate store instead of the external PKCS8 file.
rustls-cng
can use such chains in the rustls
context.
Supported key/certificate types: RSA, ECDSA/ECDH. Supported elliptic curves: secp256r1 (prime256v1), secp384r1.
Usage
The central struct to use in rustls-cng
is CngSigningKey
, which can be constructed
from the low-level NCryptKey
handle. The instance of CngSigningKey
can then be
used in rustls
in the custom ResolvesServerCert
or ResolvesClientCert
implementation.
See the examples
directory for usage examples.
License
Licensed under the MIT or Apache licenses (LICENSE-MIT or LICENSE-APACHE)
Dependencies
~79MB
~2M SLoC