12 releases
0.1.11 | Jun 22, 2023 |
---|---|
0.1.10 | Apr 7, 2023 |
0.1.9 | Mar 30, 2023 |
0.1.4 | Feb 28, 2023 |
#1500 in Cryptography
Used in 3 crates
110KB
1.5K
SLoC
trifid-pki
trifid-pki is a crate for interacting with the Nebula PKI system. It was created to prevent the need to make constant CLI calls for signing operations in Nebula. Is is designed to be interoperable with the original Go implementation and as such has some oddities with key management to ensure compatability.
This crate has not received any formal security audits, however the underlying crates used for actual cryptographic operations (ed25519-dalek and curve25519-dalek) have been audited, finding no major issues.
Examples
See the documentation for examples.
lib.rs
:
trifid-pki
trifid-pki is a crate for interacting with the Nebula PKI system. It was created to prevent the need to make constant CLI calls for signing operations in Nebula. It is designed to be interoperable with the original Go implementation and as such has some oddities with key management to ensure compatability.
This crate has not received any formal security audits, however the underlying crates used for actual cryptographic operations (ed25519-dalek and curve25519-dalek) have been audited with no major issues.
Examples
Load a certificate from PEM
use trifid_pki::cert::deserialize_nebula_certificate_from_pem;
let cert_bytes = b"-----BEGIN NEBULA CERTIFICATE-----
CmUKCGNvcmUtdHdyEgmBhMRQgID4/w8orp+/nAYwlIXEqwY6IDBOYnnYci8P2Nlm
+qcK2u7AjEZJ1IZFe7A4viQ3U6dHSiBWhg3tPRS387d8oqBi7l1oPdBrNfh0RtjW
p+kjtqd4PRJA611raI7aDTbpJSGcCY/yeZ5CIHoJP32bfYdYI8oFsuDTp0ndL8nO
yBHtmihl1xxNU8/f0b9+bVBYvZ7NOI3fDQ==
-----END NEBULA CERTIFICATE-----";
let cert = deserialize_nebula_certificate_from_pem(cert_bytes).unwrap();
println!("{}", cert);
// NebulaCertificate {
// Details {
// Name: core-twr
// Ips: [10.17.2.1/15]
// Subnets: []
// Gruops: []
// Not before: SystemTime { tv_sec: 1670369198, tv_nsec: 0 }
// Not after: SystemTime { tv_sec: 1701905044, tv_nsec: 0 }
// Is CA: false
// Issuer: 56860ded3d14b7f3b77ca2a062ee5d683dd06b35f87446d8d6a7e923b6a7783d
// Public key: 304e6279d8722f0fd8d966faa70adaeec08c4649d486457bb038be243753a747
// }
// Fingerprint: c1a723acf8a1c8a438eb1f8efb756eb9e1a3c529d5b93cd143d282ca87e549b4
// Signature: eb5d6b688eda0d36e925219c098ff2799e42207a093f7d9b7d875823ca05b2e0d3a749dd2fc9cec811ed9a2865d71c4d53cfdfd1bf7e6d5058bd9ecd388ddf0d
// }
Dependencies
~3.5–5MB
~103K SLoC