#x509 #cryptography #pki


X.509 certificate parser and utility functionality

4 releases (breaking)

Uses new Rust 2021

0.4.0 Oct 25, 2021
0.3.0 Aug 8, 2021
0.2.0 May 6, 2021
0.1.0 Apr 30, 2021

#132 in Cryptography

Download history 465/week @ 2021-08-10 432/week @ 2021-08-17 90/week @ 2021-08-24 66/week @ 2021-08-31 96/week @ 2021-09-07 80/week @ 2021-09-14 156/week @ 2021-09-21 130/week @ 2021-09-28 139/week @ 2021-10-05 159/week @ 2021-10-12 235/week @ 2021-10-19 333/week @ 2021-10-26 143/week @ 2021-11-02 257/week @ 2021-11-09 331/week @ 2021-11-16 127/week @ 2021-11-23

887 downloads per month
Used in 7 crates (6 directly)

MPL-2.0 license



x509-certificate is a library crate for interfacing with X.509 certificates. It supports the following:

  • Parsing certificates from BER, DER, and PEM.
  • Serializing certificates to BER, DER, and PEM.
  • Defining common algorithm identifiers.
  • Generating new certificates.
  • Verifying signatures on certificates.
  • And more.

This crate has not undergone a security audit. It does not employ many protections for malformed data when parsing certificates. Use at your own risk. See additional notes in src/lib.rs.

x509-certificate is part of the PyOxidizer project and this crate is developed in that repository.


The root of the repository is a Cargo workspace and has a lot of members. The dependency tree for the entire repo is massive and cargo build likely will fail due to Python dependency weirdness.

For best results, cd x509-certificate and run commands there. Or cargo build -p x509-certificate, cargo test -p x509-certificate, etc.

This crate is used throughout this repository. If you want to build/run the workspace, try cargo build --workspace --exclude oxidized-importer --exclude pyembed to exclude the crates most often causing build troubles. The pyoxidizer and tugger crates have an expensive test harness and dependency tree and can also be excluded.

Generally, the following crates are sensitive to changes in this one:

  • cryptographic-message-syntax
  • tugger-apple-codesign
  • tugger-code-signing
  • tugger-windows-codesign

If build + tests pass on these crates, there's a good chance the entire workspace is happy.


~260K SLoC