#x509 #cryptography #pki


X.509 certificate parser and utility functionality

14 breaking releases

Uses new Rust 2021

0.15.0 Sep 17, 2022
0.13.0 Apr 25, 2022
0.11.0 Mar 28, 2022
0.5.0 Dec 13, 2021
0.2.0 May 6, 2021

#81 in Cryptography

Download history 742/week @ 2022-08-17 1571/week @ 2022-08-24 1035/week @ 2022-08-31 987/week @ 2022-09-07 2015/week @ 2022-09-14 1909/week @ 2022-09-21 2094/week @ 2022-09-28 1815/week @ 2022-10-05 1688/week @ 2022-10-12 1655/week @ 2022-10-19 1684/week @ 2022-10-26 3179/week @ 2022-11-02 2356/week @ 2022-11-09 2279/week @ 2022-11-16 1711/week @ 2022-11-23 2075/week @ 2022-11-30

9,381 downloads per month
Used in 15 crates (11 directly)

MPL-2.0 license



x509-certificate is a library crate for interfacing with X.509 certificates. It supports the following:

  • Parsing certificates from BER, DER, and PEM.
  • Serializing certificates to BER, DER, and PEM.
  • Defining common algorithm identifiers.
  • Generating new certificates.
  • Verifying signatures on certificates.
  • And more.

This crate has not undergone a security audit. It does not employ many protections for malformed data when parsing certificates. Use at your own risk. See additional notes in src/lib.rs.

x509-certificate is part of the PyOxidizer project and this crate is developed in that repository.


The root of the repository is a Cargo workspace and has a lot of members. The dependency tree for the entire repo is massive and cargo build likely will fail due to Python dependency weirdness.

For best results, cd x509-certificate and run commands there. Or cargo build -p x509-certificate, cargo test -p x509-certificate, etc.

This crate is used throughout this repository. If you want to build/run the workspace, try cargo build --workspace --exclude oxidized-importer --exclude pyembed to exclude the crates most often causing build troubles. The pyoxidizer and tugger crates have an expensive test harness and dependency tree and can also be excluded.

Generally, the following crates are sensitive to changes in this one:

  • cryptographic-message-syntax
  • apple-codesign
  • tugger-code-signing
  • tugger-windows-codesign

If build + tests pass on these crates, there's a good chance the entire workspace is happy.


~234K SLoC