- Rust 100%
| Filename | Latest commit message | Latest commit date |
|---|---|---|
bb3c1da0e6
Some checks failed
rustls / Check semver compatibility (push) Has been cancelled
rustls / Validate external types appearing in public API (push) Has been cancelled
rustls / Build + test (push) Has been cancelled
rustls / Build + test-1 (push) Has been cancelled
rustls / Build + test-2 (push) Has been cancelled
rustls / Build + test-3 (push) Has been cancelled
rustls / Smoke-test fuzzing targets (push) Has been cancelled
rustls / Build + test-4 (push) Has been cancelled
rustls / Build wasm32 (push) Has been cancelled
rustls / msrv (macos-latest) (push) Has been cancelled
rustls / msrv (ubuntu-latest) (push) Has been cancelled
rustls / msrv (windows-latest) (push) Has been cancelled
rustls / Format (push) Has been cancelled
rustls / Clippy (push) Has been cancelled
rustls / Check side-channels on base64 decoder (push) Has been cancelled
rustls / audit (push) Has been cancelled
rustls / package (push) Has been cancelled
|
||
| .github/workflows | ||
| fuzz | ||
| src | ||
| tests | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| deny.toml | ||
| LICENSE-APACHE | ||
| LICENSE-MIT | ||
| README.md | ||
| rustfmt.toml | ||
rustls-pki-types
This crate provides types for representing X.509 certificates, keys and other types as commonly used in the rustls ecosystem. It is intended to be used by crates that need to work with such X.509 types, such as rustls, rustls-webpki, and others.
Some of these crates used to define their own trivial wrappers around DER-encoded bytes. However, in order to avoid inconvenient dependency edges, these were all disconnected. By using a common low-level crate of types with long-term stable API, we hope to avoid the downsides of unnecessary dependency edges while providing interoperability between crates.
Features
- Interoperability between different crates in the rustls ecosystem
- Long-term stable API
- No dependencies
- Support for
no_stdcontexts, with optional support foralloc
DER and PEM
Many of the types defined in this crate represent DER-encoded data. DER is a binary encoding of the ASN.1 format commonly used in web PKI specifications. It is a binary encoding, so it is relatively compact when stored in memory. However, as a binary format, it is not very easy to work with for humans and in contexts where binary data is inconvenient. For this reason, many tools and protocols use a ASCII-based encoding of DER, called PEM. In addition to the base64-encoded DER, PEM objects are delimited by header and footer lines which indicate the type of object contained in the PEM blob.
This crate's types can be created from both DER and PEM encodings.
Creating new certificates and keys
This crate does not provide any functionality for creating new certificates or keys. However, the rcgen crate can be used to create new certificates and keys.
Cloning private keys
This crate intentionally does not implement Clone on private key types in
order to minimize the exposure of private key data in memory.
If you want to extend the lifetime of a PrivateKeyDer<'_>, consider PrivateKeyDer::clone_key().
Alternatively since these types are immutable, consider wrapping the PrivateKeyDer<'_> in a Rc
or an Arc.