rustls-cng 0.7.0

Windows CNG API bridge for rustls
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

# Windows CNG bridge for rustls

[![github actions](https://github.com/ancwrd1/rustls-cng/workflows/CI/badge.svg)](https://github.com/rustls/rustls-cng/actions)
[![crates](https://img.shields.io/crates/v/rustls-cng.svg)](https://crates.io/crates/rustls-cng)
[![license](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
[![license](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![docs.rs](https://docs.rs/rustls-cng/badge.svg)](https://docs.rs/rustls-cng)

This crate allows you to use the Windows CNG private keys together with [rustls](https://docs.rs/rustls/latest/rustls)
 for both the client and server sides of the TLS channel.

Rationale: In many situations, it is required to use non-exportable private certificate chains
 from the Windows certificate store instead of the external PKCS8 file.
 `rustls-cng` can use such chains in the `rustls` context.

Supported key/certificate types: **RSA**, **ECDSA/ECDH**. Supported elliptic curves: secp256r1 (prime256v1), secp384r1.

[Documentation](https://docs.rs/rustls-cng).

## Usage

The central struct to use in `rustls-cng` is `CngSigningKey`, which can be constructed
 from the low-level `NCryptKey` handle. The instance of `CngSigningKey` can then be
 used in `rustls` in the custom `ResolvesServerCert` or `ResolvesClientCert` implementation.

See the `examples` directory for usage examples.

## License

Licensed under the MIT or Apache licenses ([LICENSE-MIT](https://opensource.org/licenses/MIT) or [LICENSE-APACHE](https://opensource.org/licenses/Apache-2.0))