Crate simple_x509[][src]

Expand description

Overview

This is a simple library for creating and parsing X509 certificates.

A Library featuring:

  • Build X509 certificates
  • Encode certificates to DER format
  • Signing with external crypto function
  • Decoding of X509 certificates from DER format
  • Verifying with external crypto function
  • Encoding/decoding operations for frequently using extensions

Usage

Add this to your Cargo.toml:

[dependencies]
simple_x509 = "0.2.0"

Simple X509

Create and verify self-signed CA certificate

use simple_x509::*;

fn sign_fn(data: &Vec<u8>, sign_key: &Vec<u8>) -> Option<Vec<u8>> {

    // Signing implementation ...

    Some(Vec::new())
}

fn verify_fn(pub_key: &Vec<u8>, data: &Vec<u8>, sign: &Vec<u8>) -> Option<bool> {

    // Verify implementation ...

    Some(true)
}

fn main() {
    let country = "AU";
    let state = "Some-State";
    let organization = "Internet Widgits Pty Ltd";

    // Load Public Key
    let pub_key = std::fs::read("rsa_pub.der").unwrap();

    // Build X509 structure
    let x = X509Builder::new(vec![0xf2, 0xf9, 0xd8, 0x03, 0xd7, 0xb7, 0xd7, 0x34]) /* SerialNumber */
        .version(2)
        .issuer_prstr(vec![2, 5, 4, 6], country) /* countryName */
        .issuer_utf8(vec![2, 5, 4, 8], state) /* stateOrProvinceName */
        .issuer_utf8(vec![2, 5, 4, 10], organization) /* organizationName */
        .subject_prstr(vec![2, 5, 4, 6], country) /* countryName */
        .subject_utf8(vec![2, 5, 4, 8], state) /* stateOrProvinceName */
        .subject_utf8(vec![2, 5, 4, 10], organization) /* organizationName */
        .not_before_utc(1_619_014_703)
        .not_after_utc(1_650_550_703)
        .pub_key_der(&pub_key)
        .sign_oid(vec![1, 2, 840, 113549, 1, 1, 11]) /* sha256WithRSAEncryption (PKCS #1) */
        .build();

    // Load Signing Key
    let sign_key = std::fs::read("rsa.pkcs8").unwrap();

    // Signing a certificate with external function
    let cert = x.sign(sign_fn, &sign_key).unwrap_or_else(|| panic!("Signing failed"));

    // Encode to DER format
    let der = cert.x509_enc().unwrap_or_else(|| panic!("x509_enc() failed"));

    // Decode
    let x2 = der.x509_dec().unwrap_or_else(|| panic!("Failed to deserialize"));

    // Getting Public Key in DER format from certificate
    let pub_key2 = x2.pub_key().unwrap_or_else(|| panic!("Failed to get Public Key"));

    // Verify signature with external function
    let res = x2.verify(verify_fn, &pub_key2);
}

Re-exports

pub use ext::*;
pub use x509::*;

Modules

ext
x509