smime-tree 0.3.1

S/MIME sign/verify/encrypt/decrypt via key traits
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

//! S/MIME sign, verify, encrypt, and decrypt via caller-provided key traits.
//!
//! # Quick start
//!
//! ```rust,ignore
//! use smime_tree::{sign, verify, encrypt, decrypt};
//! use smime_tree::{SigningKey, DecryptionKey, NoRevocationCheck};
//! use x509_cert::Certificate;
//! use std::time::SystemTime;
//!
//! // Sign a MIME body part.
//! // key implements SigningKey; returns multipart/signed bytes.
//! let signed = sign(content_mime, &[&key], SystemTime::now()).expect("sign failed");
//!
//! // Verify a multipart/signed message.
//! // signed_content: exact bytes of the signed part (from mime-tree byte ranges).
//! // signature_der: DER of the application/pkcs7-signature part (base64-decoded).
//! let result = verify(&signed_content, &signature_der, &trust_anchors,
//!                     SystemTime::now(), &NoRevocationCheck)
//!     .expect("verify failed");
//! assert!(result.is_verified());
//!
//! // Encrypt a MIME body part to one or more recipient certificates.
//! let encrypted = encrypt(inner_mime, &recipient_certs).expect("encrypt failed");
//!
//! // Decrypt an enveloped-data blob.
//! // key implements DecryptionKey; returns inner plaintext bytes.
//! let plaintext = decrypt(&enveloped_der, &key).expect("decrypt failed");
//! ```
//!
//! # Design
//!
//! - **Trait-based keys**: [`SigningKey`] and [`DecryptionKey`] abstract over key
//!   location — in-memory, HSM, or hardware token — without the crate needing to
//!   know the difference.
//! - **No network calls**: certificate chain validation uses a trust store supplied
//!   by the caller.  [`RevocationChecker`] is an injected trait; use
//!   [`NoRevocationCheck`] to skip OCSP/CRL.
//! - **No async**: all operations are synchronous.
//! - **Supported algorithms**:
//!   - Sign/verify: RSA PKCS#1 v1.5 (SHA-256/384/512); ECDSA P-256 (SHA-256 only), P-384 (SHA-384 only). P-521 is not supported.
//!   - Encrypt/decrypt: AES-128-CBC (RSA/P-256 recipients), AES-256-CBC (P-384 recipients).
//!   - Key transport: RSA PKCS#1 v1.5 (`KeyTransRecipientInfo`).
//!   - Key agreement: ECDH P-256 + AES-128-KW, ECDH P-384 + AES-256-KW (`KeyAgreeRecipientInfo`).
//!
//! # Known Limitations
//!
//! **Certificate chain validation** (via `pkix-chain`) only verifies CA signatures using
//! RSA-PKCS1v15-SHA256 and ECDSA-P256-SHA256. Chains through P-384 or other algorithm
//! intermediate CAs will fail with [`CertChainError::SignatureVerification`]. This affects
//! many real-world certificate hierarchies.
//!
//! * **RSA key transport uses PKCS#1 v1.5** (`ktri`), not RSAES-OAEP. PKCS#1 v1.5 is
//!   deprecated by RFC 8017 in favour of OAEP and is susceptible to Bleichenbacher
//!   padding oracle attacks in interactive decryption scenarios.

mod cert;
mod decrypt;
mod encrypt;
mod error;
mod key;
mod sig_verify;
mod sign;
mod verify;

pub use decrypt::decrypt;
pub use encrypt::encrypt;
pub use error::{CertChainError, SignerResult, SmimeError, VerificationResult};
pub use key::{
    DecryptionKey, DigestAlgorithm, EcCurve, KariAlgorithm, KariKeyAgreement,
    KeyEncryptionAlgorithm, KeyWrapAlgorithm, NoRevocationCheck, RecipientIdentifier,
    RevocationChecker, SigningKey,
};
pub use sign::sign;
pub use verify::verify;