Expand description
X.509 certificate parsing, minimal issuance helpers, PEM/DER bridging, and chain validation for NoxTLS.
The crate re-exports a flat API from the crate root: Certificate parsing, RSA/EC/X25519/X448 key
material helpers, optional strict chain validation, and small DER writers used by tests and tooling.
Structs§
- Certificate
- Captures parsed certificate fields needed for PKI and TLS flows.
- DerNode
- Represents a parsed DER TLV node body with its ASN.1 tag.
- Noxtls
Certificate Extensions - Common X.509 certificate extension inputs for noxtls certificate writers.
- Pkcs8
Private KeyInfo DerParts - Holds PKCS#8
PrivateKeyInfofields for noxtls_algorithm dispatch and key extraction. - RsaPrivate
KeyDer Parts - Holds core PKCS#1 RSA private-key fields needed by current consumers.
- RsaPublic
KeyDer Parts - Holds PKCS#1 RSA public-key modulus/exponent fields.
- Spki
Public KeyInfo DerParts - Holds SPKI fields for noxtls_algorithm dispatch and key extraction.
- Validation
Options - Controls optional policy and revocation-related path validation requirements.
- Validation
Report - Summarizes key properties of a validated certificate chain.
Enums§
- Noxtls
Certificate Public Key - Public keys supported by noxtls certificate and CSR writers.
- Noxtls
Certificate Signer - Signing keys supported by noxtls certificate and CSR writers.
- Validation
Error - Describes why certificate path validation failed.
Constants§
- NOXTLS_
X509_ KEY_ USAGE_ CONTENT_ COMMITMENT - KeyUsage bit for
contentCommitment/ nonRepudiation. - NOXTLS_
X509_ KEY_ USAGE_ CRL_ SIGN - KeyUsage bit for
cRLSign. - NOXTLS_
X509_ KEY_ USAGE_ DATA_ ENCIPHERMENT - KeyUsage bit for
dataEncipherment. - NOXTLS_
X509_ KEY_ USAGE_ DIGITAL_ SIGNATURE - KeyUsage bit for
digitalSignature. - NOXTLS_
X509_ KEY_ USAGE_ KEY_ AGREEMENT - KeyUsage bit for
keyAgreement. - NOXTLS_
X509_ KEY_ USAGE_ KEY_ CERT_ SIGN - KeyUsage bit for
keyCertSign. - NOXTLS_
X509_ KEY_ USAGE_ KEY_ ENCIPHERMENT - KeyUsage bit for
keyEncipherment.
Functions§
- noxtls_
certificate_ chain_ pem_ to_ der_ blocks - Parses all PEM
CERTIFICATEblocks into DER bytes. - noxtls_
certificate_ der_ to_ pem - Converts certificate DER bytes into PEM
CERTIFICATEarmor. - noxtls_
certificate_ matches_ hostname - Matches
hostnameagainst certificate DNS identities. - noxtls_
certificate_ pem_ to_ der - Parses one PEM
CERTIFICATEblock into DER bytes. - noxtls_
der_ to_ file - Writes raw DER bytes to a file path.
- noxtls_
der_ to_ pem - Converts DER bytes into PEM armor with caller-provided label.
- noxtls_
der_ to_ pem_ file - Encodes DER as PEM and writes it to a file path.
- noxtls_
ec_ private_ key_ der_ to_ pem_ sec1 - Converts SEC1 EC private-key DER bytes into PEM armor.
- noxtls_
ec_ private_ key_ pem_ to_ der_ sec1 - Parses one PEM SEC1 EC private-key block into DER bytes.
- noxtls_
ed25519_ private_ key_ from_ pem_ file_ pkcs8 - Reads one PKCS#8
PRIVATE KEYPEM file and parses it asEd25519PrivateKey. - noxtls_
ed25519_ private_ key_ from_ pem_ pkcs8 - Builds
Ed25519PrivateKeyfrom PEM PKCS#8PRIVATE KEYtext. - noxtls_
ed25519_ private_ key_ from_ pkcs8_ der - Builds
Ed25519PrivateKeyfrom PKCS#8 DER bytes for RFC 8410 Ed25519 keys. - noxtls_
ed25519_ private_ key_ to_ pem_ file_ pkcs8 - Encodes
Ed25519PrivateKeyas PKCS#8 PEM and writes it to a file. - noxtls_
ed25519_ private_ key_ to_ pem_ pkcs8 - Serializes
Ed25519PrivateKeyinto PEM PKCS#8PRIVATE KEY. - noxtls_
ed25519_ private_ key_ to_ pkcs8_ der - Serializes
Ed25519PrivateKeyinto PKCS#8 DER (id-Ed25519). - noxtls_
ed25519_ public_ key_ from_ pem_ spki - Builds
Ed25519PublicKeyfrom PEM SPKIPUBLIC KEYtext. - noxtls_
ed25519_ public_ key_ from_ spki_ der - Builds
Ed25519PublicKeyfrom DER SPKI bytes for RFC 8410 Ed25519 keys. - noxtls_
ed25519_ public_ key_ to_ pem_ spki - Serializes
Ed25519PublicKeyinto PEM SPKIPUBLIC KEY. - noxtls_
ed25519_ public_ key_ to_ spki_ der - Serializes
Ed25519PublicKeyinto SPKI DER (RFC 8410id-Ed25519). - noxtls_
mldsa_ public_ key_ from_ spki_ der - Builds
MlDsaPublicKeyfrom DER SPKI bytes for experimental ML-DSA keys. - noxtls_
mldsa_ public_ key_ to_ pem_ spki - Serializes
MlDsaPublicKeyinto PEM SPKIPUBLIC KEY. - noxtls_
mldsa_ public_ key_ to_ spki_ der - Serializes
MlDsaPublicKeyinto SPKI DER using the noxtls ML-DSA-65 OID. - noxtls_
p256_ private_ key_ from_ pem_ file_ pkcs8 - Reads one PKCS#8
PRIVATE KEYPEM file and parses it asP256PrivateKey. - noxtls_
p256_ private_ key_ from_ pem_ pkcs8 - Builds
P256PrivateKeyfrom PEM PKCS#8PRIVATE KEYtext. - noxtls_
p256_ private_ key_ from_ pem_ sec1 - Builds
P256PrivateKeyfrom PEM SEC1EC PRIVATE KEYtext. - noxtls_
p256_ private_ key_ from_ pkcs8_ der - Builds
P256PrivateKeyfrom PKCS#8 DER bytes forid-ecPublicKey+prime256v1. - noxtls_
p256_ private_ key_ from_ sec1_ der - Builds
P256PrivateKeyfrom SEC1 ECPrivateKey DER bytes. - noxtls_
p256_ private_ key_ to_ pem_ file_ pkcs8 - Encodes
P256PrivateKeyas PKCS#8 PEM and writes it to a file. - noxtls_
p256_ private_ key_ to_ pem_ pkcs8 - Serializes
P256PrivateKeyinto PEM PKCS#8PRIVATE KEY. - noxtls_
p256_ private_ key_ to_ pkcs8_ der - Serializes
P256PrivateKeyinto PKCS#8 DER (id-ecPublicKey+prime256v1). - noxtls_
p256_ public_ key_ from_ pem_ spki - Builds
P256PublicKeyfrom PEM SPKIPUBLIC KEYtext. - noxtls_
p256_ public_ key_ from_ spki_ der - Builds
P256PublicKeyfrom DER SPKI bytes forid-ecPublicKey+prime256v1. - noxtls_
p256_ public_ key_ to_ pem_ spki - Serializes
P256PublicKeyinto PEM SPKIPUBLIC KEY. - noxtls_
p256_ public_ key_ to_ spki_ der - Serializes
P256PublicKeyinto SPKI DER (id-ecPublicKey+prime256v1). - noxtls_
p384_ private_ key_ from_ pem_ pkcs8 - Builds
P384PrivateKeyfrom PEM PKCS#8PRIVATE KEYtext. - noxtls_
p384_ private_ key_ from_ pem_ sec1 - Builds
P384PrivateKeyfrom PEM SEC1EC PRIVATE KEYtext. - noxtls_
p384_ private_ key_ from_ pkcs8_ der - Builds
P384PrivateKeyfrom PKCS#8 DER bytes forid-ecPublicKey+secp384r1. - noxtls_
p384_ private_ key_ from_ sec1_ der - Builds
P384PrivateKeyfrom SEC1 ECPrivateKey DER bytes. - noxtls_
p384_ public_ key_ to_ pem_ spki - Serializes
P384PublicKeyinto PEM SPKIPUBLIC KEY. - noxtls_
p384_ public_ key_ to_ spki_ der - Serializes
P384PublicKeyinto SPKI DER (id-ecPublicKey+secp384r1). - noxtls_
p521_ private_ key_ from_ pem_ pkcs8 - Builds
NamedEcPrivateKeyfrom PEM PKCS#8PRIVATE KEYtext forsecp521r1. - noxtls_
p521_ private_ key_ from_ pem_ sec1 - Builds
NamedEcPrivateKeyfrom PEM SEC1EC PRIVATE KEYtext forsecp521r1. - noxtls_
p521_ private_ key_ from_ pkcs8_ der - Builds
NamedEcPrivateKeyfrom PKCS#8 DER bytes forid-ecPublicKey+secp521r1. - noxtls_
p521_ private_ key_ from_ sec1_ der - Builds
NamedEcPrivateKeyfrom SEC1 ECPrivateKey DER bytes forsecp521r1. - noxtls_
parse_ certificate - Parses a top-level DER certificate sequence and extracts core fields.
- noxtls_
parse_ der_ length - Parses DER length octets and returns
(content_length, length_octet_count). - noxtls_
parse_ der_ node - Parses one DER node from input and returns the node plus remaining bytes.
- noxtls_
parse_ ecdsa_ p384_ signature_ der - Parses DER-encoded ECDSA signature
SEQUENCE { INTEGER r; INTEGER s }into 48-byte scalars. - noxtls_
parse_ ecdsa_ signature_ der - Parses DER-encoded ECDSA signature
SEQUENCE { INTEGER r; INTEGER s }into 32-byte scalars. - noxtls_
parse_ pkcs1_ rsa_ private_ key_ der - Parses PKCS#1 RSAPrivateKey DER and returns key field parts.
- noxtls_
parse_ pkcs1_ rsa_ public_ key_ der - Parses PKCS#1 RSAPublicKey DER and returns modulus/exponent fields.
- noxtls_
parse_ pkcs8_ private_ key_ info_ der - Parses PKCS#8 PrivateKeyInfo DER and extracts noxtls_algorithm OID and key octets.
- noxtls_
parse_ spki_ public_ key_ info_ der - Parses SubjectPublicKeyInfo DER and extracts noxtls_algorithm OID and key bit-string bytes.
- noxtls_
pem_ file_ to_ der - Reads one PEM block from file and decodes DER payload for
label. - noxtls_
pem_ file_ to_ der_ blocks - Reads all matching PEM blocks from file and decodes DER payloads for
label. - noxtls_
pem_ to_ der - Parses PEM armor into DER bytes and verifies expected label markers.
- noxtls_
pem_ to_ der_ blocks - Parses all PEM blocks matching
labelinto DER payload bytes. - noxtls_
private_ key_ der_ to_ pem_ pkcs8 - Converts PKCS#8 private-key DER bytes into PEM armor.
- noxtls_
private_ key_ pem_ to_ der_ pkcs8 - Parses one PEM PKCS#8 private-key block into DER bytes.
- noxtls_
public_ key_ der_ to_ pem_ spki - Converts SubjectPublicKeyInfo DER bytes into PEM armor.
- noxtls_
public_ key_ pem_ to_ der_ spki - Parses one PEM SPKI public-key block into DER bytes.
- noxtls_
rsa_ private_ key_ der_ to_ pem_ pkcs1 - Converts PKCS#1 RSA private-key DER bytes into PEM armor.
- noxtls_
rsa_ private_ key_ from_ pem_ pkcs1 - Builds
RsaPrivateKeyfrom PEM PKCS#1RSA PRIVATE KEYtext. - noxtls_
rsa_ private_ key_ from_ pem_ pkcs8 - Builds
RsaPrivateKeyfrom PEM PKCS#8PRIVATE KEYtext. - noxtls_
rsa_ private_ key_ from_ pkcs1_ der - Builds
RsaPrivateKeyfrom PKCS#1 DER bytes. - noxtls_
rsa_ private_ key_ from_ pkcs8_ der - Builds
RsaPrivateKeyfrom PKCS#8 DER bytes for RSA keys. - noxtls_
rsa_ private_ key_ pem_ to_ der_ pkcs1 - Parses one PEM PKCS#1 RSA private-key block into DER bytes.
- noxtls_
rsa_ pss_ private_ key_ from_ pem_ pkcs8 - Builds
RsaPrivateKeyfrom PEM PKCS#8PRIVATE KEYtext for RSASSA-PSS keys. - noxtls_
rsa_ pss_ private_ key_ from_ pkcs8_ der - Builds
RsaPrivateKeyfrom PKCS#8 DER bytes for RSASSA-PSS keys. - noxtls_
rsa_ public_ key_ der_ to_ pem_ pkcs1 - Converts PKCS#1 RSA public-key DER bytes into PEM armor.
- noxtls_
rsa_ public_ key_ from_ pem_ pkcs1 - Builds
RsaPublicKeyfrom PEM PKCS#1RSA PUBLIC KEYtext. - noxtls_
rsa_ public_ key_ from_ pem_ spki - Builds
RsaPublicKeyfrom PEM SPKIPUBLIC KEYtext. - noxtls_
rsa_ public_ key_ from_ pkcs1_ der - Builds
RsaPublicKeyfrom PKCS#1 DER bytes. - noxtls_
rsa_ public_ key_ from_ spki_ der - Builds
RsaPublicKeyfrom DER SPKI bytes for RSA keys. - noxtls_
rsa_ public_ key_ pem_ to_ der_ pkcs1 - Parses one PEM PKCS#1 RSA public-key block into DER bytes.
- noxtls_
rsa_ public_ key_ to_ pem_ pkcs1 - Serializes
RsaPublicKeyinto PEM PKCS#1RSA PUBLIC KEY. - noxtls_
rsa_ public_ key_ to_ pem_ spki - Serializes
RsaPublicKeyinto PEM SPKIPUBLIC KEY. - noxtls_
rsa_ public_ key_ to_ spki_ der - Serializes
RsaPublicKeyinto SPKI DER usingrsaEncryptionOID. - noxtls_
validate_ certificate_ chain - Validates certificate chain with signature enforcement at each hop.
- noxtls_
validate_ certificate_ chain_ constraints_ only - Validates certificate path constraints without enforcing signature checks.
- noxtls_
validate_ certificate_ chain_ strict - Validates certificate chain with explicit strict-signature naming for callers.
- noxtls_
validate_ certificate_ chain_ with_ options - Validates certificate chain with caller-provided policy/revocation options.
- noxtls_
verify_ certificate_ signature - Verifies one certificate signature using issuer public key material.
- noxtls_
write_ ca_ issued_ certificate_ der - Writes a CA-issued X.509 v3 certificate using a supplied issuer signer and subject public key.
- noxtls_
write_ csr_ ed25519 - Writes a PKCS#10 CSR using Ed25519.
- noxtls_
write_ csr_ mldsa65 - Writes a PKCS#10 CSR using ML-DSA-65.
- noxtls_
write_ csr_ p256_ sha256 - Writes a PKCS#10 CSR using ECDSA P-256 SHA-256.
- noxtls_
write_ csr_ p384_ sha384 - Writes a PKCS#10 CSR using P-384 ECDSA with SHA-384.
- noxtls_
write_ csr_ rsa_ sha256 - Writes a PKCS#10 CSR using RSA PKCS#1 v1.5 SHA-256.
- noxtls_
write_ csr_ with_ extensions - Writes a PKCS#10 CSR with an optional extensionRequest attribute.
- noxtls_
write_ der_ bit_ string - Writes DER BIT STRING encoding with zero unused bits.
- noxtls_
write_ der_ integer - Writes DER INTEGER encoding for a positive integer value.
- noxtls_
write_ der_ oid - Writes DER OBJECT IDENTIFIER encoding from content octets.
- noxtls_
write_ der_ sequence - Writes DER SEQUENCE around already-encoded child elements.
- noxtls_
write_ minimal_ certificate_ der - Writes a minimal certificate-like DER structure for fixture generation workflows.
- noxtls_
write_ self_ signed_ certificate_ ed25519 - Writes a self-signed X.509 v3 certificate using Ed25519.
- noxtls_
write_ self_ signed_ certificate_ mldsa65 - Writes a self-signed X.509 v3 certificate using ML-DSA-65.
- noxtls_
write_ self_ signed_ certificate_ p256_ sha256 - Writes a self-signed X.509 v3 certificate using ECDSA P-256 SHA-256.
- noxtls_
write_ self_ signed_ certificate_ p384_ sha384 - Writes a self-signed X.509 v3 certificate using P-384 ECDSA with SHA-384.
- noxtls_
write_ self_ signed_ certificate_ rsa_ sha256 - Writes a self-signed X.509 v3 certificate using RSA PKCS#1 v1.5 SHA-256.
- noxtls_
write_ self_ signed_ certificate_ with_ extensions - Writes a self-signed X.509 v3 certificate with caller-specified supported extensions.
- noxtls_
x448_ private_ key_ from_ pem_ file_ pkcs8 - Reads one PKCS#8
PRIVATE KEYPEM file and parses it asX448PrivateKey. - noxtls_
x448_ private_ key_ from_ pem_ pkcs8 - Builds
X448PrivateKeyfrom PEM PKCS#8PRIVATE KEYtext. - noxtls_
x448_ private_ key_ from_ pkcs8_ der - Builds
X448PrivateKeyfrom PKCS#8 DER bytes for RFC 8410 X448 keys. - noxtls_
x448_ private_ key_ to_ pem_ file_ pkcs8 - Encodes
X448PrivateKeyas PKCS#8 PEM and writes it to a file. - noxtls_
x448_ private_ key_ to_ pem_ pkcs8 - Serializes
X448PrivateKeyinto PEM PKCS#8PRIVATE KEY. - noxtls_
x448_ private_ key_ to_ pkcs8_ der - Serializes
X448PrivateKeyinto PKCS#8 DER (id-X448). - noxtls_
x448_ public_ key_ from_ pem_ spki - Builds
X448PublicKeyfrom PEM SPKIPUBLIC KEYtext. - noxtls_
x448_ public_ key_ from_ spki_ der - Builds
X448PublicKeyfrom DER SPKI bytes for RFC 8410 X448 keys. - noxtls_
x448_ public_ key_ to_ pem_ spki - Serializes
X448PublicKeyinto PEM SPKIPUBLIC KEY. - noxtls_
x448_ public_ key_ to_ spki_ der - Serializes
X448PublicKeyinto SPKI DER (RFC 8410). - noxtls_
x25519_ private_ key_ from_ pem_ file_ pkcs8 - Reads one PKCS#8
PRIVATE KEYPEM file and parses it asX25519PrivateKey. - noxtls_
x25519_ private_ key_ from_ pem_ pkcs8 - Builds
X25519PrivateKeyfrom PEM PKCS#8PRIVATE KEYtext. - noxtls_
x25519_ private_ key_ from_ pkcs8_ der - Builds
X25519PrivateKeyfrom PKCS#8 DER bytes for RFC 8410 X25519 keys. - noxtls_
x25519_ private_ key_ to_ pem_ file_ pkcs8 - Encodes
X25519PrivateKeyas PKCS#8 PEM and writes it to a file. - noxtls_
x25519_ private_ key_ to_ pem_ pkcs8 - Serializes
X25519PrivateKeyinto PEM PKCS#8PRIVATE KEY. - noxtls_
x25519_ private_ key_ to_ pkcs8_ der - Serializes
X25519PrivateKeyinto PKCS#8 DER (id-X25519). - noxtls_
x25519_ public_ key_ from_ pem_ spki - Builds
X25519PublicKeyfrom PEM SPKIPUBLIC KEYtext. - noxtls_
x25519_ public_ key_ from_ spki_ der - Builds
X25519PublicKeyfrom DER SPKI bytes for RFC 8410 X25519 keys. - noxtls_
x25519_ public_ key_ to_ pem_ spki - Serializes
X25519PublicKeyinto PEM SPKIPUBLIC KEY. - noxtls_
x25519_ public_ key_ to_ spki_ der - Serializes
X25519PublicKeyinto SPKI DER (RFC 8410).