Crate p12_keystore

A convenient high-level library to work with PKCS#12/PFX keystores, written in pure Rust, modeled after Java KeyStore API.

This crate consists of a KeyStore struct which provides a set of functions to read and write PKCS#12 files and their contents. It supports single- or multi-keychain keystores and also so called ‘truststores’ (keystores with only root certificates and without private keys).

Each entry in the keystore is accessed by ‘alias’, which is a friendly name chosen when creating it.

All certificates must be encoded in X.509 format. Private keys must be encoded in PKCS#8.

Each private key contains a key material, a local key ID (unique byte or string sequence) and a list of certificates organized into chain. The first in the chain must be the entity certificate associated with the private key. The last must be the CA root certificate, with any intermediates in between.

Supported encryption schemes:

• EncryptionAlgorithm::PbeWithShaAnd3KeyTripleDesCbc - legacy encryption to support the existing stores
• EncryptionAlgorithm::PbeWithShaAnd40BitRc4Cbc - legacy encryption to support the existing stores
• EncryptionAlgorithm::PbeWithHmacSha256AndAes256 - the default encryption which should be used for new keystores

Supported MAC algorithms: MacAlgorithm::HmacSha1, MacAlgorithm::HmacSha256

Modules

• error
  Error enum definition

Structs

• Certificate
  X.509 certificate wrapper
• KeyStore
  KeyStore holds a dictionary of KeyStoreEntry instances indexed by aliases (names)
• Pkcs12Writer
  PKCS#12 writer
• PrivateKeyChain
  PrivateKeyChain represents a private key and a certificate chain

Enums

• EncryptionAlgorithm
  Encryption algorithm to use when creating the PKCS#12 file
• KeyStoreEntry
  KeyStoreEntry represents one entry in the keystore
• MacAlgorithm
  MAC algorithm to use when creating the PKCS#12 file

Type Aliases

• Result
  Result type for keystore operations