Crate pyrus_cert_store

Expand description

§Pyrus Cert Store

This crate’s main purpose is to provide a simple API for “secure” Cert storage. It is largely inspired by sequoia-cert-store.

§A note on security

This crate makes no security guarantees and its security goes as far as the author’s will to make his school project secure.

There were no and will not be any security audits of this crate and so use with caution.

§How it works?

The storage backend is rusqlite with crate feature bundled-sqlcipher-vendored-openssl enabled. This allows for encrypting the SQL database and keeps the secrets “secure”.

Certificates are stored as LazyCerts, which is basically a serialized (unparsed) certificate, a fingerprint, and a user id, which allows for filtering and listing the certificates without parsing them which is fallible.

§Examples

§Openning a store and saving a certificate

use pyrus_cert_store::{CertStore, LazyCert};

let my_cert: Cert = //..
let store = CertStore::open("certstore.db3")
    .with_passphrase(String::from("password123"), b"use a better password and salt")
    .connect()?;

store.insert(LazyCert::try_from(&my_cert)?)?;
let stored_cert: LazyCert = store.get(my_cert.fingerprint())?;
let stored_cert = stored_cert.to_cert()?;

assert_eq!(my_cert, stored_cert);

§Openning a store in memory and removing a saved certificate

use pyrus_cert_store::{CertStore, LazyCert};

let my_cert: Cert = //..
 
// passing "" as path opens the store in memory
let store = CertStore::open("")
    .with_passphrase(String::from("password123"), b"use a better password and salt")
    .connect()?;

store.insert(LazyCert::try_from(&my_cert)?)?;
store.remove(my_cert.fingerprint())?;
 
assert!(store.get(my_cert.fingerprint()).is_err());

§Openning an unencrypted store

Since encryption is done using an SQL pragma there is no way to prove that in tests.

use pyrus_cert_store::{CertStore, LazyCert};

 
// not configuring a passphrase assumes no encryption
let store = CertStore::open("").connect()?;

// dropping a store safely flushes all statements and saves it
// well this one is in memory so it will be simply dropped

Modules§

error: StoreError type and Result<T> type specialization.

Structs§

CertStore: A wrapper around an SQL connection to the certificate database.
CertStoreConn: A CertStore connection builder.
LazyCert: A lazy (unparsed) certificate.

Crate pyrus_cert_storeCopy item path