runar_keys/lib.rs
1//! Runar Keys Fix - Production-Ready Certificate System
2//!
3//! A robust, standards-compliant certificate management system for the Runar network.
4//! This implementation replaces the existing custom certificate system with proper
5//! X.509 certificates and a unified ECDSA P-256 cryptographic foundation.
6//!
7//! ## Key Features
8//!
9//! - **Standard X.509 Certificates**: Full compliance with PKI standards
10//! - **Unified Cryptography**: Single ECDSA P-256 algorithm throughout
11//! - **Proper CA Hierarchy**: Mobile CA signs all node certificates
12//! - **QUIC Compatibility**: Certificates work seamlessly with QUIC transport
13//! - **Production Quality**: Comprehensive validation and error handling
14//!
15//! ## Architecture
16//!
17//! ```text
18//! Mobile User CA (Self-signed root)
19//! └── Node TLS Certificate (signed by Mobile CA)
20//! └── Used for all QUIC/TLS operations
21//! ```
22
23pub mod certificate;
24pub mod derivation;
25pub mod error;
26pub mod mobile;
27pub mod node;
28#[macro_use]
29mod macros;
30
31// Re-export key types for convenience
32pub use certificate::{CertificateAuthority, CertificateValidator, X509Certificate};
33pub use error::{KeyError, Result};
34pub use mobile::MobileKeyManager;
35pub use node::NodeKeyManager;
36// expose profile public key registration convenience re-export
37
38// ---------------------------------------------------------------------------
39// Common envelope crypto abstraction (shared with serializer)
40// ---------------------------------------------------------------------------
41use crate::mobile::EnvelopeEncryptedData;
42
43/// High-level envelope encryption / decryption used by higher layers.
44pub trait EnvelopeCrypto: Send + Sync {
45 fn encrypt_with_envelope(
46 &self,
47 data: &[u8],
48 network_id: Option<&str>,
49 profile_public_keys: Vec<Vec<u8>>,
50 ) -> Result<EnvelopeEncryptedData>;
51
52 fn decrypt_envelope_data(&self, env: &EnvelopeEncryptedData) -> Result<Vec<u8>>;
53}