Lib.rs

CryptographyRustls
#rustls #tls #private-key #windows #cng

rustls-cng

Windows CNG API bridge for rustls

by Dmitry Pankratov

11 releases

new 0.5.1 Oct 13, 2024
0.5.0 Mar 7, 2024
0.4.0 Dec 2, 2023
0.3.3 Jul 21, 2023
0.1.3 Jun 13, 2022

#1352 in Cryptography

Download history 27/week @ 2024-06-28 58/week @ 2024-07-05 54/week @ 2024-07-12 93/week @ 2024-07-19 148/week @ 2024-07-26 64/week @ 2024-08-02 95/week @ 2024-08-09 98/week @ 2024-08-16 69/week @ 2024-08-23 68/week @ 2024-08-30 51/week @ 2024-09-06 33/week @ 2024-09-13 40/week @ 2024-09-20 109/week @ 2024-09-27 131/week @ 2024-10-04 203/week @ 2024-10-11

486 downloads per month

MIT/Apache

29KB
669 lines

Windows CNG bridge for rustls

This crate allows you to use the Windows CNG private keys together with rustls for both the client and server sides of the TLS channel.

Rationale: In many situations, it is required to use non-exportable private certificate chains from the Windows certificate store instead of the external PKCS8 file. rustls-cng can use such chains in the rustls context.

Supported key/certificate types: RSA, ECDSA/ECDH. Supported elliptic curves: secp256r1 (prime256v1), secp384r1.

Documentation

Documentation is available here.

Usage

The central struct to use in rustls-cng is CngSigningKey, which can be constructed from the low-level NCryptKey handle. The instance of CngSigningKey can then be used in rustls in the custom ResolvesServerCert or ResolvesClientCert implementation.

See the examples directory for usage examples.

License

Licensed under the MIT or Apache licenses (LICENSE-MIT or LICENSE-APACHE)

Dependencies

~19–39MB
~844K SLoC