38 releases (23 breaking)

new 0.28.0 Mar 3, 2025
0.26.0 Jan 7, 2025
0.25.0 Dec 2, 2024
0.24.0 Oct 31, 2024
0.0.0 Jun 24, 2021

#261 in Parser implementations

Download history 2164/week @ 2024-11-17 1993/week @ 2024-11-24 2077/week @ 2024-12-01 2655/week @ 2024-12-08 2127/week @ 2024-12-15 801/week @ 2024-12-22 860/week @ 2024-12-29 1633/week @ 2025-01-05 1779/week @ 2025-01-12 1284/week @ 2025-01-19 1418/week @ 2025-01-26 2275/week @ 2025-02-02 2252/week @ 2025-02-09 1329/week @ 2025-02-16 1267/week @ 2025-02-23 1468/week @ 2025-03-02

7,229 downloads per month
Used in 57 crates (7 directly)

MIT/Apache

240KB
3.5K SLoC

tor-cert

Implementation for Tor certificates

Overview

The tor-cert crate implements the binary certificate types documented in Tor's cert-spec.txt, which are used when authenticating Tor channels. (Eventually, support for onion service certificate support will get added too.)

This crate is part of Arti, a project to implement Tor in Rust.

There are other types of certificate used by Tor as well, and they are implemented in other places. In particular, see tor-netdoc::doc::authcert for the certificate types used by authorities in the directory protocol.

Design notes

The tor-cert code is in its own separate crate because it is required by several other higher-level crates that do not depend upon each other. For example, tor-netdoc parses encoded certificates from router descriptors, while tor-proto uses certificates when authenticating relays.

Examples

Parsing, validating, and inspecting a certificate:

use base64ct::{Base64, Encoding as _};
use tor_cert::*;
use tor_checkable::*;
// Taken from a random relay on the Tor network.
let cert_base64 =
 "AQQABrntAThPWJ4nFH1L77Ar+emd4GPXZTPUYzIwmR2H6Zod5TvXAQAgBAC+vzqh
  VFO1SGATubxcrZzrsNr+8hrsdZtyGg/Dde/TqaY1FNbeMqtAPMziWOd6txzShER4
  qc/haDk5V45Qfk6kjcKw+k7cPwyJeu+UF/azdoqcszHRnUHRXpiPzudPoA4=";
// Remove the whitespace, so base64 doesn't choke on it.
let cert_base64: String = cert_base64.split_whitespace().collect();
// Decode the base64.
let cert_bin = Base64::decode_vec(&cert_base64).unwrap();

// Decode the cert and check its signature.
let cert = Ed25519Cert::decode(&cert_bin).unwrap()
    .check_key(None).unwrap()
    .check_signature().unwrap()
    .dangerously_assume_timely();
let signed_key = cert.subject_key();

License: MIT OR Apache-2.0

Dependencies

~11–23MB
~332K SLoC