Crate rustls_pemfile

source ·
Expand description

rustls-pemfile

A basic parser for .pem files containing cryptographic keys and certificates.

The input to this crate is a .pem file containing potentially many sections, and the output is those sections as alleged DER-encodings. This crate does not decode the actual DER-encoded keys/certificates.

Quick start

Starting with an io::BufRead containing the file to be read:

  • Use read_all() to ingest the whole file, then work through the contents in-memory, or,
  • Use read_one() to stream through the file, processing the items as found, or,
  • Use certs() to extract just the certificates (silently discarding other sections), and similarly for rsa_private_keys() and pkcs8_private_keys().

Example code

use std::iter;
use rustls_pemfile::{Item, read_one};
// Assume `reader` is any std::io::BufRead implementor
for item in iter::from_fn(|| read_one(&mut reader).transpose()) {
    match item.unwrap() {
        Item::X509Certificate(cert) => println!("certificate {:?}", cert),
        Item::Crl(crl) => println!("certificate revocation list: {:?}", crl),
        Item::RSAKey(key) => println!("rsa pkcs1 key {:?}", key),
        Item::PKCS8Key(key) => println!("pkcs8 key {:?}", key),
        Item::ECKey(key) => println!("sec1 ec key {:?}", key),
        _ => println!("unhandled item"),
    }
}

Enums

  • The contents of a single recognised block in a PEM file.

Functions

  • Extract all the certificates from rd, and return a vec of byte vecs containing the der-format contents.
  • Extract all the certificate revocation lists (CRLs) from rd, and return a vec of byte vecs containing the der-format contents.
  • Extract all SEC1-encoded EC private keys from rd, and return a vec of byte vecs containing the der-format contents.
  • Extract all PKCS8-encoded private keys from rd, and return a vec of byte vecs containing the der-format contents.
  • Extract and return all PEM sections by reading rd.
  • Extract and decode the next PEM section from rd.
  • Extract all RSA private keys from rd, and return a vec of byte vecs containing the der-format contents.