Crate rustls_pemfile

Source
Expand description

§rustls-pemfile

A basic parser for .pem files containing cryptographic keys and certificates.

The input to this crate is a .pem file containing potentially many sections, and the output is those sections as alleged DER-encodings. This crate does not decode the actual DER-encoded keys/certificates.

§Quick start

Starting with an io::BufRead containing the file to be read:

  • Use read_all() to ingest the whole file, then work through the contents in-memory, or,
  • Use read_one() to stream through the file, processing the items as found, or,
  • Use certs() to extract just the certificates (silently discarding other sections), and similarly for rsa_private_keys() and pkcs8_private_keys().

§no-std support

The opt-out “std” Cargo feature can be disabled to put this crate in no-std mode.

In no-std mode, the read_one_from_slice API can be used to parse a .pem file that has already been loaded into memory.

§Example code

use std::iter;
use rustls_pemfile::{Item, read_one};
// Assume `reader` is any std::io::BufRead implementor
for item in iter::from_fn(|| read_one(&mut reader).transpose()) {
    match item.unwrap() {
        Item::X509Certificate(cert) => println!("certificate {:?}", cert),
        Item::Crl(crl) => println!("certificate revocation list: {:?}", crl),
        Item::Csr(csr) => println!("certificate signing request: {:?}", csr),
        Item::Pkcs1Key(key) => println!("rsa pkcs1 key {:?}", key),
        Item::Pkcs8Key(key) => println!("pkcs8 key {:?}", key),
        Item::Sec1Key(key) => println!("sec1 ec key {:?}", key),
        _ => println!("unhandled item"),
    }
}

Enums§

Error
Errors that may arise when parsing the contents of a PEM file
Item
The contents of a single recognised block in a PEM file.

Functions§

certs
Return an iterator over certificates from rd.
crls
Return an iterator certificate revocation lists (CRLs) from rd.
csr
Return the first certificate signing request (CSR) found in rd.
ec_private_keys
Return an iterator over SEC1-encoded EC private keys from rd.
pkcs8_private_keys
Return an iterator over PKCS8-encoded private keys from rd.
private_key
Return the first private key found in rd.
public_keys
Return an iterator over SPKI-encoded keys from rd.
read_all
Extract and return all PEM sections by reading rd.
read_one
Extract and decode the next PEM section from rd.
read_one_from_slice
Extract and decode the next PEM section from input
rsa_private_keys
Return an iterator over RSA private keys from rd.