rustls / pemfile Goto Github PK
View Code? Open in Web Editor NEWBasic parser for PEM formatted keys and certificates
License: Other
Basic parser for PEM formatted keys and certificates
License: Other
Hi, how could I load a PKCS12 file with a password for use in rustls
? Edit: I see this library doesn't support PKCS8 with passwords.
I see there used to be a rustls::internal::pemfile::pkcs12_import
function, and there's a function for loading a pkcs8 file.
I'm resorting to loading the PKCS12 with the openssl
crate, then re-encoding that to a PEM &[u8]
that I pass to rustls
. Is there another way?
Per 6f0724b
These breaking changes were done, but not listed in the release notes. Please add the following text to the release page:
Renamed `Item::{RSAKey, PKCS8Key, ECKey}` to `Item::{Pkcs1Key, Pkcs8Key, Sec1Key}`
Hi, normally I use tokio-tungstenite for ws stream, but I need wss stream. I have fullchain and privatekey pem files where I got from let's encrypt. Here is my normal code:
let socket = TcpListener::bind("192.168.1.2:2424").await.unwrap();
let streamer_socket = TcpListener::bind("192.168.1.2:2525").await.unwrap();
match streamer_socket.accept().await {
Ok((streamer_tcp, streamer_info)) => {
match tokio_tungstenite::accept_async(streamer_tcp).await {
Ok(ws_stream) => {
tokio::spawn(streamer_stream(ws_stream));
},
Err(err_val) => eprintln!("Error: TCP to WS Transform | {}", err_val),
}
could this crate help me to convert this stream to wss with pem files ? If yes how ?
Example cert:
-----BEGIN CERTIFICATE-----
MIIDaTCCAlGgAwIBAgIJAOq/zL+84IswMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJOQzEMMAoGA1UEBwwDUlRQMQ8wDQYDVQQKDAZOZXRB
cHAxDTALBgNVBAsMBEVTSVMxEDAOBgNVBAMMB1NTRk1DQ0EwHhcNMTcxMTAxMjEw
OTQyWhcNMjcxMDMwMjEwOTQyWjBaMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMx
DDAKBgNVBAcMA1JUUDEPMA0GA1UECgwGTmV0QXBwMQ0wCwYDVQQLDARFU0lTMRAw
DgYDVQQDDAdTU0ZNQ0NBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
iaD9Ee0Yrdka0I+9GTJBIW/Fp5JU6kyjaxfOldW/R9lEubegXQFhDD2Xi1HZ+fTM
f224glB9xLJXAHhipRK01C2MgC4kSH75WL1iAiYeOBloExqmK6OCX+sdyO7RXm/H
Ra9tN2INWdvyO2pnmxsSnq56mCMsUZLtrRKp89FWgcxLg5r8QxH7xwfh5k54rxjE
144TD9yrIiQOgRSIRHUrVJ9l/F/gnwzP8wcNABeXwN71Mzl7mliPA703kONQIAyU
0E0tLpmy/U8dZdMmTBZGB7jI9f95Hl1RunfwhR371a6z38kgkvwrLzl4qflfsPjw
K9n4omNk9rCH9H9tWkxxjwIDAQABozIwMDAdBgNVHQ4EFgQU/bFyCCnqdDFKlQBJ
ExtV6wcMYkEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOQMs
Pz2iBD1+3RcSOsahB36WAwPCjgPiXXXpU+Zri11+m6I0Lq+OWtf+YgaQ8ylLmCQd
0p1wHlYA4qo896SycrhTQfy9GlS/aQqN192k3oBGoJcMIUnGUBGuEvyZ2aDUfkzy
JUqBe+0KaT7pkvvbRL7VUz34I7ouq9fQIRZ26vUDLTY3KM1n/DXBj3e30GHGMV3K
NN2twuLXPNjnryfgpliHU1rwV7r1WvrCVn4StjimP2bO5HGqD/SbiYUL2M9LOuLK
6mqY4OHumYXq3k7CHrvt0FepsN0L14LYEt1LvpPDFWP3SdN4z4KqT9AGqBaJnhhl
Qiq8GWnAChspdBLxCg==
-----END CERTIFICATE-----
OpenSSL can load it via openssl x509 -in cert.crt -noout -text
, so it is valid. Trying to parse this with rustls-pemfile (via rustls-native-certs) creates an error similar to this.
{ kind: InvalidData, error: "Could not load PEM file \"/usr/lib/ssl/certs/ca-certificates.crt\": Invalid byte 32, offset 0." }
Example private key file for secp384r1:
-----BEGIN EC PARAMETERS-----
BgUrgQQAIg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDByuCKP7SQqMTycoHcnOO7/m3V6igOwhP0UV5Tf3fYQkOx5xWOmPRNI
mecqTsuaJwygBwYFK4EEACKhZANiAARdg+8bTx650UMpYyJAWi47JHdxLzuGECaF
W/kn28/UIyDTgKHDTKAX4cr5Dh3lzjHJCmcRlHE2Nd/rKUyRSmgtAW6FeoW1h5XU
X+1tq2gQpQ6zooAX0O3a8zNLTbdiBZI=
-----END EC PRIVATE KEY-----
The extract
function isn't exported :/
Can you add a function for EC private keys?
Generate Private Key
openssl genrsa -out private.key 2048
use std::{fs::File, io::BufReader};
use rustls::pki_types::{PrivateKeyDer, PrivatePkcs1KeyDer, PrivatePkcs8KeyDer};
const PRIVATE_KEY: &str = include_str!("./private.key");
fn main() {
let private_key_file = "./private.key";
let private_key: PrivateKeyDer = rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(private_key_file).unwrap())).unwrap().unwrap();
dbg!(&private_key); // Pkcs8(PrivatePkcs1KeyDer(..)) ?
let new_key: PrivatePkcs8KeyDer = PRIVATE_KEY.as_bytes().into();
let new_key_as_enum: PrivateKeyDer = new_key.into();
dbg!(&new_key_as_enum);
assert_eq!(private_key, new_key_as_enum); // Assertion Failed
}
I had a use case the other day where I needed to parse some private keys of various formats. I had to write a bit of match logic to extract the bytes for the appropriate key type, even though I didn't care about which key type it was. I think this would be a relatively common use-case.
What would you folks think about providing a function to parse all private keys in any format, returning a Result<Vec<Vec<u8>>, Error>
?
The v1.0.2 upgrade included an upgrade of the base64
dependency from 0.13 -> 0.21. This implies that, to follow semantic versioning rules, the release should have been 1.1.0
Folks trying to build your crate with a version of Rust that does not support edition 2021 now have to pin the version to 1.0.1 in order to be able to build.
The read_one
fn can not read Let's Encrypt's RSA private key
Code:
pub fn rsa_private_keys(rd: &mut dyn io::BufRead) -> Result<Vec<Vec<u8>>, io::Error> {
let mut keys = Vec::<Vec<u8>>::new();
loop {
match read_one(rd)? {
None => return Ok(keys),
Some(Item::RSAKey(key)) => keys.push(key),
_ => {}
};
}
}
Key file:
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC8tyIZPHTSjd3M
9ZvTS5yWHJW42ifoV3mLsjzvcDW5jH+03L285FHkHC46pLEuOCRH7kaTo4wRP9n2
D5iQM+BkLkO4gdSHMcel/aLBbKfi27fTVBRx0PwB2+SrCEch14wB0NgBbX6C5j+y
R1ME0itYWH1LhWDhLM2p6JQ5MiHLbyfbAW0xIr0KpuW9deoAFHmAHCpUT2U9M90k
iWMXPILo0QQm5BOAHexmXX/BDTtiPGO9aqxAPr1uT5XbuTX51YrtNewZFj434wX2
3TsyUPprs8KCmOoD/pkfuRX37zSkCV55Q6h4DLfRiYYFHV7V92dxS6Y2qrBEA+dh
x2PaBHARAgMBAAECggEAKktg+Qbzp7zj2Ouy4Mgxb/M4GxXJm+j+9LAduAwN/mfe
t0pBu/Pv5o/qTHpcu18ZwoVEjBI7ciI9V0hniOoXgFxeERwH5cTiWfFeaLtRZSaZ
LGPLsTaFRGVj+nEAgDUuy7lir+86S1wPKoWRtaLk1AgBDMv3yn+gGFRn4+m4aT89
wAI3glh88ff5LYPSIa+2emFnB+lujARGpMELRDgd6pSuq50xy/1C01gMtUPtREk6
fBy/A3nG61XIBt+3u/qroNJ4wEK0CoHFqEjB2UCHBFhpLRDZ4WNtvRDOIxUMQIcX
EszEG9axCvWPgq81dBgLDa13sO/vxG1uTet7eZHAAQKBgQDh9hpFZv3Fd1uYx8S2
gwTtG0I/UR+l6b8VJkv2Uv5irIncWExZ4gXnIus3yoaxA9z/LvWOM9vI8VEf89Uz
KNrkO0etDZFnzj6Y7ULz2ItGyuQOTC9CQRcVpd+JMX2Jd9SCWCVu4Df9DTXjivq2
I08yQS/Gvy56IoWwMnqfHmrmYQKBgQDVzXqLi2Y7/pJ/D2Z4jTPwDW2xZ0qvVeqy
FYfhzIy6rkoP0bt3Fk1OCYgIJjNk23iDI4Z9+YyampyFBd+SyWhkZzo1y3VsxUnK
j8PuostGOjK+tsuyCldawLUaF9FU59NnHJbaoNhowE62Igkj5kqF9a1ZFKIgBjZ/
xXBMu16HsQKBgQCE7n54E+X5dIV7dRLB+IQ+ZUns6/G9bq0OaTBJInwrWqvj6EJK
opCscLuGX+wrWUV7DopBdTq4lVcPgCgN59wWZtV89j1znz7uQq6fu+X76MKPsrwe
syI8hw/hqy7aX5eyct7awqfNhCcOzSU/X7horTbJKpHSIlsZ1CiVUZS8IQKBgQDC
sSW5sww677w5pi1686JrI99S4CubdNKOrpqZXOp+CL56n1Nlw1JMENPmD9tXKaAZ
Ux1i0/9cvhRv8gRAp9W/MF1KpWbd0N48biROx8Hxxod1MgJVs6MOilOgWjYOajkR
OXCJ0FShNxW2N1I5dblBOZJMf0SPgvjX61QzG6CeUQKBgQCGkDVs0PuKBc5iacL8
oEmYD72JB3Yzo3mlA+QA7rfPD9ZZOdEAccg0vjF6h5Z31TSzA6Ei0TydusTW8ZFQ
nxmNiXeOe8ytyzExvdwA47+PFEpmANdf8aplKmivoPu5yTEe2859XFipem44Sxu1
VJlyi0nMDRxTDFtjOGeCt9n6cA==
-----END PRIVATE KEY-----
With a name of "pemfile" it's expected to to able to read a PEM file, no?
I'm trying to open a encrypted private key with the rustls_pemfile lib, but i am always receiving a empty vector.
I used this command to generate the encrypt private key:
openssl genrsa -aes-128-cbc -out ca.key 2048
A encrypted private key has a password. Is there any way to open this kind of private key passing the password in this lib?
The file init is:
-----BEGIN ENCRYPTED PRIVATE KEY-----
That's important, because new standards, such as modbus security, has the default chiper TLS_RSA_WITH_AES_128_CBC_SHA256, which is encrypted.
Thanks in advance
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.