跳到主要内容

Crate rcgen

搜索

Crate rcgen 

Source
展开描述

Rust 的 X.509 证书生成工具

本 crate 提供一种生成自签名 X.509 证书的方法。

使用本 crate 最简单的方式是调用 generate_simple_self_signed 函数。 如果需要更强的定制能力,可以构造一个 CertificateParams 与一个密钥对, 然后调用 CertificateParams::signed_by()CertificateParams::self_signed()

§Example

use rcgen::{generate_simple_self_signed, CertifiedKey};
// Generate a certificate that's valid for "localhost" and "hello.world.example"
let subject_alt_names = vec!["hello.world.example".to_string(),
	"localhost".to_string()];

let CertifiedKey { cert, signing_key } = generate_simple_self_signed(subject_alt_names).unwrap();
println!("{}", cert.pem());
println!("{}", signing_key.serialize_pem());

模块§

string
ASN.1 string types

结构体§

Attribute
A PKCS #10 CSR attribute, as defined in RFC 5280 and constrained by RFC 2986.
Certificate
An issued certificate
CertificateParams
Parameters used for certificate generation
CertificateRevocationList
A certificate revocation list (CRL)
CertificateRevocationListParams
Parameters used for certificate revocation list (CRL) generation
CertificateSigningRequest
A certificate signing request (CSR) that can be encoded to PEM or DER.
CertificateSigningRequestParams
Parameters for a certificate signing request
CertifiedIssuer
An Issuer wrapper that also contains the issuer’s Certificate.
CertifiedKey
An issued certificate, together with the subject keypair.
CrlDistributionPoint
A certificate revocation list (CRL) distribution point, to be included in a certificate’s distribution points extension or a CRL’s issuing distribution point extension
CrlIssuingDistributionPoint
A certificate revocation list (CRL) issuing distribution point, to be included in a CRL’s issuing distribution point extension.
CustomExtension
A custom extension of a certificate, as specified in RFC 5280
DistinguishedName
Distinguished name used e.g. for the issuer and subject fields of a certificate
DistinguishedNameIterator
Iterator over DistinguishedName entries
Issuer
能够签署证书的签发者。
KeyPair
A key pair used to sign certificates and CSRs
NameConstraints
The NameConstraints extension (only relevant for CA certificates)
PublicKey
A public key, extracted from a CSR
RevokedCertParams
Parameters used for describing a revoked certificate included in a CertificateRevocationList.
SerialNumber
A certificate serial number.
SignatureAlgorithm
Signature algorithm type
SubjectPublicKeyInfo
A public key

枚举§

BasicConstraints
路径长度约束(仅与 CA 证书相关)
CidrSubnet
CIDR subnet, as per RFC 4632
CrlScope
Describes the scope of a CRL for an issuing distribution point extension.
DnType
The attribute type of a distinguished name entry
DnValue
A distinguished name entry
Error
The error type of the rcgen crate
ExtendedKeyUsagePurpose
One of the purposes contained in the extended key usage extension
GeneralSubtree
General Subtree type.
InvalidAsn1String
ASN.1 字符串无效 type
IsCa
Whether the certificate is allowed to sign other certificates
KeyIdMethod
从公钥生成密钥标识符的方法.
KeyUsagePurpose
One of the purposes contained in the key usage extension
OtherNameValue
An OtherName value, defined in RFC 5280§4.1.2.4.
RevocationReason
Identifies the reason a certificate was revoked. See RFC 5280 §5.3.1
SanType
The type of subject alt name

静态项§

PKCS_ECDSA_P256_SHA256
ECDSA signing using the P-256 curves and SHA-256 hashing as per RFC 5758
PKCS_ECDSA_P384_SHA384
ECDSA signing using the P-384 curves and SHA-384 hashing as per RFC 5758
PKCS_ED25519
ED25519 curve signing as per RFC 8410
PKCS_RSA_SHA256
RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per RFC 4055
PKCS_RSA_SHA384
RSA signing with PKCS#1 1.5 padding and SHA-384 hashing as per RFC 4055
PKCS_RSA_SHA512
RSA signing with PKCS#1 1.5 padding and SHA-512 hashing as per RFC 4055

Trait§

PublicKeyData
The public key data of a key pair
SigningKey
A key that can be used to sign messages

函数§

date_time_ymd
Helper to obtain an OffsetDateTime from year, month, day values
generate_simple_self_signed
用于生成自签名证书的 KISS 函数

类型别名§

RcgenErrorDeprecated
Type-alias for the old name of Error.