pyrus-cert-store
| Crates.io | pyrus-cert-store |
| lib.rs | pyrus-cert-store |
| version | 0.2.3 |
| created_at | 2025-03-06 18:39:07.585977+00 |
| updated_at | 2025-03-06 18:39:07.585977+00 |
| description | A simple API to provide certificate persistence for pyrus-crypto. |
| homepage | |
| repository | https://github.com/lysolaka/pyrus-cert-store |
| max_upload_size | |
| id | 1581646 |
| size | 29,634 |
(lysolaka)
documentation
README
Pyrus Cert Store
This crate's main purpose is to provide a simple API for "secure"
Cert storage. It is largely inspired
by sequoia-cert-store.
A note on security
This crate makes no security guarantees and its security goes as far as the author's will to make his school project secure.
There were no and will not be any security audits of this crate and so use with caution.
How it works?
The storage backend is
[rusqlite] with crate feature bundled-sqlcipher-vendored-openssl
enabled. This allows for encrypting the SQL database and keeps the secrets
"secure".
Certificates are stored as [LazyCert]s, which is basically a serialized
(unparsed) certificate, a fingerprint, and a user id, which allows for
filtering and listing the certificates without parsing them which is
fallible.
Examples
Openning a store and saving a certificate
use pyrus_cert_store::{CertStore, LazyCert};
let my_cert: Cert = ;//..
let store = CertStore::open("certstore.db3")
.with_passphrase(String::from("password123"), b"use a better password and salt")
.connect()?;
store.insert(LazyCert::try_from(&my_cert)?)?;
let stored_cert: LazyCert = store.get(my_cert.fingerprint())?;
let stored_cert = stored_cert.to_cert()?;
assert_eq!(my_cert, stored_cert);
Openning a store in memory and removing a saved certificate
use pyrus_cert_store::{CertStore, LazyCert};
let my_cert: Cert = ;//..
// passing "" as path opens the store in memory
let store = CertStore::open("")
.with_passphrase(String::from("password123"), b"use a better password and salt")
.connect()?;
store.insert(LazyCert::try_from(&my_cert)?)?;
store.remove(my_cert.fingerprint())?;
assert!(store.get(my_cert.fingerprint()).is_err());
Openning an unencrypted store
Since encryption is done using an SQL pragma there is no way to prove that in tests.
use pyrus_cert_store::{CertStore, LazyCert};
// not configuring a passphrase assumes no encryption
let store = CertStore::open("").connect()?;
// dropping a store safely flushes all statements and saves it
// well this one is in memory so it will be simply dropped