Crates.io | tor-cert |
lib.rs | tor-cert |
version | |
source | src |
created_at | 2021-06-24 14:12:02.47507 |
updated_at | 2025-01-07 17:21:40.754028 |
description | Non-standard certificate formats used by Tor |
homepage | https://gitlab.torproject.org/tpo/core/arti/-/wikis/home |
repository | https://gitlab.torproject.org/tpo/core/arti.git/ |
max_upload_size | |
id | 414477 |
Cargo.toml error: | TOML parse error at line 22, column 1 | 22 | autolib = false | ^^^^^^^ unknown field `autolib`, expected one of `name`, `version`, `edition`, `authors`, `description`, `readme`, `license`, `repository`, `homepage`, `documentation`, `build`, `resolver`, `links`, `default-run`, `default_dash_run`, `rust-version`, `rust_dash_version`, `rust_version`, `license-file`, `license_dash_file`, `license_file`, `licenseFile`, `license_capital_file`, `forced-target`, `forced_dash_target`, `autobins`, `autotests`, `autoexamples`, `autobenches`, `publish`, `metadata`, `keywords`, `categories`, `exclude`, `include` |
size | 0 |
Implementation for Tor certificates
The tor-cert
crate implements the binary certificate types
documented in Tor's cert-spec.txt, which are used when
authenticating Tor channels. (Eventually, support for onion service
certificate support will get added too.)
This crate is part of Arti, a project to implement Tor in Rust.
There are other types of certificate used by Tor as well, and they
are implemented in other places. In particular, see
[tor-netdoc::doc::authcert
] for the certificate types used by
authorities in the directory protocol.
The tor-cert
code is in its own separate crate because it is
required by several other higher-level crates that do not depend
upon each other. For example, [tor-netdoc
] parses encoded
certificates from router descriptors, while [tor-proto
] uses
certificates when authenticating relays.
Parsing, validating, and inspecting a certificate:
use base64ct::{Base64, Encoding as _};
use tor_cert::*;
use tor_checkable::*;
// Taken from a random relay on the Tor network.
let cert_base64 =
"AQQABrntAThPWJ4nFH1L77Ar+emd4GPXZTPUYzIwmR2H6Zod5TvXAQAgBAC+vzqh
VFO1SGATubxcrZzrsNr+8hrsdZtyGg/Dde/TqaY1FNbeMqtAPMziWOd6txzShER4
qc/haDk5V45Qfk6kjcKw+k7cPwyJeu+UF/azdoqcszHRnUHRXpiPzudPoA4=";
// Remove the whitespace, so base64 doesn't choke on it.
let cert_base64: String = cert_base64.split_whitespace().collect();
// Decode the base64.
let cert_bin = Base64::decode_vec(&cert_base64).unwrap();
// Decode the cert and check its signature.
let cert = Ed25519Cert::decode(&cert_bin).unwrap()
.check_key(None).unwrap()
.check_signature().unwrap()
.dangerously_assume_timely();
let signed_key = cert.subject_key();
License: MIT OR Apache-2.0