Implementation for Tor certificates
The tor-cert crate implements the binary certificate types
documented in Tor's cert-spec.txt, which are used when
authenticating Tor channels. (Eventually, support for onion service
certificate support will get added too.)
This crate is part of Arti, a project to implement Tor in Rust.
There are other types of certificate used by Tor as well, and they
are implemented in other places. In particular, see
[tor-netdoc::doc::authcert] for the certificate types used by
authorities in the directory protocol.
The tor-cert code is in its own separate crate because it is
required by several other higher-level crates that do not depend
upon each other. For example, [tor-netdoc] parses encoded
certificates from router descriptors, while [tor-proto] uses
certificates when authenticating relays.
Parsing, validating, and inspecting a certificate:
```rust use base64ct::{Base64, Encoding as }; use torcert::; use tor_checkable::; // Taken from a random relay on the Tor network. let certbase64 = "AQQABrntAThPWJ4nFH1L77Ar+emd4GPXZTPUYzIwmR2H6Zod5TvXAQAgBAC+vzqh VFO1SGATubxcrZzrsNr+8hrsdZtyGg/Dde/TqaY1FNbeMqtAPMziWOd6txzShER4 qc/haDk5V45Qfk6kjcKw+k7cPwyJeu+UF/azdoqcszHRnUHRXpiPzudPoA4="; // Remove the whitespace, so base64 doesn't choke on it. let certbase64: String = certbase64.splitwhitespace().collect(); // Decode the base64. let certbin = Base64::decodevec(&cert_base64).unwrap();
// Decode the cert and check its signature. let cert = Ed25519Cert::decode(&certbin).unwrap() .checkkey(None).unwrap() .checksignature().unwrap() .dangerouslyassumetimely(); let signedkey = cert.subject_key(); ```
License: MIT OR Apache-2.0