https://github.com/rustls/rustls-cng
Windows CNG bridge for rustls
https://github.com/rustls/rustls-cng
cng rust rustls tls windows
Last synced: 3 months ago
JSON representation
Windows CNG bridge for rustls
- Host: GitHub
- URL: https://github.com/rustls/rustls-cng
- Owner: rustls
- Created: 2022-06-06T21:41:59.000Z (over 3 years ago)
- Default Branch: dev
- Last Pushed: 2025-07-08T12:01:22.000Z (3 months ago)
- Last Synced: 2025-07-15T05:44:36.108Z (3 months ago)
- Topics: cng, rust, rustls, tls, windows
- Language: Rust
- Homepage:
- Size: 3.04 MB
- Stars: 7
- Watchers: 4
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Windows CNG bridge for rustls
[](https://github.com/rustls/rustls-cng/actions)
[](https://crates.io/crates/rustls-cng)
[](https://opensource.org/licenses/MIT)
[](https://opensource.org/licenses/Apache-2.0)
[](https://docs.rs/rustls-cng)
This crate allows you to use the Windows CNG private keys together with [rustls](https://docs.rs/rustls/latest/rustls)
for both the client and server sides of the TLS channel.
Rationale: In many situations, it is required to use non-exportable private certificate chains
from the Windows certificate store instead of the external PKCS8 file.
`rustls-cng` can use such chains in the `rustls` context.
Supported key/certificate types: **RSA**, **ECDSA/ECDH**. Supported elliptic curves: secp256r1 (prime256v1), secp384r1.
[Documentation](https://docs.rs/rustls-cng).
## Usage
The central struct to use in `rustls-cng` is `CngSigningKey`, which can be constructed
from the low-level `NCryptKey` handle. The instance of `CngSigningKey` can then be
used in `rustls` in the custom `ResolvesServerCert` or `ResolvesClientCert` implementation.
See the `examples` directory for usage examples.
## License
Licensed under the MIT or Apache licenses ([LICENSE-MIT](https://opensource.org/licenses/MIT) or [LICENSE-APACHE](https://opensource.org/licenses/Apache-2.0))