-
While using the RSA.generateKeys() method I've noticed that it generates differently formatted keys depending on the OS. I've noticed that the Android one is very differently generated than the iOS on…
-
Using a single key is convenient, but multiple keys aren't that hard to handle, and would avoid putting all eggs in one basket. That helps in case a cert needs to be revoked – Google Chrome revokes by…
-
Currently, only `rsa` crate has high-level functions documented that allow to load form PEM, DER, etc formats. But I found nothing of the kind in the elliptic_curve's documentation.
It would be nic…
-
Only `pkcs8`, `spki`, and `jwk` are tested. Not `raw`.
If no-one else wants to tackle this, I can try get some tests added start of next year.
-
如题,目前通过抓包发现tcp-tls模式发送Client Hello时会发送SNI信息,实测谷歌8.8.8.8等服务器支持无SNI模式。所以想能否设置一个选项不发送SNI或者伪造成其他域名,这样应该更有利于防止SNI阻断。谢谢!
PS:其实最好是提供选项改写SNI,同时也能提供选项检查服务区证书的真实性。类似于smartdns的这种
-spki-pin: TLS spki pin t…
-
See https://github.com/sigstore/rekor/issues/2062 for the full context here. TL;DR: we have an internal `key_id` helper that essentially does `SHA256(DER(SPKI(key))`, which is correct for ECDSA keys b…
-
Hi,
I am trying to create an application that will run multiple instances of puppeteer, each instance will have its own proxy. The new "perBrowserOptions" is good but how can I set the proxy based…
-
Per [OpenSSL PKI Tutorial](https://pki-tutorial.readthedocs.io/en/latest/advanced/#operate-software-ca) and its [sample configuration file](https://pki-tutorial.readthedocs.io/en/latest/advanced/codes…
-
Talking with David: he want to be able to generate server certificates for short hostname (ex: "sjrmsd022"), and user certificates for username and not email addresses (ex: "john doe" or "john.doe" bu…
-
It seems like [`DecodingKey::from_ed_der`](https://docs.rs/jsonwebtoken/latest/jsonwebtoken/struct.DecodingKey.html#method.from_ed_der) function actually expects raw 32 bytes public key, which ring's …