New API Proposal: X.509 Certificate Support

[Craz1k0ek]

New API Proposal: X.509 Certificate Support

Motivation:

A big part of cryptography and security for multiple internet protocols is the X.509 standard, defining public key certificate formats. Not having the possibility to create or read certificates is a real bummer.

It would be a great addition:

• Identity binding to a public key using digital signatures
• Client certificate authentication, useful for Swift servers and clients
• Certificate Authority (CA) support
• Pretty Good Privacy (PGP) support
• SSL/TLS support

Most of the core components to support X.509 certificates are already (partially) implemented:

• ASN.1 support to encode and decode certificates and it's attributes
• ECC/RSA signatures to sign CSR's and verify certificates

I would highly recommend also adding the certificate signing request (CSR), part of the PKCS#10 spec, to make the client certificate authentication and identities accessible more easily.

Importance:

X.509 is of great importance in cryptography:

• It provides clients secure access to information and resources
• It provides a way to prevent man-in-the-middle attacks (MITM)
• It is an enabler for CA's
• It is an enabler for PGP
• It is an enabler for the public key infrastructure (PKI)

[Lukasa]

Is your use-case solved by swift-certificates?

[Craz1k0ek]

It sure does, that's exactly what I was after. Can't believe I missed that, thanks a lot!