xah30
b8ce58ddf0
aura-crypto: X25519 + ML-KEM-768 (FIPS 203) hybrid KEM, HKDF-SHA256 session key derivation, ChaCha20-Poly1305 AeadSession with counter nonces; genuine NIST ACVP ML-KEM-768 KAT (decapsulation vector). 16 tests green, clippy clean. aura-pki: self-signed CA, server/client cert issuance (rcgen 0.14), mutual X.509 chain verification via rustls-webpki, CRL revocation. 8 tests green. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
23 lines
990 B
TOML
23 lines
990 B
TOML
[package]
|
|
name = "aura-pki"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
description = "Aura PKI: CA, X.509 issuance and mutual-auth verification"
|
|
|
|
[dependencies]
|
|
# `x509-parser` feature enables Issuer::from_ca_cert_pem (parsing an existing CA
|
|
# cert to reconstruct the issuer). Merged on top of the workspace default features.
|
|
rcgen = { workspace = true, features = ["x509-parser"] }
|
|
rustls.workspace = true
|
|
rustls-pki-types.workspace = true
|
|
x509-parser.workspace = true
|
|
uuid.workspace = true
|
|
thiserror.workspace = true
|
|
anyhow.workspace = true
|
|
# Chain verification against the Aura CA trust anchor. 0.103 is already in the
|
|
# workspace lockfile (pulled transitively), so this adds no new resolution.
|
|
webpki = { package = "rustls-webpki", version = "0.103", default-features = false, features = ["ring"] }
|
|
# Certificate validity windows (not_before / not_after). Already in the lockfile.
|
|
time = { version = "0.3", default-features = false, features = ["std"] }
|