How to use the schannel certificate (context) and private (ncrypt) key with openssl or rustls for actix?

Question

I need to get certificate and private key from windows store instead of the current two files. I have generated a PKCS12 using the two and have imported it into the windows store.

I am using schannel rs to find the relevant certificate and:

get the certificate context (which can be transformed to PEM or DER format and also parsed to X509 using x509 parser)
its relevant NcryptKey.

The program is already using rust openssl's SslAcceptorBuilder to load from the certificate file and to use the PKey which also loads the private key from file.

Question: How can the CertContext context be loaded into the SslAcceptorBuilder as certificate and how can I use the NcryptKey as PKey? (or also load it into the SslAcceptorBuilder which is the required anyway).

As the SslAcceptor can indeed load an X509, I have searched the Rust openssl documentation for means of creating one X509Ref using the X509Builder but none of them uses bytes of a certificate already in memory. Or at least I haven't yet found a method. Same stands for the PKey.

At the moment I am dumping the certificate as PEM in a file and load the file and delete the file. It is a level higher than having the file already there, but still. Moreover the private key file is still there. So, no security whatsoever.

Any ideas? Did I miss something? Maybe I cannot avoid using yet another package like rustls or rustls-native-certs?

UPDATE

After switching from rust openssl to rustls, I am able to use the certificate context as DER format for the ServerConfig builder. But I am still missing the part of the Ncrypt key to either PrivateKeyDer or something other usable. Going over schannel-rs repository now, to see if I find some answers there.

How to use the schannel certificate (context) and private (ncrypt) key with openssl or rustls for actix?

Answers (1)

Related Questions