Expand description
EST (RFC 7030) protocol types with ML-DSA (FIPS 204) and ML-KEM (FIPS 203) support.
This crate implements the wire protocol types for Enrollment over Secure Transport, with comprehensive support for NIST FIPS 204 (ML-DSA) digital signatures and FIPS 203 (ML-KEM) key encapsulation mechanisms.
§Supported Operations
/cacerts- Retrieve CA certificate chain/simpleenroll- Certificate enrollment with PKCS#10 CSR/simplereenroll- Certificate re-enrollment with mTLS/fullcmc- Full CMC protocol support/serverkeygen- Server-side key generation with ML-KEM KRA support/csrattrs- CSR attribute hints including PQC algorithm OIDs
§Post-Quantum Cryptography
All enrollment operations support:
- ML-DSA-44, ML-DSA-65, ML-DSA-87 (FIPS 204 digital signatures)
- ML-KEM-512, ML-KEM-768, ML-KEM-1024 (FIPS 203 key encapsulation)
- Composite algorithms (ML-DSA + traditional) per OID arc 2.16.840.1.114027.80.5.2
Modules§
- cacerts
- CA Certificates response per RFC 7030 §4.1.
- content_
type - RFC 7030 MIME content types for EST operations.
- csrattrs
- CSR Attributes response per RFC 7030 §4.5.
- enroll
- Simple enrollment per RFC 7030 §4.2.
- fullcmc
- Full CMC (Certificate Management over CMS) per RFC 7030 §4.3.
- reenroll
- Simple re-enrollment per RFC 7030 §4.2.2.
- serverkeygen
- Server-side key generation per RFC 7030 §4.4.
Enums§
- EstError
- EST protocol errors.
- EstOperation
- EST protocol operations per RFC 7030.
Type Aliases§
- EstResult
- Result type for EST operations.