nacardin · nacardin · Jun 12, 2026 · Apr 25, 2026
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "certkit"
-version = "0.1.1"
+version = "0.1.2"
 edition = "2024"
 license = "MIT OR Apache-2.0"
 description = "A pure Rust library for X.509 certificate management, creation, and validation, supporting RSA, ECDSA, and Ed25519 keys, with no OpenSSL or ring dependencies."
@@ -12,22 +12,28 @@ keywords = ["x509", "certificate", "crypto", "pki", "tls"]
 categories = ["cryptography", "authentication"]
 authors = ["Nick Cardin <nick@cardin.email>"]
 
+[features]
+default = ["rsa", "p256", "p384", "p521","ed25519"]
+p521 = ["p384", "dep:p521", "ecdsa"] #For some reason p521 does not compile without p384...
+ed25519 = ["ed25519-dalek"]
+
+
 [dependencies]
 bon = "3"
 const-oid = { version = "0.9.6", features = ["db"] }
-rsa = { version = "0.9" }
-p256 = { version = "0.13", features = ["ecdsa", "pkcs8"] }
-p384 = { version = "0.13", features = ["ecdsa", "pkcs8"] }
-p521 = { version = "0.13", features = ["ecdsa", "pkcs8"] }
-ecdsa = { version = "0.16", features = ["verifying"] }
-ed25519-dalek = { version = "2", features = ["rand_core", "pkcs8", "pem"] }
+rsa = { version = "0.9", optional = true }
+p256 = { version = "0.13", features = ["ecdsa", "pkcs8"], optional = true }
+p384 = { version = "0.13", features = ["ecdsa", "pkcs8"], optional = true }
+p521 = { version = "0.13", features = ["ecdsa", "pkcs8"], optional = true }
+ecdsa = { version = "0.16", features = ["verifying"], optional = true }
+ed25519-dalek = { version = "2", features = ["rand_core", "pkcs8", "pem"], optional = true}
 sha2 = { version = "0.10", default-features = false, features = ["oid"] }
-rand_core = { version = "0.6" }
+rand_core = { version = "0.6", features = ["getrandom"]}
 der = "0.7"
 time = "0.3"
 pem = "3"
 x509-cert = "0.2.5"
-pkcs8 = "0.10.2"
+pkcs8 = { version = "0.10.2", features = ["alloc", "pem"] }
 rand = "0.9.1"
 base64 = "0.22.1"
 sha1 = "0.10"

diff --git a/compile_feature_combinations.sh b/compile_feature_combinations.sh
@@ -0,0 +1,18 @@
+#/usr/bin/env bash
+cargo build
+
+cargo build --no-default-features --features rsa
+cargo build --no-default-features --features p256
+cargo build --no-default-features --features p384
+cargo build --no-default-features --features p521
+cargo build --no-default-features --features ed25519
+
+cargo build --no-default-features --features rsa,p256
+cargo build --no-default-features --features rsa,ed25519
+cargo build --no-default-features --features p256,ed25519
+cargo build --no-default-features --features p521,p256
+cargo build --no-default-features --features rsa,p521
+cargo build --no-default-features --features rsa,ed25519
+cargo build --no-default-features --features p521,ed25519
+
+
diff --git a/src/error.rs b/src/error.rs
@@ -191,12 +191,14 @@ impl From<der::Error> for CertKitError {
     }
 }
 
+#[cfg(feature = "rsa")]
 impl From<rsa::Error> for CertKitError {
     fn from(err: rsa::Error) -> Self {
         CertKitError::RsaError(err.to_string())
     }
 }
 
+#[cfg(feature = "rsa")]
 impl From<rsa::pkcs1::Error> for CertKitError {
     fn from(err: rsa::pkcs1::Error) -> Self {
         CertKitError::RsaPkcs1Error(err.to_string())

diff --git a/src/issuer.rs b/src/issuer.rs
@@ -212,10 +212,15 @@ pub trait Issuer {
     /// ```
     fn issue(&self, cert_request: &CertificationRequestInfo, validity: Validity) -> Certificate {
         let signature_algo = match self.signing_key() {
+            #[cfg(feature = "rsa")]
             KeyPair::Rsa { .. } => SignatureAlgorithm::Sha256WithRSA,
+            #[cfg(feature = "p256")]
             KeyPair::EcdsaP256 { .. } => SignatureAlgorithm::Sha256WithECDSA,
+            #[cfg(feature = "p384")]
             KeyPair::EcdsaP384 { .. } => SignatureAlgorithm::Sha256WithECDSA,
+            #[cfg(feature = "p521")]
             KeyPair::EcdsaP521 { .. } => SignatureAlgorithm::Sha256WithECDSA,
+            #[cfg(feature = "ed25519")]
             KeyPair::Ed25519 { .. } => SignatureAlgorithm::Sha256WithEdDSA,
         };