I built this project to stop treating PKI as a black box. The repository implements RSA key generation, PEM handling, encryption and decryption, certificate request generation, certificate signing, verification, and CRL-based revocation.
The RSA part uses a custom Mersenne Twister for random number generation and implements the extended Euclidean algorithm for modular inverses. The certificate-authority part models a small trust chain: a client generates a CSR, the authority signs it, the client receives a certificate, and verification changes once the certificate is revoked.
This is not production cryptography, and I do not present it that way. The value is in the mechanics. Writing the pieces myself forced me to understand what a certificate asserts, where trust is anchored, and why revocation is operationally messy.
Recruiter-relevant signals:
- Python implementation of mathematical primitives and protocol flow.
- Practical PKI vocabulary: CSR, certificate signing, verification, CRL, PEM.
- Clear boundary between learning implementation and production security.