<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns:fn="http://www.w3.org/2005/02/xpath-functions"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <link rel="stylesheet" href="../../../../doc/otp_doc.css" type="text/css"> <title>Erlang -- public_key</title> </head> <body bgcolor="white" text="#000000" link="#0000ff" vlink="#ff00ff" alink="#ff0000"><div id="container"> <script id="js" type="text/javascript" language="JavaScript" src="../../../../doc/js/flipmenu/flipmenu.js"></script><script id="js2" type="text/javascript" src="../../../../doc/js/erlresolvelinks.js"></script><script language="JavaScript" type="text/javascript"> <!-- function getWinHeight() { var myHeight = 0; if( typeof( window.innerHeight ) == 'number' ) { //Non-IE myHeight = window.innerHeight; } else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) { //IE 6+ in 'standards compliant mode' myHeight = document.documentElement.clientHeight; } else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) { //IE 4 compatible myHeight = document.body.clientHeight; } return myHeight; } function setscrollpos() { var objf=document.getElementById('loadscrollpos'); document.getElementById("leftnav").scrollTop = objf.offsetTop - getWinHeight()/2; } function addEvent(obj, evType, fn){ if (obj.addEventListener){ obj.addEventListener(evType, fn, true); return true; } else if (obj.attachEvent){ var r = obj.attachEvent("on"+evType, fn); return r; } else { return false; } } addEvent(window, 'load', setscrollpos); //--></script><div id="leftnav"><div class="innertube"> <img alt="Erlang logo" src="../../../../doc/erlang-logo.png"><br><small><a href="users_guide.html">User's Guide</a><br><a href="index.html">Reference Manual</a><br><a href="release_notes.html">Release Notes</a><br><a href="../pdf/public_key-0.17.pdf">PDF</a><br><a href="../../../../doc/index.html">Top</a></small><p><strong>public_key</strong><br><strong>Reference Manual</strong><br><small>Version 0.17</small></p> <br><a href="javascript:openAllFlips()">Expand All</a><br><a href="javascript:closeAllFlips()">Contract All</a><p><small><strong>Table of Contents</strong></small></p> <ul class="flipMenu"><li id="loadscrollpos" title="public_key " expanded="true">public_key<ul> <li><a href="public_key.html"> Top of manual page </a></li> <li title="decrypt_private-2"><a href="public_key.html#decrypt_private-2">decrypt_private/2</a></li> <li title="decrypt_private-3"><a href="public_key.html#decrypt_private-3">decrypt_private/3</a></li> <li title="decrypt_public-2"><a href="public_key.html#decrypt_public-2">decrypt_public/2</a></li> <li title="decrypt_public-3"><a href="public_key.html#decrypt_public-3">decrypt_public/3</a></li> <li title="der_decode-2"><a href="public_key.html#der_decode-2">der_decode/2</a></li> <li title="der_encode-2"><a href="public_key.html#der_encode-2">der_encode/2</a></li> <li title="pem_decode-1"><a href="public_key.html#pem_decode-1">pem_decode/1</a></li> <li title="pem_encode-1"><a href="public_key.html#pem_encode-1">pem_encode/1</a></li> <li title="pem_entry_decode-1"><a href="public_key.html#pem_entry_decode-1">pem_entry_decode/1</a></li> <li title="pem_entry_decode-2"><a href="public_key.html#pem_entry_decode-2">pem_entry_decode/2</a></li> <li title="pem_entry_encode-2"><a href="public_key.html#pem_entry_encode-2">pem_entry_encode/2</a></li> <li title="pem_entry_encode-3"><a href="public_key.html#pem_entry_encode-3">pem_entry_encode/3</a></li> <li title="encrypt_private-2"><a href="public_key.html#encrypt_private-2">encrypt_private/2</a></li> <li title="encrypt_public-2"><a href="public_key.html#encrypt_public-2">encrypt_public/2</a></li> <li title="pkix_decode_cert-2"><a href="public_key.html#pkix_decode_cert-2">pkix_decode_cert/2</a></li> <li title="pkix_encode-3"><a href="public_key.html#pkix_encode-3">pkix_encode/3</a></li> <li title="pkix_is_issuer-2"><a href="public_key.html#pkix_is_issuer-2">pkix_is_issuer/2</a></li> <li title="pkix_is_fixed_dh_cert-1"><a href="public_key.html#pkix_is_fixed_dh_cert-1">pkix_is_fixed_dh_cert/1</a></li> <li title="pkix_is_self_signed-1"><a href="public_key.html#pkix_is_self_signed-1">pkix_is_self_signed/1</a></li> <li title="pkix_issuer_id-2"><a href="public_key.html#pkix_issuer_id-2">pkix_issuer_id/2</a></li> <li title="pkix_normalize_name-1"><a href="public_key.html#pkix_normalize_name-1">pkix_normalize_name/1</a></li> <li title="pkix_sign-2"><a href="public_key.html#pkix_sign-2">pkix_sign/2</a></li> <li title="pkix_verify-2"><a href="public_key.html#pkix_verify-2">pkix_verify/2</a></li> <li title="sign-3"><a href="public_key.html#sign-3">sign/3</a></li> <li title="ssh_decode-2"><a href="public_key.html#ssh_decode-2">ssh_decode/2</a></li> <li title="ssh_encode-2"><a href="public_key.html#ssh_encode-2">ssh_encode/2</a></li> <li title="verify-4"><a href="public_key.html#verify-4">verify/4</a></li> </ul> </li></ul> </div></div> <div id="content"> <div class="innertube"> <!-- refpage --><center><h1>public_key</h1></center> <h3>MODULE</h3> <div class="REFBODY">public_key</div> <h3>MODULE SUMMARY</h3> <div class="REFBODY"> API module for public key infrastructure.</div> <h3>DESCRIPTION</h3> <div class="REFBODY"><p> <p>This module provides functions to handle public key infrastructure from <span class="bold_code"><a href="http://www.ietf.org/rfc/rfc5280.txt">RFC 5280</a></span>- X.509 certificates and some parts of the PKCS-standard. </p> </p></div> <h3><a name="id60156">COMMON DATA TYPES </a></h3> <div class="REFBODY"> <div class="note"> <div class="label">Note</div> <div class="content"><p><p>All records used in this manual are generated from ASN.1 specifications and are documented in the User's Guide. See <span class="bold_code"><a href="public_key_records.html">Public key records</a></span> and <span class="bold_code"><a href="cert_records.html">X.509 Certificate records</a></span>. </p></p></div> </div> <p>Use the following include directive to get access to the records and constant macros described here and in the User's Guide.</p> <div class="example"><pre> -include_lib("public_key/include/public_key.hrl"). </pre></div> <p><strong>Data Types </strong></p> <p><div class="example"><pre>boolean() = true | false</pre></div></p> <p><div class="example"><pre>string = [bytes()]</pre></div></p> <p><div class="example"><pre>pki_asn1_type() = 'Certificate' | 'RSAPrivateKey'| 'RSAPublicKey' 'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' | 'SubjectPublicKeyInfo'| 'PrivateKeyInfo' | 'CertificationRequest'</pre></div></p> <p><div class="example"><pre>pem_entry () = {pki_asn1_type(), binary(), %% DER or encrypted DER not_encrypted | cipher_info()} </pre></div></p> <p><div class="example"><pre>cipher_info() = {"RC2-CBC | "DES-CBC" | "DES-EDE3-CBC", crypto:rand_bytes(8)} | 'PBES2-params'} </pre></div></p> <p><div class="example"><pre>rsa_public_key() = #'RSAPublicKey'{}</pre></div></p> <p><div class="example"><pre>rsa_private_key() = #'RSAPrivateKey'{} </pre></div></p> <p><div class="example"><pre>dsa_public_key() = {integer(), #'Dss-Parms'{}} </pre></div></p> <p><div class="example"><pre>dsa_private_key() = #'DSAPrivateKey'{}</pre></div></p> <p><div class="example"><pre> public_crypt_options() = [{rsa_pad, rsa_padding()}]. </pre></div></p> <p><div class="example"><pre> rsa_padding() = 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' | 'rsa_no_padding'</pre></div></p> <p><div class="example"><pre> rsa_digest_type() = 'md5' | 'sha' | 'sha224' | 'sha256' | 'sha384' | 'sha512' </pre></div></p> <p><div class="example"><pre> dss_digest_type() = 'sha' </pre></div></p> <p><div class="example"><pre> ssh_file() = openssh_public_key | rfc4716_public_key | known_hosts | auth_keys </pre></div></p> </div> <h3>EXPORTS</h3> <p><a name="decrypt_private-2"><span class="bold_code">decrypt_private(CipherText, Key) -> binary()</span></a><br><a name="decrypt_private-3"><span class="bold_code">decrypt_private(CipherText, Key, Options) -> binary()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">CipherText = binary()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Key = rsa_private_key()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Options = public_crypt_options()</span><br> </div> </div> <div class="REFBODY"><p> <p>Public key decryption using the private key.</p> </p></div> <p><a name="decrypt_public-2"><span class="bold_code">decrypt_public(CipherText, Key) - > binary()</span></a><br><a name="decrypt_public-3"><span class="bold_code">decrypt_public(CipherText, Key, Options) - > binary()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">CipherText = binary()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Key = rsa_public_key()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Options = public_crypt_options()</span><br> </div> </div> <div class="REFBODY"><p> <p> Public key decryption using the public key.</p> </p></div> <p><a name="der_decode-2"><span class="bold_code">der_decode(Asn1type, Der) -> term()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Asn1Type = atom()</span><br> </div> <div class="REFBODY"> ASN.1 type present in the public_key applications asn1 specifications.</div> <div class="REFTYPES"> <span class="bold_code">Der = der_encoded()</span><br> </div> </div> <div class="REFBODY"><p> <p> Decodes a public key ASN.1 der encoded entity.</p> </p></div> <p><a name="der_encode-2"><span class="bold_code">der_encode(Asn1Type, Entity) -> der_encoded()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Asn1Type = atom()</span><br> </div> <div class="REFBODY"> Asn1 type present in the public_key applications ASN.1 specifications.</div> <div class="REFTYPES"> <span class="bold_code">Entity = term()</span><br> </div> <div class="REFBODY">The erlang representation of <span class="code">Asn1Type</span> </div> </div> <div class="REFBODY"><p> <p> Encodes a public key entity with ASN.1 DER encoding.</p> </p></div> <p><a name="pem_decode-1"><span class="bold_code">pem_decode(PemBin) -> [pem_entry()]</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">PemBin = binary()</span><br> </div> <div class="REFBODY">Example {ok, PemBin} = file:read_file("cert.pem").</div> </div> <div class="REFBODY"><p> <p>Decode PEM binary data and return entries as ASN.1 der encoded entities.</p> </p></div> <p><a name="pem_encode-1"><span class="bold_code">pem_encode(PemEntries) -> binary()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code"> PemEntries = [pem_entry()] </span><br> </div> </div> <div class="REFBODY"><p> <p>Creates a PEM binary</p> </p></div> <p><a name="pem_entry_decode-1"><span class="bold_code">pem_entry_decode(PemEntry) -> term()</span></a><br><a name="pem_entry_decode-2"><span class="bold_code">pem_entry_decode(PemEntry, Password) -> term()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code"> PemEntry = pem_entry() </span><br> </div> <div class="REFTYPES"> <span class="bold_code"> Password = string() </span><br> </div> </div> <div class="REFBODY"><p> <p>Decodes a pem entry. pem_decode/1 returns a list of pem entries. Note that if the pem entry is of type 'SubjectPublickeyInfo' it will be further decoded to an rsa_public_key() or dsa_public_key().</p> </p></div> <p><a name="pem_entry_encode-2"><span class="bold_code">pem_entry_encode(Asn1Type, Entity) -> pem_entry()</span></a><br><a name="pem_entry_encode-3"><span class="bold_code">pem_entry_encode(Asn1Type, Entity, {CipherInfo, Password}) -> pem_entry()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Asn1Type = pki_asn1_type()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Entity = term()</span><br> </div> <div class="REFBODY">The Erlang representation of <span class="code">Asn1Type</span>. If <span class="code">Asn1Type</span> is 'SubjectPublicKeyInfo' then <span class="code">Entity</span> must be either an rsa_public_key() or a dsa_public_key() and this function will create the appropriate 'SubjectPublicKeyInfo' entry. </div> <div class="REFTYPES"> <span class="bold_code">CipherInfo = cipher_info()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Password = string()</span><br> </div> </div> <div class="REFBODY"><p> <p> Creates a pem entry that can be feed to pem_encode/1.</p> </p></div> <p><a name="encrypt_private-2"><span class="bold_code">encrypt_private(PlainText, Key) -> binary()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">PlainText = binary()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Key = rsa_private_key()</span><br> </div> </div> <div class="REFBODY"><p> <p> Public key encryption using the private key.</p> </p></div> <p><a name="encrypt_public-2"><span class="bold_code">encrypt_public(PlainText, Key) -> binary()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">PlainText = binary()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Key = rsa_public_key()</span><br> </div> </div> <div class="REFBODY"><p> <p> Public key encryption using the public key.</p> </p></div> <p><a name="pkix_decode_cert-2"><span class="bold_code">pkix_decode_cert(Cert, otp|plain) -> #'Certificate'{} | #'OTPCertificate'{}</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Cert = der_encoded()</span><br> </div> </div> <div class="REFBODY"><p> <p>Decodes an ASN.1 der encoded pkix certificate. The otp option will use the customized ASN.1 specification OTP-PKIX.asn1 for decoding and also recursively decode most of the standard parts.</p> </p></div> <p><a name="pkix_encode-3"><span class="bold_code">pkix_encode(Asn1Type, Entity, otp | plain) -> der_encoded()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Asn1Type = atom()</span><br> </div> <div class="REFBODY">The ASN.1 type can be 'Certificate', 'OTPCertificate' or a subtype of either .</div> </div> <div class="REFBODY"><p> <p>Der encodes a pkix x509 certificate or part of such a certificate. This function must be used for encoding certificates or parts of certificates that are decoded/created in the otp format, whereas for the plain format this function will directly call der_encode/2. </p> </p></div> <p><a name="pkix_is_issuer-2"><span class="bold_code">pkix_is_issuer(Cert, IssuerCert) -> boolean()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Cert = der_encode() | #'OTPCertificate'{}</span><br> </div> <div class="REFTYPES"> <span class="bold_code">IssuerCert = der_encode() | #'OTPCertificate'{}</span><br> </div> </div> <div class="REFBODY"><p> <p> Checks if <span class="code">IssuerCert</span> issued <span class="code">Cert</span> </p> </p></div> <p><a name="pkix_is_fixed_dh_cert-1"><span class="bold_code">pkix_is_fixed_dh_cert(Cert) -> boolean()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Cert = der_encode() | #'OTPCertificate'{}</span><br> </div> </div> <div class="REFBODY"><p> <p> Checks if a Certificate is a fixed Diffie-Hellman Cert.</p> </p></div> <p><a name="pkix_is_self_signed-1"><span class="bold_code">pkix_is_self_signed(Cert) -> boolean()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Cert = der_encode() | #'OTPCertificate'{}</span><br> </div> </div> <div class="REFBODY"><p> <p> Checks if a Certificate is self signed.</p> </p></div> <p><a name="pkix_issuer_id-2"><span class="bold_code">pkix_issuer_id(Cert, IssuedBy) -> {ok, IssuerID} | {error, Reason}</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Cert = der_encode() | #'OTPCertificate'{}</span><br> </div> <div class="REFTYPES"> <span class="bold_code">IssuedBy = self | other</span><br> </div> <div class="REFTYPES"> <span class="bold_code">IssuerID = {integer(), {rdnSequence, [#'AttributeTypeAndValue'{}]}}</span><br> </div> <div class="REFBODY">The issuer id consists of the serial number and the issuers name.</div> <div class="REFTYPES"> <span class="bold_code">Reason = term()</span><br> </div> </div> <div class="REFBODY"><p> <p> Returns the issuer id.</p> </p></div> <p><a name="pkix_normalize_name-1"><span class="bold_code">pkix_normalize_name(Issuer) -> Normalized</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Issuer = {rdnSequence,[#'AttributeTypeAndValue'{}]}</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Normalized = {rdnSequence, [#'AttributeTypeAndValue'{}]}</span><br> </div> </div> <div class="REFBODY"><p> <p>Normalizes a issuer name so that it can be easily compared to another issuer name.</p> </p></div> <p><a name="pkix_sign-2"><span class="bold_code">pkix_sign(#'OTPTBSCertificate'{}, Key) -> der_encode()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Key = rsa_public_key() | dsa_public_key()</span><br> </div> </div> <div class="REFBODY"><p> <p>Signs a 'OTPTBSCertificate'. Returns the corresponding der encoded certificate.</p> </p></div> <p><a name="pkix_verify-2"><span class="bold_code">pkix_verify(Cert, Key) -> boolean()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Cert = der_encode()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Key = rsa_public_key() | dsa_public_key()</span><br> </div> </div> <div class="REFBODY"><p> <p> Verify pkix x.509 certificate signature.</p> </p></div> <p><a name="sign-3"><span class="bold_code">sign(Msg, DigestType, Key) -> binary()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Msg = binary() | {digest,binary()}</span><br> </div> <div class="REFBODY">The msg is either the binary "plain text" data to be signed or it is the hashed value of "plain text" i.e. the digest.</div> <div class="REFTYPES"> <span class="bold_code">DigestType = rsa_digest_type() | dss_digest_type()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Key = rsa_private_key() | dsa_private_key()</span><br> </div> </div> <div class="REFBODY"><p> <p> Creates a digital signature.</p> </p></div> <p><a name="ssh_decode-2"><span class="bold_code">ssh_decode(SshBin, Type) -> [{public_key(), Attributes::list()}]</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">SshBin = binary()</span><br> </div> <div class="REFBODY">Example {ok, SshBin} = file:read_file("known_hosts").</div> <div class="REFTYPES"> <span class="bold_code"> Type = public_key | ssh_file()</span><br> </div> <div class="REFBODY">If <span class="code">Type</span> is <span class="code">public_key</span> the binary may be either a rfc4716 public key or a openssh public key.</div> </div> <div class="REFBODY"><p> <p> Decodes a ssh file-binary. In the case of know_hosts or auth_keys the binary may include one or more lines of the file. Returns a list of public keys and their attributes, possible attribute values depends on the file type represented by the binary. </p> <dl> <dt><strong>rfc4716 attributes - see RFC 4716</strong></dt> <dd>{headers, [{string(), utf8_string()}]}</dd> <dt><strong>auth_key attributes - see man sshd </strong></dt> <dd>{comment, string()}</dd> <dd>{options, [string()]}</dd> <dd>{bits, integer()} - In ssh version 1 files</dd> <dt><strong>known_host attributes - see man sshd</strong></dt> <dd>{hostnames, [string()]}</dd> <dd>{comment, string()}</dd> <dd>{bits, integer()} - In ssh version 1 files</dd> </dl> </p></div> <p><a name="ssh_encode-2"><span class="bold_code">ssh_encode([{Key, Attributes}], Type) -> binary()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Key = public_key()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Attributes = list()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Type = ssh_file()</span><br> </div> </div> <div class="REFBODY"><p> <p>Encodes a list of ssh file entries (public keys and attributes) to a binary. Possible attributes depends on the file type, see <span class="bold_code"><a href="#ssh_decode-2"> ssh_decode/2 </a></span></p> </p></div> <p><a name="verify-4"><span class="bold_code">verify(Msg, DigestType, Signature, Key) -> boolean()</span></a><br></p> <div class="REFBODY"> <p>Types:</p> <div class="REFTYPES"> <span class="bold_code">Msg = binary() | {digest,binary()}</span><br> </div> <div class="REFBODY">The msg is either the binary "plain text" data or it is the hashed value of "plain text" i.e. the digest.</div> <div class="REFTYPES"> <span class="bold_code">DigestType = rsa_digest_type() | dss_digest_type()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Signature = binary()</span><br> </div> <div class="REFTYPES"> <span class="bold_code">Key = rsa_public_key() | dsa_public_key()</span><br> </div> </div> <div class="REFBODY"><p> <p>Verifies a digital signature</p> </p></div> </div> <div class="footer"> <hr> <p>Copyright © 2008-2012 Ericsson AB, All Rights Reserved</p> </div> </div> </div></body> </html>