aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/doc
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2013-02-26 15:52:18 +0100
committerIngela Anderton Andin <[email protected]>2013-03-13 14:40:59 +0100
commit006f45a738a6612958381b2fcbf48586c008d911 (patch)
tree600bc9e688ad286e1b4f6dad72a65a514cacc207 /lib/public_key/doc
parent03bc63bed74af4c392d160005b77aca43d4cd4aa (diff)
downloadotp-006f45a738a6612958381b2fcbf48586c008d911.tar.gz
otp-006f45a738a6612958381b2fcbf48586c008d911.tar.bz2
otp-006f45a738a6612958381b2fcbf48586c008d911.zip
public_key & ssl: Add support for ISO oids 1.3.14.3.2.29 and 1.3.14.3.2.27
Some certificates may use these OIDs instead of the ones defined by PKIX/PKCS standard. Refactor code so that all handling of the "duplicate" oids is done by public_key. Update algorithm information in documentation.
Diffstat (limited to 'lib/public_key/doc')
-rw-r--r--lib/public_key/doc/src/cert_records.xml27
-rw-r--r--lib/public_key/doc/src/public_key.xml21
2 files changed, 38 insertions, 10 deletions
diff --git a/lib/public_key/doc/src/cert_records.xml b/lib/public_key/doc/src/cert_records.xml
index ac4b4e4489..c9249d40c3 100644
--- a/lib/public_key/doc/src/cert_records.xml
+++ b/lib/public_key/doc/src/cert_records.xml
@@ -60,9 +60,6 @@
marker="public_key">public key reference manual </seealso> or
follows here.</p>
- <p><c>oid() - a tuple of integers
- as generated by the ASN1 compiler.</c></p>
-
<p><c>time() = uct_time() | general_time()</c></p>
<p><c>uct_time() = {utcTime, "YYMMDDHHMMSSZ"} </c></p>
@@ -158,6 +155,9 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'</p>
<cell align="left" valign="middle">id-dsa-with-sha1</cell>
</row>
<row>
+ <cell align="left" valign="middle">id-dsaWithSHA1 (ISO alt oid to above)</cell>
+ </row>
+ <row>
<cell align="left" valign="middle">md2WithRSAEncryption</cell>
</row>
<row>
@@ -166,9 +166,21 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'</p>
<row>
<cell align="left" valign="middle">sha1WithRSAEncryption</cell>
</row>
+ <row>
+ <cell align="left" valign="middle">sha-1WithRSAEncryption (ISO alt oid to above)</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">sha224WithRSAEncryption</cell>
+ </row>
<row>
- <cell align="left" valign="middle">ecdsa-with-SHA1</cell>
+ <cell align="left" valign="middle">sha256WithRSAEncryption</cell>
</row>
+ <row>
+ <cell align="left" valign="middle">sha512WithRSAEncryption</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">ecdsa-with-SHA1</cell>
+ </row>
<tcaption>Signature algorithm oids </tcaption>
</table>
@@ -276,15 +288,14 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'</p>
<cell align="left" valign="middle">dhpublicnumber</cell>
</row>
<row>
- <cell align="left" valign="middle">ecdsa-with-SHA1</cell>
- </row>
- <row>
<cell align="left" valign="middle">id-keyExchangeAlgorithm</cell>
</row>
+ <row>
+ <cell align="left" valign="middle">id-ecPublicKey</cell>
+ </row>
<tcaption>Public key algorithm oids </tcaption>
</table>
-
<code>
#'Extension'{
extnID, % id_extensions() | oid()
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index 5864de2d57..84300f6e65 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -48,7 +48,7 @@
<item>Supports <url href="http://www.ietf.org/rfc/rfc5280.txt">RFC 5280 </url> -
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile </item>
<item>Supports <url href="http://www.rsa.com/rsalabs/node.asp?id=2125"> PKCS-1 </url> - RSA Cryptography Standard </item>
- <item>Supports <url href="http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf"> DSA</url>- Digital Signature Algorithm</item>
+ <item>Supports <url href="http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf"> DSS</url>- Digital Signature Standard (DSA - Digital Signature Algorithm)</item>
<item>Supports <url href="http://www.rsa.com/rsalabs/node.asp?id=2126"> PKCS-3 </url> - Diffie-Hellman Key Agreement Standard </item>
<item>Supports <url href="http://www.rsa.com/rsalabs/node.asp?id=2127"> PKCS-5</url> - Password-Based Cryptography Standard </item>
<item>Supports <url href="http://www.rsa.com/rsalabs/node.asp?id=2130"> PKCS-8</url> - Private-Key Information Syntax Standard</item>
@@ -72,8 +72,10 @@
<code> -include_lib("public_key/include/public_key.hrl"). </code>
- <p><em>Data Types </em></p>
+ <p><em>Data Types </em></p>
+ <p><code>oid() - a tuple of integers as generated by the ASN1 compiler.</code></p>
+
<p><code>boolean() = true | false</code></p>
<p><code>string() = [bytes()]</code></p>
@@ -491,6 +493,21 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} |
</desc>
</func>
+ <func>
+ <name>pkix_sign_types(AlgorithmId) -> {DigestType, SignatureType}</name>
+ <fsummary>Translates signature algorithm oid to erlang digest and signature algorithm types.</fsummary>
+ <type>
+ <v>AlgorithmId = oid()</v>
+ <d>Signature oid from a certificate or a certificate revocation list</d>
+ <v>DigestType = rsa_digest_type() | dss_digest_type() </v>
+ <v>SignatureType = rsa | dsa</v>
+ </type>
+ <desc>
+ <p>Translates signature algorithm oid to erlang digest and signature types.
+ </p>
+ </desc>
+ </func>
+
<func>
<name>pkix_verify(Cert, Key) -> boolean()</name>
<fsummary> Verify pkix x.509 certificate signature.</fsummary>