diff options
author | Ingela Anderton Andin <[email protected]> | 2013-02-26 15:52:18 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2013-03-13 14:40:59 +0100 |
commit | 006f45a738a6612958381b2fcbf48586c008d911 (patch) | |
tree | 600bc9e688ad286e1b4f6dad72a65a514cacc207 /lib/public_key/doc | |
parent | 03bc63bed74af4c392d160005b77aca43d4cd4aa (diff) | |
download | otp-006f45a738a6612958381b2fcbf48586c008d911.tar.gz otp-006f45a738a6612958381b2fcbf48586c008d911.tar.bz2 otp-006f45a738a6612958381b2fcbf48586c008d911.zip |
public_key & ssl: Add support for ISO oids 1.3.14.3.2.29 and 1.3.14.3.2.27
Some certificates may use these OIDs instead of the ones defined by
PKIX/PKCS standard.
Refactor code so that all handling of the "duplicate" oids is done by
public_key.
Update algorithm information in documentation.
Diffstat (limited to 'lib/public_key/doc')
-rw-r--r-- | lib/public_key/doc/src/cert_records.xml | 27 | ||||
-rw-r--r-- | lib/public_key/doc/src/public_key.xml | 21 |
2 files changed, 38 insertions, 10 deletions
diff --git a/lib/public_key/doc/src/cert_records.xml b/lib/public_key/doc/src/cert_records.xml index ac4b4e4489..c9249d40c3 100644 --- a/lib/public_key/doc/src/cert_records.xml +++ b/lib/public_key/doc/src/cert_records.xml @@ -60,9 +60,6 @@ marker="public_key">public key reference manual </seealso> or follows here.</p> - <p><c>oid() - a tuple of integers - as generated by the ASN1 compiler.</c></p> - <p><c>time() = uct_time() | general_time()</c></p> <p><c>uct_time() = {utcTime, "YYMMDDHHMMSSZ"} </c></p> @@ -158,6 +155,9 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'</p> <cell align="left" valign="middle">id-dsa-with-sha1</cell> </row> <row> + <cell align="left" valign="middle">id-dsaWithSHA1 (ISO alt oid to above)</cell> + </row> + <row> <cell align="left" valign="middle">md2WithRSAEncryption</cell> </row> <row> @@ -166,9 +166,21 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'</p> <row> <cell align="left" valign="middle">sha1WithRSAEncryption</cell> </row> + <row> + <cell align="left" valign="middle">sha-1WithRSAEncryption (ISO alt oid to above)</cell> + </row> + <row> + <cell align="left" valign="middle">sha224WithRSAEncryption</cell> + </row> <row> - <cell align="left" valign="middle">ecdsa-with-SHA1</cell> + <cell align="left" valign="middle">sha256WithRSAEncryption</cell> </row> + <row> + <cell align="left" valign="middle">sha512WithRSAEncryption</cell> + </row> + <row> + <cell align="left" valign="middle">ecdsa-with-SHA1</cell> + </row> <tcaption>Signature algorithm oids </tcaption> </table> @@ -276,15 +288,14 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'</p> <cell align="left" valign="middle">dhpublicnumber</cell> </row> <row> - <cell align="left" valign="middle">ecdsa-with-SHA1</cell> - </row> - <row> <cell align="left" valign="middle">id-keyExchangeAlgorithm</cell> </row> + <row> + <cell align="left" valign="middle">id-ecPublicKey</cell> + </row> <tcaption>Public key algorithm oids </tcaption> </table> - <code> #'Extension'{ extnID, % id_extensions() | oid() diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index 5864de2d57..84300f6e65 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -48,7 +48,7 @@ <item>Supports <url href="http://www.ietf.org/rfc/rfc5280.txt">RFC 5280 </url> - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile </item> <item>Supports <url href="http://www.rsa.com/rsalabs/node.asp?id=2125"> PKCS-1 </url> - RSA Cryptography Standard </item> - <item>Supports <url href="http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf"> DSA</url>- Digital Signature Algorithm</item> + <item>Supports <url href="http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf"> DSS</url>- Digital Signature Standard (DSA - Digital Signature Algorithm)</item> <item>Supports <url href="http://www.rsa.com/rsalabs/node.asp?id=2126"> PKCS-3 </url> - Diffie-Hellman Key Agreement Standard </item> <item>Supports <url href="http://www.rsa.com/rsalabs/node.asp?id=2127"> PKCS-5</url> - Password-Based Cryptography Standard </item> <item>Supports <url href="http://www.rsa.com/rsalabs/node.asp?id=2130"> PKCS-8</url> - Private-Key Information Syntax Standard</item> @@ -72,8 +72,10 @@ <code> -include_lib("public_key/include/public_key.hrl"). </code> - <p><em>Data Types </em></p> + <p><em>Data Types </em></p> + <p><code>oid() - a tuple of integers as generated by the ASN1 compiler.</code></p> + <p><code>boolean() = true | false</code></p> <p><code>string() = [bytes()]</code></p> @@ -491,6 +493,21 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} | </desc> </func> + <func> + <name>pkix_sign_types(AlgorithmId) -> {DigestType, SignatureType}</name> + <fsummary>Translates signature algorithm oid to erlang digest and signature algorithm types.</fsummary> + <type> + <v>AlgorithmId = oid()</v> + <d>Signature oid from a certificate or a certificate revocation list</d> + <v>DigestType = rsa_digest_type() | dss_digest_type() </v> + <v>SignatureType = rsa | dsa</v> + </type> + <desc> + <p>Translates signature algorithm oid to erlang digest and signature types. + </p> + </desc> + </func> + <func> <name>pkix_verify(Cert, Key) -> boolean()</name> <fsummary> Verify pkix x.509 certificate signature.</fsummary> |