aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/src/public_key.erl
diff options
context:
space:
mode:
authorMaxim Fedorov <[email protected]>2018-04-18 15:48:34 -0700
committerMaxim Fedorov <[email protected]>2018-05-21 16:46:56 -0700
commit304dd8f81e28ed04cde9f6f7ac1f79870da1c2cd (patch)
tree0e4b12f70540dd25b07a4f089e4b638a4c2afc72 /lib/public_key/src/public_key.erl
parent5ec78bc5314f5b32ba28bae4d95f12ffa28469ca (diff)
downloadotp-304dd8f81e28ed04cde9f6f7ac1f79870da1c2cd.tar.gz
otp-304dd8f81e28ed04cde9f6f7ac1f79870da1c2cd.tar.bz2
otp-304dd8f81e28ed04cde9f6f7ac1f79870da1c2cd.zip
public_key: PKCS8 (Private-Key Information Syntax Standard) encoded private key support
This patch adds support for RSA, DSA and EC private keys encoded using PKCS8 format. Test *.pem files are made with converting existing *.pem files using openssl: openssl pkcs8 -in ... -out ... -topk8 -nocrypt
Diffstat (limited to 'lib/public_key/src/public_key.erl')
-rw-r--r--lib/public_key/src/public_key.erl20
1 files changed, 19 insertions, 1 deletions
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 931901640a..6900ede946 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -237,7 +237,7 @@ der_decode(Asn1Type, Der) when (Asn1Type == 'PrivateKeyInfo') or
andalso is_binary(Der) ->
try
{ok, Decoded} = 'PKCS-FRAME':decode(Asn1Type, Der),
- Decoded
+ der_priv_key_decode(Decoded)
catch
error:{badmatch, {error, _}} = Error ->
erlang:error(Error)
@@ -276,6 +276,24 @@ der_encode(Asn1Type, Entity) when is_atom(Asn1Type) ->
erlang:error(Error)
end.
+der_priv_key_decode({'PrivateKeyInfo', v1, PKAlgo, PrivKey, _} = PKCS8Key) ->
+ % do actual decoding
+ {'PrivateKeyInfo_privateKeyAlgorithm', Algorithm, {asn1_OPENTYPE, Parameters}} = PKAlgo,
+ case Algorithm of
+ ?'id-ecPublicKey' ->
+ EcpkParameters = public_key:der_decode('EcpkParameters', Parameters),
+ EcPrivKey = public_key:der_decode('ECPrivateKey', PrivKey),
+ EcPrivKey#'ECPrivateKey'{parameters = EcpkParameters};
+ ?'rsaEncryption' ->
+ public_key:der_decode('RSAPrivateKey', PrivKey);
+ ?'id-dsa' ->
+ {params, #'Dss-Parms'{p=P, q=Q, g=G}} = public_key:der_decode('DSAParams', Parameters),
+ X = public_key:der_decode('Prime-p', PrivKey),
+ #'DSAPrivateKey'{p=P, q=Q, g=G, x=X};
+ _ ->
+ PKCS8Key
+ end.
+
%%--------------------------------------------------------------------
-spec pkix_decode_cert(Cert::binary(), plain | otp) ->
#'Certificate'{} | #'OTPCertificate'{}.