diff options
author | Maxim Fedorov <[email protected]> | 2018-04-18 15:48:34 -0700 |
---|---|---|
committer | Maxim Fedorov <[email protected]> | 2018-05-21 16:46:56 -0700 |
commit | 304dd8f81e28ed04cde9f6f7ac1f79870da1c2cd (patch) | |
tree | 0e4b12f70540dd25b07a4f089e4b638a4c2afc72 /lib/public_key/src/public_key.erl | |
parent | 5ec78bc5314f5b32ba28bae4d95f12ffa28469ca (diff) | |
download | otp-304dd8f81e28ed04cde9f6f7ac1f79870da1c2cd.tar.gz otp-304dd8f81e28ed04cde9f6f7ac1f79870da1c2cd.tar.bz2 otp-304dd8f81e28ed04cde9f6f7ac1f79870da1c2cd.zip |
public_key: PKCS8 (Private-Key Information Syntax Standard) encoded private key support
This patch adds support for RSA, DSA and EC private keys encoded using PKCS8 format.
Test *.pem files are made with converting existing *.pem files using openssl:
openssl pkcs8 -in ... -out ... -topk8 -nocrypt
Diffstat (limited to 'lib/public_key/src/public_key.erl')
-rw-r--r-- | lib/public_key/src/public_key.erl | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 931901640a..6900ede946 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -237,7 +237,7 @@ der_decode(Asn1Type, Der) when (Asn1Type == 'PrivateKeyInfo') or andalso is_binary(Der) -> try {ok, Decoded} = 'PKCS-FRAME':decode(Asn1Type, Der), - Decoded + der_priv_key_decode(Decoded) catch error:{badmatch, {error, _}} = Error -> erlang:error(Error) @@ -276,6 +276,24 @@ der_encode(Asn1Type, Entity) when is_atom(Asn1Type) -> erlang:error(Error) end. +der_priv_key_decode({'PrivateKeyInfo', v1, PKAlgo, PrivKey, _} = PKCS8Key) -> + % do actual decoding + {'PrivateKeyInfo_privateKeyAlgorithm', Algorithm, {asn1_OPENTYPE, Parameters}} = PKAlgo, + case Algorithm of + ?'id-ecPublicKey' -> + EcpkParameters = public_key:der_decode('EcpkParameters', Parameters), + EcPrivKey = public_key:der_decode('ECPrivateKey', PrivKey), + EcPrivKey#'ECPrivateKey'{parameters = EcpkParameters}; + ?'rsaEncryption' -> + public_key:der_decode('RSAPrivateKey', PrivKey); + ?'id-dsa' -> + {params, #'Dss-Parms'{p=P, q=Q, g=G}} = public_key:der_decode('DSAParams', Parameters), + X = public_key:der_decode('Prime-p', PrivKey), + #'DSAPrivateKey'{p=P, q=Q, g=G, x=X}; + _ -> + PKCS8Key + end. + %%-------------------------------------------------------------------- -spec pkix_decode_cert(Cert::binary(), plain | otp) -> #'Certificate'{} | #'OTPCertificate'{}. |