diff options
Diffstat (limited to 'lib/public_key/doc/src/public_key.xml')
-rw-r--r-- | lib/public_key/doc/src/public_key.xml | 83 |
1 files changed, 47 insertions, 36 deletions
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index 16a7497a22..385604677c 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -34,40 +34,13 @@ <module>public_key</module> <modulesummary>API module for public-key infrastructure.</modulesummary> <description> - <p>This module provides functions to handle public-key infrastructure. It can - encode/decode different file formats (PEM, OpenSSH), sign and verify digital signatures, - and validate certificate paths and certificate revocation lists. + <p>Provides functions to handle public-key infrastructure, + for details see + <seealso marker="public_key_app">public_key(6)</seealso>. </p> </description> <section> - <title>public_key</title> - - <list type="bulleted"> - <item> Public Key requires the Crypto and ASN1 applications, - the latter as OTP R16 (hopefully the runtime dependency on ASN1 will - be removed again in the future).</item> - - <item>Supports <url href="http://www.ietf.org/rfc/rfc5280.txt">RFC 5280 </url> - - Internet X.509 Public-Key Infrastructure Certificate and Certificate Revocation List - (CRL) Profile </item> - <item>Supports <url href="http://www.ietf.org/rfc/rfc3447.txt"> PKCS-1 </url> - - RSA Cryptography Standard </item> - <item>Supports <url href="http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf"> DSS</url> - - Digital Signature Standard (DSA - Digital Signature Algorithm)</item> - <item>Supports - <url href="http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-3-diffie-hellman-key-agreement-standar.htm"> PKCS-3 </url> - - Diffie-Hellman Key Agreement Standard </item> - <item>Supports <url href="http://www.ietf.org/rfc/rfc2898.txt"> PKCS-5</url> - - Password-Based Cryptography Standard </item> - <item>Supports <url href="http://www.ietf.org/rfc/rfc5208.txt"> PKCS-8</url> - - Private-Key Information Syntax Standard</item> - <item>Supports <url href="http://www.ietf.org/rfc/rfc5967.txt"> PKCS-10</url> - - Certification Request Syntax Standard</item> - </list> - </section> - - <section> <title>DATA TYPES</title> <note><p>All records used in this Reference Manual @@ -118,7 +91,7 @@ <p><c> not_encrypted | cipher_info()}</c></p></item> <tag><c>cipher_info() = </c></tag> - <item><p><c>{"RC2-CBC" | "DES-CBC" | "DES-EDE3-CBC", crypto:rand_bytes(8)</c></p> + <item><p><c>{"RC2-CBC" | "DES-CBC" | "DES-EDE3-CBC", crypto:strong_rand_bytes(8)</c></p> <p><c>| {#'PBEParameter{}, digest_type()} | #'PBES2-params'{}}</c></p> </item> @@ -141,7 +114,7 @@ <item><p><c>#'DSAPrivateKey'{}</c></p></item> <tag><c>ec_public_key()</c></tag> - <item><p>= <c>{#'ECPoint'{}, #'EcpkParameters'{} | {namedCurve, oid()}}</c></p></item> + <item><p>= <c>{#'ECPoint'{}, #'ECParameters'{} | {namedCurve, oid()}}</c></p></item> <tag><c>ec_private_key() =</c></tag> <item><p><c>#'ECPrivateKey'{}</c></p></item> @@ -418,13 +391,14 @@ <v>Entity = term()</v> <d>Erlang representation of <c>Asn1Type</c>. If <c>Asn1Type</c> is 'SubjectPublicKeyInfo', - <c>Entity</c> must be either an <c>rsa_public_key()</c> or a - <c>dsa_public_key()</c> and this function creates the appropriate + <c>Entity</c> must be either an <c>rsa_public_key()</c>, + <c>dsa_public_key()</c> or an <c>ec_public_key()</c> + and this function creates the appropriate 'SubjectPublicKeyInfo' entry. </d> <v>CipherInfo = cipher_info()</v> <v>Password = string()</v> - </type> + </type> <desc> <p>Creates a PEM entry that can be feed to <c>pem_encode/1</c>.</p> </desc> @@ -727,6 +701,23 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, </func> <func> + <name>pkix_match_dist_point(CRL, DistPoint) -> boolean()</name> + <fsummary>Checks whether the given distribution point matches the + Issuing Distribution Point of the CRL.</fsummary> + + <type> + <v>CRL = der_encoded() | #'CertificateList'{} </v> + <v>DistPoint = #'DistributionPoint'{}</v> + </type> + <desc> + <p>Checks whether the given distribution point matches the + Issuing Distribution Point of the CRL, as described in RFC 5280. + If the CRL doesn't have an Issuing Distribution Point extension, + the distribution point always matches.</p> + </desc> + </func> + + <func> <name>pkix_sign(#'OTPTBSCertificate'{}, Key) -> der_encoded()</name> <fsummary>Signs certificate.</fsummary> <type> @@ -845,7 +836,27 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, <p>Verifies a digital signature.</p> </desc> </func> - + + <func> + <name>short_name_hash(Name) -> string()</name> + <fsummary>Generates a short hash of an issuer name.</fsummary> + <type> + <v>Name = issuer_name()</v> + </type> + <desc> + <p>Generates a short hash of an issuer name. The hash is + returned as a string containing eight hexadecimal digits.</p> + + <p>The return value of this function is the same as the result + of the commands <c>openssl crl -hash</c> and + <c>openssl x509 -issuer_hash</c>, when passed the issuer name of + a CRL or a certificate, respectively. This hash is used by the + <c>c_rehash</c> tool to maintain a directory of symlinks to CRL + files, in order to facilitate looking up a CRL by its issuer + name.</p> + </desc> + </func> + </funcs> </erlref> |