diff options
Diffstat (limited to 'lib/public_key/doc/src')
-rw-r--r-- | lib/public_key/doc/src/Makefile | 227 | ||||
-rw-r--r-- | lib/public_key/doc/src/book.xml | 51 | ||||
-rw-r--r-- | lib/public_key/doc/src/cert_records.xml | 612 | ||||
-rw-r--r-- | lib/public_key/doc/src/fascicules.xml | 19 | ||||
-rw-r--r-- | lib/public_key/doc/src/introduction.xml | 52 | ||||
-rw-r--r-- | lib/public_key/doc/src/make.dep | 21 | ||||
-rw-r--r-- | lib/public_key/doc/src/note.gif | bin | 0 -> 1539 bytes | |||
-rw-r--r-- | lib/public_key/doc/src/notes.xml | 120 | ||||
-rw-r--r-- | lib/public_key/doc/src/part.xml | 42 | ||||
-rw-r--r-- | lib/public_key/doc/src/part_notes.xml | 38 | ||||
-rw-r--r-- | lib/public_key/doc/src/public_key.xml | 317 | ||||
-rw-r--r-- | lib/public_key/doc/src/public_key_records.xml | 99 | ||||
-rw-r--r-- | lib/public_key/doc/src/ref_man.xml | 43 |
13 files changed, 1641 insertions, 0 deletions
diff --git a/lib/public_key/doc/src/Makefile b/lib/public_key/doc/src/Makefile new file mode 100644 index 0000000000..08d1396cca --- /dev/null +++ b/lib/public_key/doc/src/Makefile @@ -0,0 +1,227 @@ +# +# %CopyrightBegin% +# +# Copyright Ericsson AB 2008-2009. All Rights Reserved. +# +# The contents of this file are subject to the Erlang Public License, +# Version 1.1, (the "License"); you may not use this file except in +# compliance with the License. You should have received a copy of the +# Erlang Public License along with this software. If not, it can be +# retrieved online at http://www.erlang.org/. +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# %CopyrightEnd% +# + +# +include $(ERL_TOP)/make/target.mk +include $(ERL_TOP)/make/$(TARGET)/otp.mk + +# ---------------------------------------------------- +# Application version +# ---------------------------------------------------- +include ../../vsn.mk +VSN=$(PUBLIC_KEY_VSN) +APPLICATION=public_key + +# ---------------------------------------------------- +# Include dependency +# ---------------------------------------------------- + +ifndef DOCSUPPORT +include make.dep +endif + +# ---------------------------------------------------- +# Release directory specification +# ---------------------------------------------------- +RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN) +# ---------------------------------------------------- +# Target Specs +# ---------------------------------------------------- +XML_APPLICATION_FILES = ref_man.xml +XML_REF3_FILES = public_key.xml +XML_REF6_FILES = + +XML_PART_FILES = part.xml part_notes.xml +XML_CHAPTER_FILES = \ + introduction.xml \ + public_key_records.xml \ + cert_records.xml \ + notes.xml + +BOOK_FILES = book.xml + +GIF_FILES = note.gif + +# ---------------------------------------------------- + +TOP_HTML_FILES = + +HTML_FILES = $(XML_APPLICATION_FILES:%.xml=$(HTMLDIR)/%.html) \ + $(XML_PART_FILES:%.xml=$(HTMLDIR)/%.html) + +INFO_FILE = ../../info + +EXTRA_FILES = \ + $(DEFAULT_GIF_FILES) \ + $(DEFAULT_HTML_FILES) \ + $(XML_REF3_FILES:%.xml=$(HTMLDIR)/%.html) \ + $(XML_CHAPTER_FILES:%.xml=$(HTMLDIR)/%.html) + +MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3) + +ifdef DOCSUPPORT + +HTML_REF_MAN_FILE = $(HTMLDIR)/index.html + +TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf + +else + +TEX_FILES_BOOK = \ + $(BOOK_FILES:%.xml=%.tex) +TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \ + $(XML_APPLICATION_FILES:%.xml=%.tex) +TEX_FILES_USERS_GUIDE = \ + $(XML_PART_FILES:%.xml=%.tex) \ + $(XML_CHAPTER_FILES:%.xml=%.tex) + +TOP_PDF_FILE = public_key-$(VSN).pdf +TOP_PS_FILE = public_key-$(VSN).ps + +$(TOP_PDF_FILE): book.dvi ../../vsn.mk + $(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@ + +$(TOP_PS_FILE): book.dvi ../../vsn.mk + $(DVI2PS) $(DVIPS_FLAGS) -f $< > $@ + +endif + +# ---------------------------------------------------- +# FLAGS +# ---------------------------------------------------- +XML_FLAGS += +DVIPS_FLAGS += + +# ---------------------------------------------------- +# Targets +# ---------------------------------------------------- +$(HTMLDIR)/%.gif: %.gif + $(INSTALL_DATA) $< $@ + +ifdef DOCSUPPORT + +docs: pdf html man + +$(TOP_PDF_FILE): $(XML_FILES) + +pdf: $(TOP_PDF_FILE) + +html: gifs $(HTML_REF_MAN_FILE) + +clean clean_docs: + rm -rf $(HTMLDIR)/* + rm -f $(MAN3DIR)/* + rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo) + rm -f errs core *~ + +else + +ifeq ($(DOCTYPE),pdf) +docs: pdf +else +ifeq ($(DOCTYPE),ps) +docs: ps +else +docs: html gifs man +endif +endif + +pdf: $(TOP_PDF_FILE) + +ps: $(TOP_PS_FILE) + +html: $(HTML_FILES) + +clean clean_docs clean_tex: + rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK) + rm -f $(HTML_FILES) $(MAN3_FILES) + rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE) + rm -f errs core *~ min_head.gif \ + $(LATEX_CLEAN) + +endif + +man: $(MAN3_FILES) + +gifs: $(GIF_FILES:%=$(HTMLDIR)/%) + +debug opt: + + +# ---------------------------------------------------- +# Release Target +# ---------------------------------------------------- +include $(ERL_TOP)/make/otp_release_targets.mk + +ifdef DOCSUPPORT + +release_docs_spec: docs + $(INSTALL_DIR) $(RELSYSDIR)/doc/pdf + $(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf + $(INSTALL_DIR) $(RELSYSDIR)/doc/html + $(INSTALL_DATA) $(HTMLDIR)/* \ + $(RELSYSDIR)/doc/html + $(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR) + $(INSTALL_DIR) $(RELEASE_PATH)/man/man3 + $(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3 +else + +ifeq ($(DOCTYPE),pdf) +release_docs_spec: pdf + $(INSTALL_DIR) $(RELEASE_PATH)/pdf + $(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf +else +ifeq ($(DOCTYPE),ps) +release_docs_spec: ps + $(INSTALL_DIR) $(RELEASE_PATH)/ps + $(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps +else +release_docs_spec: docs + $(INSTALL_DIR) $(RELSYSDIR)/doc/html + $(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \ + $(RELSYSDIR)/doc/html + $(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR) + $(INSTALL_DIR) $(RELEASE_PATH)/man/man3 + $(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3 +endif +endif + +endif + +release_spec: + +info: + @echo "GIF_FILES:\n$(GIF_FILES)" + @echo "" + @echo "EXTRA_FILES:\n$(EXTRA_FILES)" + @echo "" + @echo "HTML_FILES:\n$(HTML_FILES)" + @echo "" + @echo "TOP_HTML_FILES:\n$(TOP_HTML_FILES)" + @echo "" + @echo "DEFAULT_GIF_FILES:\n$(DEFAULT_GIF_FILES)" + @echo "" + @echo "DEFAULT_HTML_FILES:\n$(DEFAULT_HTML_FILES)" + @echo "" + @echo "XML_REF3_FILES:\n$(XML_REF3_FILES)" + @echo "" + @echo "XML_REF6_FILES:\n$(XML_REF6_FILES)" + @echo "" + @echo "XML_CHAPTER_FILES:\n$(XML_CHAPTER_FILES)" + @echo "" diff --git a/lib/public_key/doc/src/book.xml b/lib/public_key/doc/src/book.xml new file mode 100644 index 0000000000..d3b8c7a2c7 --- /dev/null +++ b/lib/public_key/doc/src/book.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE book SYSTEM "book.dtd"> + +<book xmlns:xi="http://www.w3.org/2001/XInclude"> + <header titlestyle="normal"> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>public_key</title> + <prepared>Ingela Anderton Andin</prepared> + <docno></docno> + <date>2008-01-22</date> + <rev></rev> + <file>book.sgml</file> + </header> + <insidecover> + </insidecover> + <pagetext>public_key</pagetext> + <preamble> + <contents level="2"></contents> + </preamble> + <parts lift="no"> + <xi:include href="part.xml"/> + </parts> + <applications> + <xi:include href="ref_man.xml"/> + </applications> + <releasenotes> + <xi:include href="notes.xml"/> + </releasenotes> + <listofterms></listofterms> + <index></index> +</book> + diff --git a/lib/public_key/doc/src/cert_records.xml b/lib/public_key/doc/src/cert_records.xml new file mode 100644 index 0000000000..8fb4ea5fd0 --- /dev/null +++ b/lib/public_key/doc/src/cert_records.xml @@ -0,0 +1,612 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE chapter SYSTEM "chapter.dtd"> + +<chapter> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>Certificate records</title> + <prepared>Ingela Anderton Andin</prepared> + <responsible></responsible> + <docno></docno> + <approved></approved> + <checked></checked> + <date>2008-02-06</date> + <rev>A</rev> + <file>cert_records.xml</file> + </header> + + <p>This chapter briefly describes erlang records derived from asn1 + specifications used to handle X509 certificates. The intent is to + describe the data types and not to specify the meaning of each + component for this we refer you to RFC 3280. + </p> + + <p>Use the following include directive to get access to the + records and constant macros described in the following sections.</p> + + <code> -include_lib("public_key/include/public_key.hrl"). </code> + + <section> + <title>Common Data Types</title> + + <p>Common non standard erlang + data types used to described the record fields in the + below sections are defined in <seealso + marker="public_key">public key reference manual </seealso> or + follows here.</p> + + <p><c>time() = uct_time() | general_time()</c></p> + + <p><c>uct_time() = {utcTime, "YYMMDDHHMMSSZ"} </c></p> + + <p><c>general_time() = {generalTime, "YYYYMMDDHHMMSSZ"} </c></p> + + <p><c> + general_name() = {rfc822Name, string()} | {dNSName, string()} + | {x400Address, string()} | {directoryName, + {rdnSequence, [#AttributeTypeAndValue'{}]}} | + | {eidPartyName, special_string()} + | {eidPartyName, special_string(), special_string()} + | {uniformResourceIdentifier, string()} | {ipAddress, string()} | + {registeredId, oid()} | {otherName, term()} + </c></p> + + <p><c> + special_string() = + {teletexString, string()} | {printableString, string()} | + {universalString, string()} | {utf8String, string()} | + {bmpString, string()} + </c></p> + + <p><c> + dist_reason() = unused | keyCompromise | cACompromise | + affiliationChanged | superseded | cessationOfOperation | + certificateHold | privilegeWithdrawn | + aACompromise + </c></p> + </section> + + <section> + <title> PKIX Certificates</title> +<code> +#'Certificate'{ + tbsCertificate, % #'TBSCertificate'{} + signatureAlgorithm, % #'AlgorithmIdentifier'{} + signature % {0, binary()} - asn1 compact bitstring + }. + +#'TBSCertificate'{ + version, % v1 | v2 | v3 + serialNumber, % integer() + signature, % #'AlgorithmIdentifier'{} + issuer, % {rdnSequence, [#AttributeTypeAndValue'{}]} + validity, % #'Validity'{} + subject, % {rdnSequence, [#AttributeTypeAndValue'{}]} + subjectPublicKeyInfo, % #'SubjectPublicKeyInfo'{} + issuerUniqueID, % binary() | asn1_novalue + subjectUniqueID, % binary() | asn1_novalue + extensions % [#'Extension'{}] + }. + +#'AlgorithmIdentifier'{ + algorithm, % oid() + parameters % asn1_der_encoded() + }. +#'SignatureAlgorithm'{ + algorithm, % id_signature_algorithm() + parameters % public_key_params() + }. +</code> + +<p><c> id_signature_algorithm() = ?oid_name_as_erlang_atom</c> for available +oid names see table below. Ex: ?'id-dsa-with-sha1'</p> +<table> + <row> + <cell align="left" valign="middle">OID name</cell> + </row> + <row> + <cell align="left" valign="middle">id-dsa-with-sha1</cell> + </row> + <row> + <cell align="left" valign="middle">md2WithRSAEncryption</cell> + </row> + <row> + <cell align="left" valign="middle">md5WithRSAEncryption</cell> + </row> + <row> + <cell align="left" valign="middle">sha1WithRSAEncryption</cell> + </row> + <row> + <cell align="left" valign="middle">ecdsa-with-SHA1</cell> + </row> + <tcaption>Signature algorithm oids </tcaption> +</table> + +<code> +#'AttributeTypeAndValue'{ + type, % id_attributes() + value % term() + }. +</code> + +<p><c>id_attributes() = ?oid_name_as_erlang_atom</c> +for available oid names see table below. Ex: ?'id-at-name'</p> +<table> + <row> + <cell align="left" valign="middle">OID name</cell> + <cell align="left" valign="middle">Value type</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-name</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-surname</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-givenName</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-initials </cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-generationQualifier</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-commonName</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-localityName</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-stateOrProvinceName</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-organizationName</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-title</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-dnQualifier</cell> + <cell align="left" valign="middle">{printableString, string()}</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-countryName</cell> + <cell align="left" valign="middle">{printableString, string()}</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-serialNumber</cell> + <cell align="left" valign="middle">{printableString, string()}</cell> + </row> + <row> + <cell align="left" valign="middle">id-at-pseudonym</cell> + <cell align="left" valign="middle">special_string()</cell> + </row> + <tcaption>Attribute oids </tcaption> +</table> + +<code> +#'Validity'{ + notBefore, % time() + notAfter % time() + }. + +#'SubjectPublicKeyInfo'{ + algorithm, % #AlgorithmIdentifier{} + subjectPublicKey % binary() + }. + +#'SubjectPublicKeyInfoAlgorithm'{ + algorithm, % id_public_key_algorithm() + parameters % public_key_params() + }. +</code> + +<p><c> id_public_key_algorithm() = ?oid_name_as_erlang_atom</c> for available +oid names see table below. Ex: ?'id-dsa'</p> +<table> + <row> + <cell align="left" valign="middle">OID name</cell> + </row> + <row> + <cell align="left" valign="middle">rsaEncryption</cell> + </row> + <row> + <cell align="left" valign="middle">id-dsa</cell> + </row> + <row> + <cell align="left" valign="middle">dhpublicnumber</cell> + </row> + <row> + <cell align="left" valign="middle">ecdsa-with-SHA1</cell> + </row> + <row> + <cell align="left" valign="middle">id-keyExchangeAlgorithm</cell> + </row> + <tcaption>Public key algorithm oids </tcaption> +</table> + + +<code> +#'Extension'{ + extnID, % id_extensions() | oid() + critical, % boolean() + extnValue % asn1_der_encoded() + }. +</code> + +<p><c>id_extensions() = ?oid_name_as_erlang_atom</c> for +available oid names see tables. Ex: ?'id-ce-authorityKeyIdentifier'<seealso +marker="#StdCertExt">Standard Certificate Extensions</seealso>, + <seealso + marker="#PrivIntExt">Private Internet Extensions</seealso>, <seealso + marker="#CRLCertExt">CRL Extensions</seealso> and + <seealso + marker="#CRLEntryExt">CRL Entry Extensions</seealso>. +</p> + +</section> + +<section> + <marker id="StdCertExt"></marker> + <title>Standard certificate extensions</title> + + <table> + <row> + <cell align="left" valign="middle">OID name</cell> + <cell align="left" valign="middle">Value type</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-authorityKeyIdentifier</cell> + <cell align="left" valign="middle">#'AuthorityKeyIdentifier'{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-subjectKeyIdentifier</cell> + <cell align="left" valign="middle">oid()</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-keyUsage</cell> + <cell align="left" valign="middle"> [key_usage()]</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-privateKeyUsagePeriod</cell> + <cell align="left" valign="middle">#'PrivateKeyUsagePeriod'{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-certificatePolicies</cell> + <cell align="left" valign="middle">#'PolicyInformation'{}</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-policyMappings</cell> + <cell align="left" valign="middle">#'PolicyMappings_SEQOF'{}</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-subjectAltName</cell> + <cell align="left" valign="middle">general_name()</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-issuerAltName</cell> + <cell align="left" valign="middle">general_name()</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-subjectDirectoryAttributes</cell> + <cell align="left" valign="middle"> [#'Attribute'{}]</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-basicConstraints</cell> + <cell align="left" valign="middle">#'BasicConstraints'{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-nameConstraints</cell> + <cell align="left" valign="middle">#'NameConstraints'{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-policyConstraints</cell> + <cell align="left" valign="middle">#'PolicyConstraints'{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-extKeyUsage</cell> + <cell align="left" valign="middle">[id_key_purpose()]</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-cRLDistributionPoints</cell> + <cell align="left" valign="middle">#'DistributionPoint'{}</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-inhibitAnyPolicy</cell> + <cell align="left" valign="middle">integer()</cell> + </row> + + <row> + <cell align="left" valign="middle">id-ce-freshestCRL</cell> + <cell align="left" valign="middle">[#'DistributionPoint'{}]</cell> + </row> + + + <tcaption>Standard Certificate Extensions</tcaption> + </table> + + <p><c> + key_usage() = digitalSignature | nonRepudiation | keyEncipherment| + dataEncipherment | keyAgreement | keyCertSign | cRLSign | encipherOnly | + decipherOnly + </c></p> + + <p><c> id_key_purpose() = ?oid_name_as_erlang_atom</c> for available +oid names see table below. Ex: ?'id-kp-serverAuth'</p> + +<table> + <row> + <cell align="left" valign="middle">OID name</cell> + </row> + <row> + <cell align="left" valign="middle">id-kp-serverAuth</cell> + </row> + <row> + <cell align="left" valign="middle">id-kp-clientAuth</cell> + </row> + <row> + <cell align="left" valign="middle">id-kp-codeSigning</cell> + </row> + <row> + <cell align="left" valign="middle">id-kp-emailProtection</cell> + </row> + <row> + <cell align="left" valign="middle">id-kp-timeStamping</cell> + </row> + <row> + <cell align="left" valign="middle">id-kp-OCSPSigning</cell> + </row> + <tcaption>Key purpose oids </tcaption> +</table> + + <code> +#'AuthorityKeyIdentifier'{ + keyIdentifier, % oid() + authorityCertIssuer, % general_name() + authorityCertSerialNumber % integer() + }. + +#'PrivateKeyUsagePeriod'{ + notBefore, % general_time() + notAfter % general_time() + }. + +#'PolicyInformation'{ + policyIdentifier, % oid() + policyQualifiers % [#PolicyQualifierInfo{}] + }. + +#'PolicyQualifierInfo'{ + policyQualifierId, % oid() + qualifier % string() | #'UserNotice'{} + }. + +#'UserNotice'{ + noticeRef, % #'NoticeReference'{} + explicitText % string() + }. + +#'NoticeReference'{ + organization, % string() + noticeNumbers % [integer()] + }. + +#'PolicyMappings_SEQOF'{ + issuerDomainPolicy, % oid() + subjectDomainPolicy % oid() + }. + +#'Attribute'{ + type, % oid() + values % [asn1_der_encoded()] + }). + +#'BasicConstraints'{ + cA, % boolean() + pathLenConstraint % integer() + }). + +#'NameConstraints'{ + permittedSubtrees, % [#'GeneralSubtree'{}] + excludedSubtrees % [#'GeneralSubtree'{}] + }). + +#'GeneralSubtree'{ + base, % general_name() + minimum, % integer() + maximum % integer() + }). + +#'PolicyConstraints'{ + requireExplicitPolicy, % integer() + inhibitPolicyMapping % integer() + }). + +#'DistributionPoint'{ + distributionPoint, % general_name() | [#AttributeTypeAndValue{}] + reasons, % [dist_reason()] + cRLIssuer % general_name() + }). +</code> + +</section> + + <section> + <marker id="PrivIntExt"></marker> + <title>Private Internet Extensions</title> + + <table> + <row> + <cell align="left" valign="middle">OID name</cell> + <cell align="left" valign="middle">Value type</cell> + </row> + <row> + <cell align="left" valign="middle">id-pe-authorityInfoAccess</cell> + <cell align="left" valign="middle">[#'AccessDescription'{}]</cell> + </row> + <row> + <cell align="left" valign="middle">id-pe-subjectInfoAccess</cell> + <cell align="left" valign="middle">[#'AccessDescription'{}]</cell> + </row> + <tcaption>Private Internet Extensions</tcaption> + </table> + +<code> +#'AccessDescription'{ + accessMethod, % oid() + accessLocation % general_name() + }). +</code> + + </section> + +<section> + <title> CRL and CRL Extensions Profile</title> + + <code> +#'CertificateList'{ + tbsCertList, % #'TBSCertList{} + signatureAlgorithm, % #'AlgorithmIdentifier'{} + signature % {0, binary()} - asn1 compact bitstring + }). + +#'TBSCertList'{ + version, % v2 (if defined) + signature, % #AlgorithmIdentifier{} + issuer, % {rdnSequence, [#AttributeTypeAndValue'{}]} + thisUpdate, % time() + nextUpdate, % time() + revokedCertificates, % [#'TBSCertList_revokedCertificates_SEQOF'{}] + crlExtensions % [#'Extension'{}] + }). + +#'TBSCertList_revokedCertificates_SEQOF'{ + userCertificate, % integer() + revocationDate, % timer() + crlEntryExtensions % [#'Extension'{}] + }). + </code> + + <section> + <marker id="CRLCertExt"></marker> + <title>CRL Extensions </title> + + <table> + <row> + <cell align="left" valign="middle">OID name</cell> + <cell align="left" valign="middle">Value type</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-authorityKeyIdentifier</cell> + <cell align="left" valign="middle">#'AuthorityKeyIdentifier{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-issuerAltName</cell> + <cell align="left" valign="middle">{rdnSequence, [#AttributeTypeAndValue'{}]}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-cRLNumber</cell> + <cell align="left" valign="middle">integer()</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-deltaCRLIndicator</cell> + <cell align="left" valign="middle">integer()</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-issuingDistributionPoint</cell> + <cell align="left" valign="middle">#'IssuingDistributionPoint'{}</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-freshestCRL</cell> + <cell align="left" valign="middle">[#'Distributionpoint'{}]</cell> + </row> + + <tcaption>CRL Extensions</tcaption> + </table> + + <code> +#'IssuingDistributionPoint'{ + distributionPoint, % general_name() | [#AttributeTypeAndValue'{}] + onlyContainsUserCerts, % boolean() + onlyContainsCACerts, % boolean() + onlySomeReasons, % [dist_reason()] + indirectCRL, % boolean() + onlyContainsAttributeCerts % boolean() + }). + </code> + </section> + + <section> + <marker id="CRLEntryExt"></marker> + <title> CRL Entry Extensions </title> + + <table> + <row> + <cell align="left" valign="middle">OID name</cell> + <cell align="left" valign="middle">Value type</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-cRLReason</cell> + <cell align="left" valign="middle">crl_reason()</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-holdInstructionCode</cell> + <cell align="left" valign="middle">oid()</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-invalidityDate</cell> + <cell align="left" valign="middle">general_time()</cell> + </row> + <row> + <cell align="left" valign="middle">id-ce-certificateIssuer</cell> + <cell align="left" valign="middle">general_name()</cell> + </row> + <tcaption>CRL Entry Extensions</tcaption> + </table> + <p><c> + crl_reason() = unspecified | keyCompromise | cACompromise | + affiliationChanged | superseded | cessationOfOperation | + certificateHold | removeFromCRL | privilegeWithdrawn | + aACompromise + </c></p> + </section> + +</section> +</chapter> diff --git a/lib/public_key/doc/src/fascicules.xml b/lib/public_key/doc/src/fascicules.xml new file mode 100644 index 0000000000..5f41826c56 --- /dev/null +++ b/lib/public_key/doc/src/fascicules.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE fascicules SYSTEM "fascicules.dtd"> + +<fascicules> + <fascicule file="usersguide" href="part_frame.html" entry="no"> + User's Guide + </fascicule> + <fascicule file="ref_man" href="ref_man_frame.html" entry="yes"> + Reference Manual + </fascicule> + <fascicule file="release_notes" href="part_notes_frame.html" entry="no"> + Release Notes + </fascicule> + <fascicule file="" href="../../../../doc/print.html" entry="no"> + Off-Print + </fascicule> +</fascicules> + + diff --git a/lib/public_key/doc/src/introduction.xml b/lib/public_key/doc/src/introduction.xml new file mode 100644 index 0000000000..71488e435a --- /dev/null +++ b/lib/public_key/doc/src/introduction.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE chapter SYSTEM "chapter.dtd"> + +<chapter> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>Introduction</title> + <prepared>Ingela Anderton Andin</prepared> + <responsible></responsible> + <docno></docno> + <approved></approved> + <checked></checked> + <date>2008-01-22</date> + <rev>A</rev> + <file>introduction.xml</file> + </header> + + <section> + <title>Purpose</title> + <p> This application provides an API to public key infrastructure + from RFC 3280 (X.509 certificates) and public key formats defined + by the PKCS-standard.</p> + </section> + + <section> + <title>Prerequisites</title> + <p>It is assumed that the reader is familiar with the Erlang + programming language, concepts of OTP and has a basic understanding + of the concepts of using public keys.</p> + </section> + +</chapter> + diff --git a/lib/public_key/doc/src/make.dep b/lib/public_key/doc/src/make.dep new file mode 100644 index 0000000000..2675556f1b --- /dev/null +++ b/lib/public_key/doc/src/make.dep @@ -0,0 +1,21 @@ +# ---------------------------------------------------- +# >>>> Do not edit this file <<<< +# This file was automaticly generated by +# /home/otp/bin/docdepend +# ---------------------------------------------------- + + +# ---------------------------------------------------- +# TeX files that the DVI file depend on +# ---------------------------------------------------- + +book.dvi: book.tex cert_records.tex introduction.tex \ + part.tex public_key.tex public_key_records.tex \ + ref_man.tex + +# ---------------------------------------------------- +# Source inlined when transforming from source to LaTeX +# ---------------------------------------------------- + +book.tex: ref_man.xml + diff --git a/lib/public_key/doc/src/note.gif b/lib/public_key/doc/src/note.gif Binary files differnew file mode 100644 index 0000000000..6fffe30419 --- /dev/null +++ b/lib/public_key/doc/src/note.gif diff --git a/lib/public_key/doc/src/notes.xml b/lib/public_key/doc/src/notes.xml new file mode 100644 index 0000000000..822f8bdb66 --- /dev/null +++ b/lib/public_key/doc/src/notes.xml @@ -0,0 +1,120 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE chapter SYSTEM "chapter.dtd"> + +<chapter> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>public_key Release Notes</title> + <prepared>Ingela Anderton Andin</prepared> + <responsible>Ingela Anderton Andin</responsible> + <docno></docno> + <approved></approved> + <checked></checked> + <date>2008-01-22</date> + <rev>A</rev> + <file>notes.xml</file> + </header> + + + <section><title>Public_Key 0.4</title> + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + The documentation is now built with open source tools + (xsltproc and fop) that exists on most platforms. One + visible change is that the frames are removed.</p> + <p> + Own Id: OTP-8250</p> + </item> + </list> + </section> + + </section> + + <section><title>Public_Key 0.3</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Unknown attributes in certificates are left encoded + instead of crashing. Patch by Will "wglozer" thanks.</p> + <p> + Own Id: OTP-8100</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Allow public_key:pem_to_der/[1,2] to take a binary as + argument in addition to a filename. Patch by Geoff Cant, + thanks.</p> + <p> + Own Id: OTP-8142</p> + </item> + </list> + </section> + + </section> + +<section><title>Public_Key 0.2</title> + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + X509 certificate handling has been extended and improved + as a result of more extensive testing of both the ssl + and public_key application. Even more extensions of the + certificate handling is yet to be implemented.</p> + <p> + Own Id: OTP-7860</p> + </item> + </list> + </section> + +</section> + +<section><title>Public_Key 0.1</title> + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + First version.</p> + <p> + Own Id: OTP-7637</p> + </item> + </list> + </section> + +</section> + + +</chapter> + diff --git a/lib/public_key/doc/src/part.xml b/lib/public_key/doc/src/part.xml new file mode 100644 index 0000000000..b85fa063ce --- /dev/null +++ b/lib/public_key/doc/src/part.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE part SYSTEM "part.dtd"> + +<part xmlns:xi="http://www.w3.org/2001/XInclude"> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>public_key User's Guide</title> + <prepared>Ingela Anderton Andin</prepared> + <docno></docno> + <date>2008-01-22</date> + <rev></rev> + <file>part.xml</file> + </header> + <description> + <p> This application provides an API to public key infrastructure + from RFC 3280 (X.509 certificates) and some public key formats defined + by the PKCS-standard. </p> + </description> + <xi:include href="introduction.xml"/> + <xi:include href="public_key_records.xml"/> + <xi:include href="cert_records.xml"/> +</part> + diff --git a/lib/public_key/doc/src/part_notes.xml b/lib/public_key/doc/src/part_notes.xml new file mode 100644 index 0000000000..37ca516bc8 --- /dev/null +++ b/lib/public_key/doc/src/part_notes.xml @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE part SYSTEM "part.dtd"> + +<part xmlns:xi="http://www.w3.org/2001/XInclude"> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>public_key Release Notes</title> + <prepared>Ingela Anderton Andin</prepared> + <docno></docno> + <date>2008-01-22</date> + <rev></rev> + </header> + <description> + <p></p> + </description> + <xi:include href="notes.xml"/> +</part> + + diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml new file mode 100644 index 0000000000..dc9a96906f --- /dev/null +++ b/lib/public_key/doc/src/public_key.xml @@ -0,0 +1,317 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE erlref SYSTEM "erlref.dtd"> + +<erlref> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>public_key</title> + <prepared>Ingela Anderton Andin</prepared> + <responsible></responsible> + <docno></docno> + <date></date> + <rev></rev> + </header> + <module>public_key</module> + <modulesummary> API module for public key infrastructure.</modulesummary> + <description> + <p>This module provides functions to handle public key infrastructure + from RFC 3280 - X.509 certificates (will later be upgraded to RFC 5280) + and some parts of the PKCS-standard. + Currently this application is mainly used by the new + ssl implementation. The API is yet under construction + and only a few of the functions are currently documented and thereby supported. + </p> + </description> + + <section> + <title>COMMON DATA TYPES </title> + + <note><p>All records used in this manual + <!-- except #policy_tree_node{} --> + are generated from asn1 specifications + and are documented in the User's Guide. See <seealso + marker="public_key_records">Public key records</seealso> and <seealso + marker="cert_records">X.509 Certificate records</seealso>. + </p></note> + + <p>Use the following include directive to get access to the + records and constant macros described here and in the User's Guide.</p> + + <code> -include_lib("public_key/include/public_key.hrl"). </code> + + <p><em>Data Types </em></p> + + <p><c>boolean() = true | false</c></p> + + <p><c>string = [bytes()]</c></p> + + <p><c>asn1_der_encoded() = binary() | [bytes()]</c></p> + + <p><c>der_bin() = binary() </c></p> + + <p><c>oid() - a tuple of integers + as generated by the asn1 compiler.</c></p> + + <p><c>public_key() = rsa_public_key() | dsa_public_key()</c></p> + + <p><c>rsa_public_key() = #'RSAPublicKey'{}</c></p> + + <p><c>rsa_private_key() = #'RSAPrivateKey'{} </c></p> + + <p><c>dsa_public_key() = integer() </c></p> + + <p><c>public_key_params() = dsa_key_params() </c></p> + + <p><c>dsa_key_params() = #'Dss-Parms'{} </c></p> + + <p><c>private_key() = rsa_private_key() | dsa_private_key()</c></p> + + <p><c>rsa_private_key() = #'RSAPrivateKey'{} </c></p> + + <p><c>dsa_private_key() = #'DSAPrivateKey'{}</c></p> + + <p><c>x509_certificate() = "#Certificate{}"</c></p> + + <p><c>x509_tbs_certificate() = #'TBSCertificate'{} </c></p> + +<!-- <p><c>policy_tree() = [Root, Children]</c></p> --> + +<!-- <p><c>Root = #policy_tree_node{}</c></p> --> + +<!-- <p><c>Children = [] | policy_tree()</c></p> --> + +<!-- <p> The policy_tree_node record has the following fields:</p> --> + +<!-- <taglist> --> + +<!-- <tag>valid_policy</tag> --> +<!-- <item> Is a single policy OID representing a --> +<!-- valid policy for the path of length x.</item> --> + +<!-- <tag>qualifier_set</tag> --> +<!-- <item>A set of policy qualifiers associated --> +<!-- with the valid policy in certificate x.</item> --> + +<!-- <tag>critically_indicator</tag> --> +<!-- <item>The critically_indicator indicates whether the --> +<!-- certificate policy extension in certificate x was marked as --> +<!-- critical. </item> --> + +<!-- <tag>expected_policy_set</tag> --> +<!-- <item>The expected_policy_set contains one or more policy OIDs --> +<!-- that would satisfy this policy in the certificate x+1. </item> --> +<!-- </taglist> --> + </section> + +<funcs> + <func> + <name>decode_private_key(KeyInfo) -> </name> + <name>decode_private_key(KeyInfo, Password) -> {ok, PrivateKey} | {error, Reason}</name> + <fsummary> Decodes an asn1 der encoded private key.</fsummary> + <type> + <v> KeyInfo = {KeyType, der_bin(), ChipherInfo} </v> + <d> As returned from pem_to_der/1 for private keys</d> + <v> KeyType = rsa_private_key | dsa_private_key </v> + <v> ChipherInfo = opaque() | no_encryption </v> + <d> ChipherInfo may contain encryption parameters if the private key is password + protected, these are opaque to the user just pass the value returned by pem_to_der/1 + to this function.</d> + <v> Password = string() </v> + <d>Must be specified if CipherInfo =/= no_encryption</d> + <v> PrivateKey = private_key() </v> + <v> Reason = term() </v> + </type> + <desc> + <p>Decodes an asn1 der encoded private key.</p> + </desc> + </func> + + <func> + <name>pem_to_der(File) -> {ok, [Entry]}</name> + <fsummary>Reads a PEM file and translates it into its asn1 der + encoded parts.</fsummary> + <type> + <v>File = path()</v> + <v>Password = string()</v> + <v>Entry = {entry_type(), der_bin(), CipherInfo}</v> + <v> ChipherInfo = opaque() | no_encryption </v> + <d> ChipherInfo may contain encryption parameters if the private key is password + protected, these will be handled by the function decode_private_key/2. </d> + <v>entry_type() = cert | cert_req | rsa_private_key | dsa_private_key | + dh_params </v> + </type> + <desc> + <p>Reads a PEM file and translates it into its asn1 der + encoded parts.</p> + </desc> + </func> + + <func> + <name>pkix_decode_cert(Cert, Type) -> {ok, DecodedCert} | {error, Reason}</name> + <fsummary> Decodes an asn1 der encoded pkix certificate. </fsummary> + <type> + <v>Cert = asn1_der_encoded() </v> + <v>Type = plain | otp</v> + <v>DecodeCert = x509_certificate() </v> + <d>When type is specified as otp the asn1 spec OTP-PKIX.asn1 is used to decode known + extensions and enhance the signature field in + #'Certificate'{} and '#TBSCertificate'{}. This is currently used by the new ssl + implementation but not documented and supported for the public_key application.</d> + <v>Reason = term() </v> + </type> + <desc> + <p> Decodes an asn1 encoded pkix certificate.</p> + </desc> + </func> + +<!-- <func> --> +<!-- <name> pkix_encode_cert(Cert) -> {ok, EncodedCert} | {error, Reason}</name> --> +<!-- <fsummary>Encodes a certificate record using asn1. </fsummary> --> +<!-- <type> --> +<!-- <v>Cert = x509_certificate() </v> --> +<!-- <v>EncodedCert = asn1_der_encoded() </v> --> +<!-- <v>Reason = term() </v> --> +<!-- </type> --> +<!-- <desc> --> +<!-- <p> Encodes a certificate record using asn1.</p> --> +<!-- </desc> --> +<!-- </func> --> + +<!-- <func> --> +<!-- <name>pkix_path_validation(TrustedCert, CertChain, Options) -> {ok, Result} | {error, Reason}</name> --> + +<!-- <fsummary>Performs a basic path validation according to RFC 3280</fsummary> --> +<!-- <type> --> +<!-- <v>TrustedCert = asn1_der_encoded()</v> --> +<!-- <v>CertChain = [asn1_der_encoded()]</v> --> +<!-- <v>Options = [{Option, Value}]</v> --> +<!-- <v>Result = {{algorithm(), public_key(), --> +<!-- public_key_params()}, policy_tree()}</v> --> +<!-- </type> --> + +<!-- <desc> --> +<!-- <p>Available options are: </p> --> +<!-- <taglist> --> +<!-- <tag>{validate_extension_fun, fun()}</tag> --> +<!-- <item> A fun behaving according to the following outline: --> +<!-- <code> --> +<!-- [...] --> +<!-- ValidateExtensionFun = fun(Extensions, UserState) -> --> +<!-- validate_extensions(Extensions, UserState, []) --> +<!-- end, --> +<!-- [...] --> + +<!-- validate_extensions([], UserState, UnknowExtension) -> --> +<!-- {UserState, UnknowExtension}; --> +<!-- validate_extensions([#'Extension'{} = Ext | Rest], UserState, UnknowExtension) -> --> +<!-- case valid_extension(Ext) of --> +<!-- {true, NewUserState} -> --> +<!-- validate_extensions(Rest, NewUserState, UnknowExtension); --> +<!-- unknown -> --> +<!-- validate_extensions(Rest, UserState, [Ext | UnknowExtension]); --> +<!-- {false, Reason} -> --> +<!-- throw(bad_cert, Reason) --> +<!-- end. --> +<!-- </code> --> + +<!-- </item> --> + +<!-- <tag>{policy_set, [oid()]}</tag> --> +<!-- <item>A set of certificate policy --> +<!-- identifiers naming the policies that are acceptable to the --> +<!-- certificate user. If the user is not concerned about --> +<!-- certificate policy there is no need --> +<!-- to set this option. Defaults to the --> +<!-- special value [?anyPolicy]. --> +<!-- </item> --> + +<!-- <tag>{policy_mapping, boolean()}</tag> --> +<!-- <item>Indicates if policy --> +<!-- mapping, initially, is allowed in the certification path. --> +<!-- Defaults to false. --> +<!-- </item> --> + +<!-- <tag> {explicit_policy, boolean()}</tag> --> +<!-- <item>Indicates if the path, initially, must be --> +<!-- valid for at least one of the certificate policies in the user --> +<!-- specified policy set. --> +<!-- Defaults to false. --> +<!-- </item> --> + +<!-- <tag>{inhibit_any_policy, boolean()}</tag> --> +<!-- <item>Indicates whether the anyPolicy OID, initially, should --> +<!-- be processed if it is included in a certificate. --> +<!-- Defaults to false. --> +<!-- </item> --> + +<!-- </taglist> --> + +<!-- <p>Performs a basic path validation according to RFC 3280, --> +<!-- e.i. signature validation, time validation, issuer validation, --> +<!-- alternative subject name validation, CRL validation, policy --> +<!-- validation and checks that no unknown extensions --> +<!-- are marked as critical. The option <c>validate_extension_fun</c> --> +<!-- may be used to validate application specific extensions. If --> +<!-- a validation criteria is found to be invalid the validation process --> +<!-- will immediately be stopped and this functions will return --> +<!-- {error, Reason}. --> +<!-- </p> --> +<!-- </desc> --> +<!-- </func> --> + +<!-- <func> --> +<!-- <name>sign(DigestOrTBSCert, Key) -> </name> --> +<!-- <name>sign(DigestOrTBSCert, Key, KeyParams) -> {ok, SignatureOrDerCert} | {error, Reason}</name> --> +<!-- <fsummary>Signs Digest/Certificate using Key.</fsummary> --> +<!-- <type> --> +<!-- <v>DigestOrTBSCert = binary() | x509_tbs_certificate()</v> --> +<!-- <v>Key = private_key()</v> --> +<!-- <v>SignatureORDerCert = binary() | der_bin() </v> --> +<!-- <v>Reason = term() </v> --> +<!-- </type> --> +<!-- <desc> --> +<!-- <p> Signs Digest/Certificate using Key, in the later --> +<!-- case a der encoded x509_certificate() will be returned. </p> --> +<!-- </desc> --> +<!-- </func> --> + +<!-- <func> --> +<!-- <name>verify_signature(Digest, Signature, Key) -> </name> --> +<!-- <name>verify_signature(DerCert, Key, KeyParams) -> </name> --> +<!-- <name>verify_signature(Digest, Signature, Key, Params) -> Verified </name> --> +<!-- <fsummary> Verifies the signature. </fsummary> --> +<!-- <type> --> +<!-- <v>Digest = binary() </v> --> +<!-- <v>DerCert = der_bin() </v> --> +<!-- <v>Signature = binary() </v> --> +<!-- <v>Key = public_key() </v> --> +<!-- <v>Params = key_params()</v> --> +<!-- <v>Verified = boolean()</v> --> +<!-- </type> --> +<!-- <desc> --> +<!-- <p> Verifies the signature Signature. If the key is an rsa-key no --> +<!-- paramters are neeed.</p> --> +<!-- </desc> --> +<!-- </func> --> +</funcs> + +</erlref> diff --git a/lib/public_key/doc/src/public_key_records.xml b/lib/public_key/doc/src/public_key_records.xml new file mode 100644 index 0000000000..45b7106859 --- /dev/null +++ b/lib/public_key/doc/src/public_key_records.xml @@ -0,0 +1,99 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE chapter SYSTEM "chapter.dtd"> + +<chapter> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>Public key records</title> + <prepared>Ingela Anderton Andin</prepared> + <responsible></responsible> + <docno></docno> + <approved></approved> + <checked></checked> + <date>2008-02-06</date> + <rev>A</rev> + <file>public_key_records.xml</file> + </header> + + <p>This chapter briefly describes Erlang records derived from asn1 + specifications used to handle public and private keys. The intent + is to describe the data types and not to specify the meaning of + each component for this we refer you to the relevant standards and RFCs.</p> + + <p>Use the following include directive to get access to the + records and constant macros used in the following sections.</p> + + <code> -include_lib("public_key/include/public_key.hrl"). </code> + + <section> + <title>RSA as defined by the PKCS-1 standard and RFC 3447.</title> + + <code> +#'RSAPublicKey'{ + modulus, % integer() + publicExponent % integer() + }. + +#'RSAPrivateKey'{ + version, % two-prime | multi + modulus, % integer() + publicExponent, % integer() + privateExponent, % integer() + prime1, % integer() + prime2, % integer() + exponent1, % integer() + exponent2, % integer() + coefficient, % integer() + otherPrimeInfos % [#OtherPrimeInfo{}] | asn1_NOVALUE + }. + +#'OtherPrimeInfo'{ + prime, % integer() + exponent, % integer() + coefficient % integer() + }. + </code> + + </section> + + <section> + <title>DSA as defined by Digital Signature Standard (NIST FIPS PUB 186-2) + </title> + + <code> +#'DSAPrivateKey',{ + version, % integer() + p, % integer() + q, % integer() + g, % integer() + y, % integer() + x % integer() + }. + +#'Dss-Parms',{ + p, % integer() + q, % integer() + g % integer() + }. + </code> + </section> +</chapter> diff --git a/lib/public_key/doc/src/ref_man.xml b/lib/public_key/doc/src/ref_man.xml new file mode 100644 index 0000000000..0f11281d05 --- /dev/null +++ b/lib/public_key/doc/src/ref_man.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE application SYSTEM "application.dtd"> + +<application xmlns:xi="http://www.w3.org/2001/XInclude"> + <header> + <copyright> + <year>2008</year> + <year>2008</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>public_key Reference Manual</title> + <prepared>Ingela Anderton Andin</prepared> + <docno></docno> + <date>2008-01-22</date> + <rev></rev> + <file>ref_man.xml</file> + </header> + <description> + <p> Provides functions to handle public key infrastructure + from RFC 3280 (X.509 certificates) and some parts of the PKCS-standard. + </p> + </description> + <xi:include href="public_key.xml"/> +</application> + + + + |