aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/doc/src
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public_key/doc/src')
-rw-r--r--lib/public_key/doc/src/Makefile227
-rw-r--r--lib/public_key/doc/src/book.xml51
-rw-r--r--lib/public_key/doc/src/cert_records.xml612
-rw-r--r--lib/public_key/doc/src/fascicules.xml19
-rw-r--r--lib/public_key/doc/src/introduction.xml52
-rw-r--r--lib/public_key/doc/src/make.dep21
-rw-r--r--lib/public_key/doc/src/note.gifbin0 -> 1539 bytes
-rw-r--r--lib/public_key/doc/src/notes.xml120
-rw-r--r--lib/public_key/doc/src/part.xml42
-rw-r--r--lib/public_key/doc/src/part_notes.xml38
-rw-r--r--lib/public_key/doc/src/public_key.xml317
-rw-r--r--lib/public_key/doc/src/public_key_records.xml99
-rw-r--r--lib/public_key/doc/src/ref_man.xml43
13 files changed, 1641 insertions, 0 deletions
diff --git a/lib/public_key/doc/src/Makefile b/lib/public_key/doc/src/Makefile
new file mode 100644
index 0000000000..08d1396cca
--- /dev/null
+++ b/lib/public_key/doc/src/Makefile
@@ -0,0 +1,227 @@
+#
+# %CopyrightBegin%
+#
+# Copyright Ericsson AB 2008-2009. All Rights Reserved.
+#
+# The contents of this file are subject to the Erlang Public License,
+# Version 1.1, (the "License"); you may not use this file except in
+# compliance with the License. You should have received a copy of the
+# Erlang Public License along with this software. If not, it can be
+# retrieved online at http://www.erlang.org/.
+#
+# Software distributed under the License is distributed on an "AS IS"
+# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+# the License for the specific language governing rights and limitations
+# under the License.
+#
+# %CopyrightEnd%
+#
+
+#
+include $(ERL_TOP)/make/target.mk
+include $(ERL_TOP)/make/$(TARGET)/otp.mk
+
+# ----------------------------------------------------
+# Application version
+# ----------------------------------------------------
+include ../../vsn.mk
+VSN=$(PUBLIC_KEY_VSN)
+APPLICATION=public_key
+
+# ----------------------------------------------------
+# Include dependency
+# ----------------------------------------------------
+
+ifndef DOCSUPPORT
+include make.dep
+endif
+
+# ----------------------------------------------------
+# Release directory specification
+# ----------------------------------------------------
+RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
+# ----------------------------------------------------
+# Target Specs
+# ----------------------------------------------------
+XML_APPLICATION_FILES = ref_man.xml
+XML_REF3_FILES = public_key.xml
+XML_REF6_FILES =
+
+XML_PART_FILES = part.xml part_notes.xml
+XML_CHAPTER_FILES = \
+ introduction.xml \
+ public_key_records.xml \
+ cert_records.xml \
+ notes.xml
+
+BOOK_FILES = book.xml
+
+GIF_FILES = note.gif
+
+# ----------------------------------------------------
+
+TOP_HTML_FILES =
+
+HTML_FILES = $(XML_APPLICATION_FILES:%.xml=$(HTMLDIR)/%.html) \
+ $(XML_PART_FILES:%.xml=$(HTMLDIR)/%.html)
+
+INFO_FILE = ../../info
+
+EXTRA_FILES = \
+ $(DEFAULT_GIF_FILES) \
+ $(DEFAULT_HTML_FILES) \
+ $(XML_REF3_FILES:%.xml=$(HTMLDIR)/%.html) \
+ $(XML_CHAPTER_FILES:%.xml=$(HTMLDIR)/%.html)
+
+MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3)
+
+ifdef DOCSUPPORT
+
+HTML_REF_MAN_FILE = $(HTMLDIR)/index.html
+
+TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf
+
+else
+
+TEX_FILES_BOOK = \
+ $(BOOK_FILES:%.xml=%.tex)
+TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \
+ $(XML_APPLICATION_FILES:%.xml=%.tex)
+TEX_FILES_USERS_GUIDE = \
+ $(XML_PART_FILES:%.xml=%.tex) \
+ $(XML_CHAPTER_FILES:%.xml=%.tex)
+
+TOP_PDF_FILE = public_key-$(VSN).pdf
+TOP_PS_FILE = public_key-$(VSN).ps
+
+$(TOP_PDF_FILE): book.dvi ../../vsn.mk
+ $(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@
+
+$(TOP_PS_FILE): book.dvi ../../vsn.mk
+ $(DVI2PS) $(DVIPS_FLAGS) -f $< > $@
+
+endif
+
+# ----------------------------------------------------
+# FLAGS
+# ----------------------------------------------------
+XML_FLAGS +=
+DVIPS_FLAGS +=
+
+# ----------------------------------------------------
+# Targets
+# ----------------------------------------------------
+$(HTMLDIR)/%.gif: %.gif
+ $(INSTALL_DATA) $< $@
+
+ifdef DOCSUPPORT
+
+docs: pdf html man
+
+$(TOP_PDF_FILE): $(XML_FILES)
+
+pdf: $(TOP_PDF_FILE)
+
+html: gifs $(HTML_REF_MAN_FILE)
+
+clean clean_docs:
+ rm -rf $(HTMLDIR)/*
+ rm -f $(MAN3DIR)/*
+ rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo)
+ rm -f errs core *~
+
+else
+
+ifeq ($(DOCTYPE),pdf)
+docs: pdf
+else
+ifeq ($(DOCTYPE),ps)
+docs: ps
+else
+docs: html gifs man
+endif
+endif
+
+pdf: $(TOP_PDF_FILE)
+
+ps: $(TOP_PS_FILE)
+
+html: $(HTML_FILES)
+
+clean clean_docs clean_tex:
+ rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK)
+ rm -f $(HTML_FILES) $(MAN3_FILES)
+ rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE)
+ rm -f errs core *~ min_head.gif \
+ $(LATEX_CLEAN)
+
+endif
+
+man: $(MAN3_FILES)
+
+gifs: $(GIF_FILES:%=$(HTMLDIR)/%)
+
+debug opt:
+
+
+# ----------------------------------------------------
+# Release Target
+# ----------------------------------------------------
+include $(ERL_TOP)/make/otp_release_targets.mk
+
+ifdef DOCSUPPORT
+
+release_docs_spec: docs
+ $(INSTALL_DIR) $(RELSYSDIR)/doc/pdf
+ $(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf
+ $(INSTALL_DIR) $(RELSYSDIR)/doc/html
+ $(INSTALL_DATA) $(HTMLDIR)/* \
+ $(RELSYSDIR)/doc/html
+ $(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
+ $(INSTALL_DIR) $(RELEASE_PATH)/man/man3
+ $(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3
+else
+
+ifeq ($(DOCTYPE),pdf)
+release_docs_spec: pdf
+ $(INSTALL_DIR) $(RELEASE_PATH)/pdf
+ $(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf
+else
+ifeq ($(DOCTYPE),ps)
+release_docs_spec: ps
+ $(INSTALL_DIR) $(RELEASE_PATH)/ps
+ $(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps
+else
+release_docs_spec: docs
+ $(INSTALL_DIR) $(RELSYSDIR)/doc/html
+ $(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \
+ $(RELSYSDIR)/doc/html
+ $(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR)
+ $(INSTALL_DIR) $(RELEASE_PATH)/man/man3
+ $(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3
+endif
+endif
+
+endif
+
+release_spec:
+
+info:
+ @echo "GIF_FILES:\n$(GIF_FILES)"
+ @echo ""
+ @echo "EXTRA_FILES:\n$(EXTRA_FILES)"
+ @echo ""
+ @echo "HTML_FILES:\n$(HTML_FILES)"
+ @echo ""
+ @echo "TOP_HTML_FILES:\n$(TOP_HTML_FILES)"
+ @echo ""
+ @echo "DEFAULT_GIF_FILES:\n$(DEFAULT_GIF_FILES)"
+ @echo ""
+ @echo "DEFAULT_HTML_FILES:\n$(DEFAULT_HTML_FILES)"
+ @echo ""
+ @echo "XML_REF3_FILES:\n$(XML_REF3_FILES)"
+ @echo ""
+ @echo "XML_REF6_FILES:\n$(XML_REF6_FILES)"
+ @echo ""
+ @echo "XML_CHAPTER_FILES:\n$(XML_CHAPTER_FILES)"
+ @echo ""
diff --git a/lib/public_key/doc/src/book.xml b/lib/public_key/doc/src/book.xml
new file mode 100644
index 0000000000..d3b8c7a2c7
--- /dev/null
+++ b/lib/public_key/doc/src/book.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE book SYSTEM "book.dtd">
+
+<book xmlns:xi="http://www.w3.org/2001/XInclude">
+ <header titlestyle="normal">
+ <copyright>
+ <year>2008</year>
+ <year>2008</year>
+ <holder>Ericsson AB, All Rights Reserved</holder>
+ </copyright>
+ <legalnotice>
+ The contents of this file are subject to the Erlang Public License,
+ Version 1.1, (the "License"); you may not use this file except in
+ compliance with the License. You should have received a copy of the
+ Erlang Public License along with this software. If not, it can be
+ retrieved online at http://www.erlang.org/.
+
+ Software distributed under the License is distributed on an "AS IS"
+ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ the License for the specific language governing rights and limitations
+ under the License.
+
+ The Initial Developer of the Original Code is Ericsson AB.
+ </legalnotice>
+
+ <title>public_key</title>
+ <prepared>Ingela Anderton Andin</prepared>
+ <docno></docno>
+ <date>2008-01-22</date>
+ <rev></rev>
+ <file>book.sgml</file>
+ </header>
+ <insidecover>
+ </insidecover>
+ <pagetext>public_key</pagetext>
+ <preamble>
+ <contents level="2"></contents>
+ </preamble>
+ <parts lift="no">
+ <xi:include href="part.xml"/>
+ </parts>
+ <applications>
+ <xi:include href="ref_man.xml"/>
+ </applications>
+ <releasenotes>
+ <xi:include href="notes.xml"/>
+ </releasenotes>
+ <listofterms></listofterms>
+ <index></index>
+</book>
+
diff --git a/lib/public_key/doc/src/cert_records.xml b/lib/public_key/doc/src/cert_records.xml
new file mode 100644
index 0000000000..8fb4ea5fd0
--- /dev/null
+++ b/lib/public_key/doc/src/cert_records.xml
@@ -0,0 +1,612 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+ <header>
+ <copyright>
+ <year>2008</year>
+ <year>2008</year>
+ <holder>Ericsson AB, All Rights Reserved</holder>
+ </copyright>
+ <legalnotice>
+ The contents of this file are subject to the Erlang Public License,
+ Version 1.1, (the "License"); you may not use this file except in
+ compliance with the License. You should have received a copy of the
+ Erlang Public License along with this software. If not, it can be
+ retrieved online at http://www.erlang.org/.
+
+ Software distributed under the License is distributed on an "AS IS"
+ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ the License for the specific language governing rights and limitations
+ under the License.
+
+ The Initial Developer of the Original Code is Ericsson AB.
+ </legalnotice>
+
+ <title>Certificate records</title>
+ <prepared>Ingela Anderton Andin</prepared>
+ <responsible></responsible>
+ <docno></docno>
+ <approved></approved>
+ <checked></checked>
+ <date>2008-02-06</date>
+ <rev>A</rev>
+ <file>cert_records.xml</file>
+ </header>
+
+ <p>This chapter briefly describes erlang records derived from asn1
+ specifications used to handle X509 certificates. The intent is to
+ describe the data types and not to specify the meaning of each
+ component for this we refer you to RFC 3280.
+ </p>
+
+ <p>Use the following include directive to get access to the
+ records and constant macros described in the following sections.</p>
+
+ <code> -include_lib("public_key/include/public_key.hrl"). </code>
+
+ <section>
+ <title>Common Data Types</title>
+
+ <p>Common non standard erlang
+ data types used to described the record fields in the
+ below sections are defined in <seealso
+ marker="public_key">public key reference manual </seealso> or
+ follows here.</p>
+
+ <p><c>time() = uct_time() | general_time()</c></p>
+
+ <p><c>uct_time() = {utcTime, "YYMMDDHHMMSSZ"} </c></p>
+
+ <p><c>general_time() = {generalTime, "YYYYMMDDHHMMSSZ"} </c></p>
+
+ <p><c>
+ general_name() = {rfc822Name, string()} | {dNSName, string()}
+ | {x400Address, string()} | {directoryName,
+ {rdnSequence, [#AttributeTypeAndValue'{}]}} |
+ | {eidPartyName, special_string()}
+ | {eidPartyName, special_string(), special_string()}
+ | {uniformResourceIdentifier, string()} | {ipAddress, string()} |
+ {registeredId, oid()} | {otherName, term()}
+ </c></p>
+
+ <p><c>
+ special_string() =
+ {teletexString, string()} | {printableString, string()} |
+ {universalString, string()} | {utf8String, string()} |
+ {bmpString, string()}
+ </c></p>
+
+ <p><c>
+ dist_reason() = unused | keyCompromise | cACompromise |
+ affiliationChanged | superseded | cessationOfOperation |
+ certificateHold | privilegeWithdrawn |
+ aACompromise
+ </c></p>
+ </section>
+
+ <section>
+ <title> PKIX Certificates</title>
+<code>
+#'Certificate'{
+ tbsCertificate, % #'TBSCertificate'{}
+ signatureAlgorithm, % #'AlgorithmIdentifier'{}
+ signature % {0, binary()} - asn1 compact bitstring
+ }.
+
+#'TBSCertificate'{
+ version, % v1 | v2 | v3
+ serialNumber, % integer()
+ signature, % #'AlgorithmIdentifier'{}
+ issuer, % {rdnSequence, [#AttributeTypeAndValue'{}]}
+ validity, % #'Validity'{}
+ subject, % {rdnSequence, [#AttributeTypeAndValue'{}]}
+ subjectPublicKeyInfo, % #'SubjectPublicKeyInfo'{}
+ issuerUniqueID, % binary() | asn1_novalue
+ subjectUniqueID, % binary() | asn1_novalue
+ extensions % [#'Extension'{}]
+ }.
+
+#'AlgorithmIdentifier'{
+ algorithm, % oid()
+ parameters % asn1_der_encoded()
+ }.
+#'SignatureAlgorithm'{
+ algorithm, % id_signature_algorithm()
+ parameters % public_key_params()
+ }.
+</code>
+
+<p><c> id_signature_algorithm() = ?oid_name_as_erlang_atom</c> for available
+oid names see table below. Ex: ?'id-dsa-with-sha1'</p>
+<table>
+ <row>
+ <cell align="left" valign="middle">OID name</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-dsa-with-sha1</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">md2WithRSAEncryption</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">md5WithRSAEncryption</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">sha1WithRSAEncryption</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">ecdsa-with-SHA1</cell>
+ </row>
+ <tcaption>Signature algorithm oids </tcaption>
+</table>
+
+<code>
+#'AttributeTypeAndValue'{
+ type, % id_attributes()
+ value % term()
+ }.
+</code>
+
+<p><c>id_attributes() = ?oid_name_as_erlang_atom</c>
+for available oid names see table below. Ex: ?'id-at-name'</p>
+<table>
+ <row>
+ <cell align="left" valign="middle">OID name</cell>
+ <cell align="left" valign="middle">Value type</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-name</cell>
+ <cell align="left" valign="middle">special_string()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-surname</cell>
+ <cell align="left" valign="middle">special_string()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-givenName</cell>
+ <cell align="left" valign="middle">special_string()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-initials </cell>
+ <cell align="left" valign="middle">special_string()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-generationQualifier</cell>
+ <cell align="left" valign="middle">special_string()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-commonName</cell>
+ <cell align="left" valign="middle">special_string()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-localityName</cell>
+ <cell align="left" valign="middle">special_string()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-stateOrProvinceName</cell>
+ <cell align="left" valign="middle">special_string()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-organizationName</cell>
+ <cell align="left" valign="middle">special_string()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-title</cell>
+ <cell align="left" valign="middle">special_string()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-dnQualifier</cell>
+ <cell align="left" valign="middle">{printableString, string()}</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-countryName</cell>
+ <cell align="left" valign="middle">{printableString, string()}</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-serialNumber</cell>
+ <cell align="left" valign="middle">{printableString, string()}</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-at-pseudonym</cell>
+ <cell align="left" valign="middle">special_string()</cell>
+ </row>
+ <tcaption>Attribute oids </tcaption>
+</table>
+
+<code>
+#'Validity'{
+ notBefore, % time()
+ notAfter % time()
+ }.
+
+#'SubjectPublicKeyInfo'{
+ algorithm, % #AlgorithmIdentifier{}
+ subjectPublicKey % binary()
+ }.
+
+#'SubjectPublicKeyInfoAlgorithm'{
+ algorithm, % id_public_key_algorithm()
+ parameters % public_key_params()
+ }.
+</code>
+
+<p><c> id_public_key_algorithm() = ?oid_name_as_erlang_atom</c> for available
+oid names see table below. Ex: ?'id-dsa'</p>
+<table>
+ <row>
+ <cell align="left" valign="middle">OID name</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">rsaEncryption</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-dsa</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">dhpublicnumber</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">ecdsa-with-SHA1</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-keyExchangeAlgorithm</cell>
+ </row>
+ <tcaption>Public key algorithm oids </tcaption>
+</table>
+
+
+<code>
+#'Extension'{
+ extnID, % id_extensions() | oid()
+ critical, % boolean()
+ extnValue % asn1_der_encoded()
+ }.
+</code>
+
+<p><c>id_extensions() = ?oid_name_as_erlang_atom</c> for
+available oid names see tables. Ex: ?'id-ce-authorityKeyIdentifier'<seealso
+marker="#StdCertExt">Standard Certificate Extensions</seealso>,
+ <seealso
+ marker="#PrivIntExt">Private Internet Extensions</seealso>, <seealso
+ marker="#CRLCertExt">CRL Extensions</seealso> and
+ <seealso
+ marker="#CRLEntryExt">CRL Entry Extensions</seealso>.
+</p>
+
+</section>
+
+<section>
+ <marker id="StdCertExt"></marker>
+ <title>Standard certificate extensions</title>
+
+ <table>
+ <row>
+ <cell align="left" valign="middle">OID name</cell>
+ <cell align="left" valign="middle">Value type</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-authorityKeyIdentifier</cell>
+ <cell align="left" valign="middle">#'AuthorityKeyIdentifier'{}</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-subjectKeyIdentifier</cell>
+ <cell align="left" valign="middle">oid()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-keyUsage</cell>
+ <cell align="left" valign="middle"> [key_usage()]</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-privateKeyUsagePeriod</cell>
+ <cell align="left" valign="middle">#'PrivateKeyUsagePeriod'{}</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-certificatePolicies</cell>
+ <cell align="left" valign="middle">#'PolicyInformation'{}</cell>
+ </row>
+
+ <row>
+ <cell align="left" valign="middle">id-ce-policyMappings</cell>
+ <cell align="left" valign="middle">#'PolicyMappings_SEQOF'{}</cell>
+ </row>
+
+ <row>
+ <cell align="left" valign="middle">id-ce-subjectAltName</cell>
+ <cell align="left" valign="middle">general_name()</cell>
+ </row>
+
+ <row>
+ <cell align="left" valign="middle">id-ce-issuerAltName</cell>
+ <cell align="left" valign="middle">general_name()</cell>
+ </row>
+
+ <row>
+ <cell align="left" valign="middle">id-ce-subjectDirectoryAttributes</cell>
+ <cell align="left" valign="middle"> [#'Attribute'{}]</cell>
+ </row>
+
+ <row>
+ <cell align="left" valign="middle">id-ce-basicConstraints</cell>
+ <cell align="left" valign="middle">#'BasicConstraints'{}</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-nameConstraints</cell>
+ <cell align="left" valign="middle">#'NameConstraints'{}</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-policyConstraints</cell>
+ <cell align="left" valign="middle">#'PolicyConstraints'{}</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-extKeyUsage</cell>
+ <cell align="left" valign="middle">[id_key_purpose()]</cell>
+ </row>
+
+ <row>
+ <cell align="left" valign="middle">id-ce-cRLDistributionPoints</cell>
+ <cell align="left" valign="middle">#'DistributionPoint'{}</cell>
+ </row>
+
+ <row>
+ <cell align="left" valign="middle">id-ce-inhibitAnyPolicy</cell>
+ <cell align="left" valign="middle">integer()</cell>
+ </row>
+
+ <row>
+ <cell align="left" valign="middle">id-ce-freshestCRL</cell>
+ <cell align="left" valign="middle">[#'DistributionPoint'{}]</cell>
+ </row>
+
+
+ <tcaption>Standard Certificate Extensions</tcaption>
+ </table>
+
+ <p><c>
+ key_usage() = digitalSignature | nonRepudiation | keyEncipherment|
+ dataEncipherment | keyAgreement | keyCertSign | cRLSign | encipherOnly |
+ decipherOnly
+ </c></p>
+
+ <p><c> id_key_purpose() = ?oid_name_as_erlang_atom</c> for available
+oid names see table below. Ex: ?'id-kp-serverAuth'</p>
+
+<table>
+ <row>
+ <cell align="left" valign="middle">OID name</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-kp-serverAuth</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-kp-clientAuth</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-kp-codeSigning</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-kp-emailProtection</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-kp-timeStamping</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-kp-OCSPSigning</cell>
+ </row>
+ <tcaption>Key purpose oids </tcaption>
+</table>
+
+ <code>
+#'AuthorityKeyIdentifier'{
+ keyIdentifier, % oid()
+ authorityCertIssuer, % general_name()
+ authorityCertSerialNumber % integer()
+ }.
+
+#'PrivateKeyUsagePeriod'{
+ notBefore, % general_time()
+ notAfter % general_time()
+ }.
+
+#'PolicyInformation'{
+ policyIdentifier, % oid()
+ policyQualifiers % [#PolicyQualifierInfo{}]
+ }.
+
+#'PolicyQualifierInfo'{
+ policyQualifierId, % oid()
+ qualifier % string() | #'UserNotice'{}
+ }.
+
+#'UserNotice'{
+ noticeRef, % #'NoticeReference'{}
+ explicitText % string()
+ }.
+
+#'NoticeReference'{
+ organization, % string()
+ noticeNumbers % [integer()]
+ }.
+
+#'PolicyMappings_SEQOF'{
+ issuerDomainPolicy, % oid()
+ subjectDomainPolicy % oid()
+ }.
+
+#'Attribute'{
+ type, % oid()
+ values % [asn1_der_encoded()]
+ }).
+
+#'BasicConstraints'{
+ cA, % boolean()
+ pathLenConstraint % integer()
+ }).
+
+#'NameConstraints'{
+ permittedSubtrees, % [#'GeneralSubtree'{}]
+ excludedSubtrees % [#'GeneralSubtree'{}]
+ }).
+
+#'GeneralSubtree'{
+ base, % general_name()
+ minimum, % integer()
+ maximum % integer()
+ }).
+
+#'PolicyConstraints'{
+ requireExplicitPolicy, % integer()
+ inhibitPolicyMapping % integer()
+ }).
+
+#'DistributionPoint'{
+ distributionPoint, % general_name() | [#AttributeTypeAndValue{}]
+ reasons, % [dist_reason()]
+ cRLIssuer % general_name()
+ }).
+</code>
+
+</section>
+
+ <section>
+ <marker id="PrivIntExt"></marker>
+ <title>Private Internet Extensions</title>
+
+ <table>
+ <row>
+ <cell align="left" valign="middle">OID name</cell>
+ <cell align="left" valign="middle">Value type</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-pe-authorityInfoAccess</cell>
+ <cell align="left" valign="middle">[#'AccessDescription'{}]</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-pe-subjectInfoAccess</cell>
+ <cell align="left" valign="middle">[#'AccessDescription'{}]</cell>
+ </row>
+ <tcaption>Private Internet Extensions</tcaption>
+ </table>
+
+<code>
+#'AccessDescription'{
+ accessMethod, % oid()
+ accessLocation % general_name()
+ }).
+</code>
+
+ </section>
+
+<section>
+ <title> CRL and CRL Extensions Profile</title>
+
+ <code>
+#'CertificateList'{
+ tbsCertList, % #'TBSCertList{}
+ signatureAlgorithm, % #'AlgorithmIdentifier'{}
+ signature % {0, binary()} - asn1 compact bitstring
+ }).
+
+#'TBSCertList'{
+ version, % v2 (if defined)
+ signature, % #AlgorithmIdentifier{}
+ issuer, % {rdnSequence, [#AttributeTypeAndValue'{}]}
+ thisUpdate, % time()
+ nextUpdate, % time()
+ revokedCertificates, % [#'TBSCertList_revokedCertificates_SEQOF'{}]
+ crlExtensions % [#'Extension'{}]
+ }).
+
+#'TBSCertList_revokedCertificates_SEQOF'{
+ userCertificate, % integer()
+ revocationDate, % timer()
+ crlEntryExtensions % [#'Extension'{}]
+ }).
+ </code>
+
+ <section>
+ <marker id="CRLCertExt"></marker>
+ <title>CRL Extensions </title>
+
+ <table>
+ <row>
+ <cell align="left" valign="middle">OID name</cell>
+ <cell align="left" valign="middle">Value type</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-authorityKeyIdentifier</cell>
+ <cell align="left" valign="middle">#'AuthorityKeyIdentifier{}</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-issuerAltName</cell>
+ <cell align="left" valign="middle">{rdnSequence, [#AttributeTypeAndValue'{}]}</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-cRLNumber</cell>
+ <cell align="left" valign="middle">integer()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-deltaCRLIndicator</cell>
+ <cell align="left" valign="middle">integer()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-issuingDistributionPoint</cell>
+ <cell align="left" valign="middle">#'IssuingDistributionPoint'{}</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-freshestCRL</cell>
+ <cell align="left" valign="middle">[#'Distributionpoint'{}]</cell>
+ </row>
+
+ <tcaption>CRL Extensions</tcaption>
+ </table>
+
+ <code>
+#'IssuingDistributionPoint'{
+ distributionPoint, % general_name() | [#AttributeTypeAndValue'{}]
+ onlyContainsUserCerts, % boolean()
+ onlyContainsCACerts, % boolean()
+ onlySomeReasons, % [dist_reason()]
+ indirectCRL, % boolean()
+ onlyContainsAttributeCerts % boolean()
+ }).
+ </code>
+ </section>
+
+ <section>
+ <marker id="CRLEntryExt"></marker>
+ <title> CRL Entry Extensions </title>
+
+ <table>
+ <row>
+ <cell align="left" valign="middle">OID name</cell>
+ <cell align="left" valign="middle">Value type</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-cRLReason</cell>
+ <cell align="left" valign="middle">crl_reason()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-holdInstructionCode</cell>
+ <cell align="left" valign="middle">oid()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-invalidityDate</cell>
+ <cell align="left" valign="middle">general_time()</cell>
+ </row>
+ <row>
+ <cell align="left" valign="middle">id-ce-certificateIssuer</cell>
+ <cell align="left" valign="middle">general_name()</cell>
+ </row>
+ <tcaption>CRL Entry Extensions</tcaption>
+ </table>
+ <p><c>
+ crl_reason() = unspecified | keyCompromise | cACompromise |
+ affiliationChanged | superseded | cessationOfOperation |
+ certificateHold | removeFromCRL | privilegeWithdrawn |
+ aACompromise
+ </c></p>
+ </section>
+
+</section>
+</chapter>
diff --git a/lib/public_key/doc/src/fascicules.xml b/lib/public_key/doc/src/fascicules.xml
new file mode 100644
index 0000000000..5f41826c56
--- /dev/null
+++ b/lib/public_key/doc/src/fascicules.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE fascicules SYSTEM "fascicules.dtd">
+
+<fascicules>
+ <fascicule file="usersguide" href="part_frame.html" entry="no">
+ User's Guide
+ </fascicule>
+ <fascicule file="ref_man" href="ref_man_frame.html" entry="yes">
+ Reference Manual
+ </fascicule>
+ <fascicule file="release_notes" href="part_notes_frame.html" entry="no">
+ Release Notes
+ </fascicule>
+ <fascicule file="" href="../../../../doc/print.html" entry="no">
+ Off-Print
+ </fascicule>
+</fascicules>
+
+
diff --git a/lib/public_key/doc/src/introduction.xml b/lib/public_key/doc/src/introduction.xml
new file mode 100644
index 0000000000..71488e435a
--- /dev/null
+++ b/lib/public_key/doc/src/introduction.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+ <header>
+ <copyright>
+ <year>2008</year>
+ <year>2008</year>
+ <holder>Ericsson AB, All Rights Reserved</holder>
+ </copyright>
+ <legalnotice>
+ The contents of this file are subject to the Erlang Public License,
+ Version 1.1, (the "License"); you may not use this file except in
+ compliance with the License. You should have received a copy of the
+ Erlang Public License along with this software. If not, it can be
+ retrieved online at http://www.erlang.org/.
+
+ Software distributed under the License is distributed on an "AS IS"
+ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ the License for the specific language governing rights and limitations
+ under the License.
+
+ The Initial Developer of the Original Code is Ericsson AB.
+ </legalnotice>
+
+ <title>Introduction</title>
+ <prepared>Ingela Anderton Andin</prepared>
+ <responsible></responsible>
+ <docno></docno>
+ <approved></approved>
+ <checked></checked>
+ <date>2008-01-22</date>
+ <rev>A</rev>
+ <file>introduction.xml</file>
+ </header>
+
+ <section>
+ <title>Purpose</title>
+ <p> This application provides an API to public key infrastructure
+ from RFC 3280 (X.509 certificates) and public key formats defined
+ by the PKCS-standard.</p>
+ </section>
+
+ <section>
+ <title>Prerequisites</title>
+ <p>It is assumed that the reader is familiar with the Erlang
+ programming language, concepts of OTP and has a basic understanding
+ of the concepts of using public keys.</p>
+ </section>
+
+</chapter>
+
diff --git a/lib/public_key/doc/src/make.dep b/lib/public_key/doc/src/make.dep
new file mode 100644
index 0000000000..2675556f1b
--- /dev/null
+++ b/lib/public_key/doc/src/make.dep
@@ -0,0 +1,21 @@
+# ----------------------------------------------------
+# >>>> Do not edit this file <<<<
+# This file was automaticly generated by
+# /home/otp/bin/docdepend
+# ----------------------------------------------------
+
+
+# ----------------------------------------------------
+# TeX files that the DVI file depend on
+# ----------------------------------------------------
+
+book.dvi: book.tex cert_records.tex introduction.tex \
+ part.tex public_key.tex public_key_records.tex \
+ ref_man.tex
+
+# ----------------------------------------------------
+# Source inlined when transforming from source to LaTeX
+# ----------------------------------------------------
+
+book.tex: ref_man.xml
+
diff --git a/lib/public_key/doc/src/note.gif b/lib/public_key/doc/src/note.gif
new file mode 100644
index 0000000000..6fffe30419
--- /dev/null
+++ b/lib/public_key/doc/src/note.gif
Binary files differ
diff --git a/lib/public_key/doc/src/notes.xml b/lib/public_key/doc/src/notes.xml
new file mode 100644
index 0000000000..822f8bdb66
--- /dev/null
+++ b/lib/public_key/doc/src/notes.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+ <header>
+ <copyright>
+ <year>2008</year>
+ <year>2008</year>
+ <holder>Ericsson AB, All Rights Reserved</holder>
+ </copyright>
+ <legalnotice>
+ The contents of this file are subject to the Erlang Public License,
+ Version 1.1, (the "License"); you may not use this file except in
+ compliance with the License. You should have received a copy of the
+ Erlang Public License along with this software. If not, it can be
+ retrieved online at http://www.erlang.org/.
+
+ Software distributed under the License is distributed on an "AS IS"
+ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ the License for the specific language governing rights and limitations
+ under the License.
+
+ The Initial Developer of the Original Code is Ericsson AB.
+ </legalnotice>
+
+ <title>public_key Release Notes</title>
+ <prepared>Ingela Anderton Andin</prepared>
+ <responsible>Ingela Anderton Andin</responsible>
+ <docno></docno>
+ <approved></approved>
+ <checked></checked>
+ <date>2008-01-22</date>
+ <rev>A</rev>
+ <file>notes.xml</file>
+ </header>
+
+
+ <section><title>Public_Key 0.4</title>
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ The documentation is now built with open source tools
+ (xsltproc and fop) that exists on most platforms. One
+ visible change is that the frames are removed.</p>
+ <p>
+ Own Id: OTP-8250</p>
+ </item>
+ </list>
+ </section>
+
+ </section>
+
+ <section><title>Public_Key 0.3</title>
+
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>
+ Unknown attributes in certificates are left encoded
+ instead of crashing. Patch by Will "wglozer" thanks.</p>
+ <p>
+ Own Id: OTP-8100</p>
+ </item>
+ </list>
+ </section>
+
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ Allow public_key:pem_to_der/[1,2] to take a binary as
+ argument in addition to a filename. Patch by Geoff Cant,
+ thanks.</p>
+ <p>
+ Own Id: OTP-8142</p>
+ </item>
+ </list>
+ </section>
+
+ </section>
+
+<section><title>Public_Key 0.2</title>
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ X509 certificate handling has been extended and improved
+ as a result of more extensive testing of both the ssl
+ and public_key application. Even more extensions of the
+ certificate handling is yet to be implemented.</p>
+ <p>
+ Own Id: OTP-7860</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+<section><title>Public_Key 0.1</title>
+
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ First version.</p>
+ <p>
+ Own Id: OTP-7637</p>
+ </item>
+ </list>
+ </section>
+
+</section>
+
+
+</chapter>
+
diff --git a/lib/public_key/doc/src/part.xml b/lib/public_key/doc/src/part.xml
new file mode 100644
index 0000000000..b85fa063ce
--- /dev/null
+++ b/lib/public_key/doc/src/part.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE part SYSTEM "part.dtd">
+
+<part xmlns:xi="http://www.w3.org/2001/XInclude">
+ <header>
+ <copyright>
+ <year>2008</year>
+ <year>2008</year>
+ <holder>Ericsson AB, All Rights Reserved</holder>
+ </copyright>
+ <legalnotice>
+ The contents of this file are subject to the Erlang Public License,
+ Version 1.1, (the "License"); you may not use this file except in
+ compliance with the License. You should have received a copy of the
+ Erlang Public License along with this software. If not, it can be
+ retrieved online at http://www.erlang.org/.
+
+ Software distributed under the License is distributed on an "AS IS"
+ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ the License for the specific language governing rights and limitations
+ under the License.
+
+ The Initial Developer of the Original Code is Ericsson AB.
+ </legalnotice>
+
+ <title>public_key User's Guide</title>
+ <prepared>Ingela Anderton Andin</prepared>
+ <docno></docno>
+ <date>2008-01-22</date>
+ <rev></rev>
+ <file>part.xml</file>
+ </header>
+ <description>
+ <p> This application provides an API to public key infrastructure
+ from RFC 3280 (X.509 certificates) and some public key formats defined
+ by the PKCS-standard. </p>
+ </description>
+ <xi:include href="introduction.xml"/>
+ <xi:include href="public_key_records.xml"/>
+ <xi:include href="cert_records.xml"/>
+</part>
+
diff --git a/lib/public_key/doc/src/part_notes.xml b/lib/public_key/doc/src/part_notes.xml
new file mode 100644
index 0000000000..37ca516bc8
--- /dev/null
+++ b/lib/public_key/doc/src/part_notes.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE part SYSTEM "part.dtd">
+
+<part xmlns:xi="http://www.w3.org/2001/XInclude">
+ <header>
+ <copyright>
+ <year>2008</year>
+ <year>2008</year>
+ <holder>Ericsson AB, All Rights Reserved</holder>
+ </copyright>
+ <legalnotice>
+ The contents of this file are subject to the Erlang Public License,
+ Version 1.1, (the "License"); you may not use this file except in
+ compliance with the License. You should have received a copy of the
+ Erlang Public License along with this software. If not, it can be
+ retrieved online at http://www.erlang.org/.
+
+ Software distributed under the License is distributed on an "AS IS"
+ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ the License for the specific language governing rights and limitations
+ under the License.
+
+ The Initial Developer of the Original Code is Ericsson AB.
+ </legalnotice>
+
+ <title>public_key Release Notes</title>
+ <prepared>Ingela Anderton Andin</prepared>
+ <docno></docno>
+ <date>2008-01-22</date>
+ <rev></rev>
+ </header>
+ <description>
+ <p></p>
+ </description>
+ <xi:include href="notes.xml"/>
+</part>
+
+
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
new file mode 100644
index 0000000000..dc9a96906f
--- /dev/null
+++ b/lib/public_key/doc/src/public_key.xml
@@ -0,0 +1,317 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE erlref SYSTEM "erlref.dtd">
+
+<erlref>
+ <header>
+ <copyright>
+ <year>2008</year>
+ <year>2008</year>
+ <holder>Ericsson AB, All Rights Reserved</holder>
+ </copyright>
+ <legalnotice>
+ The contents of this file are subject to the Erlang Public License,
+ Version 1.1, (the "License"); you may not use this file except in
+ compliance with the License. You should have received a copy of the
+ Erlang Public License along with this software. If not, it can be
+ retrieved online at http://www.erlang.org/.
+
+ Software distributed under the License is distributed on an "AS IS"
+ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ the License for the specific language governing rights and limitations
+ under the License.
+
+ The Initial Developer of the Original Code is Ericsson AB.
+ </legalnotice>
+
+ <title>public_key</title>
+ <prepared>Ingela Anderton Andin</prepared>
+ <responsible></responsible>
+ <docno></docno>
+ <date></date>
+ <rev></rev>
+ </header>
+ <module>public_key</module>
+ <modulesummary> API module for public key infrastructure.</modulesummary>
+ <description>
+ <p>This module provides functions to handle public key infrastructure
+ from RFC 3280 - X.509 certificates (will later be upgraded to RFC 5280)
+ and some parts of the PKCS-standard.
+ Currently this application is mainly used by the new
+ ssl implementation. The API is yet under construction
+ and only a few of the functions are currently documented and thereby supported.
+ </p>
+ </description>
+
+ <section>
+ <title>COMMON DATA TYPES </title>
+
+ <note><p>All records used in this manual
+ <!-- except #policy_tree_node{} -->
+ are generated from asn1 specifications
+ and are documented in the User's Guide. See <seealso
+ marker="public_key_records">Public key records</seealso> and <seealso
+ marker="cert_records">X.509 Certificate records</seealso>.
+ </p></note>
+
+ <p>Use the following include directive to get access to the
+ records and constant macros described here and in the User's Guide.</p>
+
+ <code> -include_lib("public_key/include/public_key.hrl"). </code>
+
+ <p><em>Data Types </em></p>
+
+ <p><c>boolean() = true | false</c></p>
+
+ <p><c>string = [bytes()]</c></p>
+
+ <p><c>asn1_der_encoded() = binary() | [bytes()]</c></p>
+
+ <p><c>der_bin() = binary() </c></p>
+
+ <p><c>oid() - a tuple of integers
+ as generated by the asn1 compiler.</c></p>
+
+ <p><c>public_key() = rsa_public_key() | dsa_public_key()</c></p>
+
+ <p><c>rsa_public_key() = #'RSAPublicKey'{}</c></p>
+
+ <p><c>rsa_private_key() = #'RSAPrivateKey'{} </c></p>
+
+ <p><c>dsa_public_key() = integer() </c></p>
+
+ <p><c>public_key_params() = dsa_key_params() </c></p>
+
+ <p><c>dsa_key_params() = #'Dss-Parms'{} </c></p>
+
+ <p><c>private_key() = rsa_private_key() | dsa_private_key()</c></p>
+
+ <p><c>rsa_private_key() = #'RSAPrivateKey'{} </c></p>
+
+ <p><c>dsa_private_key() = #'DSAPrivateKey'{}</c></p>
+
+ <p><c>x509_certificate() = "#Certificate{}"</c></p>
+
+ <p><c>x509_tbs_certificate() = #'TBSCertificate'{} </c></p>
+
+<!-- <p><c>policy_tree() = [Root, Children]</c></p> -->
+
+<!-- <p><c>Root = #policy_tree_node{}</c></p> -->
+
+<!-- <p><c>Children = [] | policy_tree()</c></p> -->
+
+<!-- <p> The policy_tree_node record has the following fields:</p> -->
+
+<!-- <taglist> -->
+
+<!-- <tag>valid_policy</tag> -->
+<!-- <item> Is a single policy OID representing a -->
+<!-- valid policy for the path of length x.</item> -->
+
+<!-- <tag>qualifier_set</tag> -->
+<!-- <item>A set of policy qualifiers associated -->
+<!-- with the valid policy in certificate x.</item> -->
+
+<!-- <tag>critically_indicator</tag> -->
+<!-- <item>The critically_indicator indicates whether the -->
+<!-- certificate policy extension in certificate x was marked as -->
+<!-- critical. </item> -->
+
+<!-- <tag>expected_policy_set</tag> -->
+<!-- <item>The expected_policy_set contains one or more policy OIDs -->
+<!-- that would satisfy this policy in the certificate x+1. </item> -->
+<!-- </taglist> -->
+ </section>
+
+<funcs>
+ <func>
+ <name>decode_private_key(KeyInfo) -> </name>
+ <name>decode_private_key(KeyInfo, Password) -> {ok, PrivateKey} | {error, Reason}</name>
+ <fsummary> Decodes an asn1 der encoded private key.</fsummary>
+ <type>
+ <v> KeyInfo = {KeyType, der_bin(), ChipherInfo} </v>
+ <d> As returned from pem_to_der/1 for private keys</d>
+ <v> KeyType = rsa_private_key | dsa_private_key </v>
+ <v> ChipherInfo = opaque() | no_encryption </v>
+ <d> ChipherInfo may contain encryption parameters if the private key is password
+ protected, these are opaque to the user just pass the value returned by pem_to_der/1
+ to this function.</d>
+ <v> Password = string() </v>
+ <d>Must be specified if CipherInfo =/= no_encryption</d>
+ <v> PrivateKey = private_key() </v>
+ <v> Reason = term() </v>
+ </type>
+ <desc>
+ <p>Decodes an asn1 der encoded private key.</p>
+ </desc>
+ </func>
+
+ <func>
+ <name>pem_to_der(File) -> {ok, [Entry]}</name>
+ <fsummary>Reads a PEM file and translates it into its asn1 der
+ encoded parts.</fsummary>
+ <type>
+ <v>File = path()</v>
+ <v>Password = string()</v>
+ <v>Entry = {entry_type(), der_bin(), CipherInfo}</v>
+ <v> ChipherInfo = opaque() | no_encryption </v>
+ <d> ChipherInfo may contain encryption parameters if the private key is password
+ protected, these will be handled by the function decode_private_key/2. </d>
+ <v>entry_type() = cert | cert_req | rsa_private_key | dsa_private_key |
+ dh_params </v>
+ </type>
+ <desc>
+ <p>Reads a PEM file and translates it into its asn1 der
+ encoded parts.</p>
+ </desc>
+ </func>
+
+ <func>
+ <name>pkix_decode_cert(Cert, Type) -> {ok, DecodedCert} | {error, Reason}</name>
+ <fsummary> Decodes an asn1 der encoded pkix certificate. </fsummary>
+ <type>
+ <v>Cert = asn1_der_encoded() </v>
+ <v>Type = plain | otp</v>
+ <v>DecodeCert = x509_certificate() </v>
+ <d>When type is specified as otp the asn1 spec OTP-PKIX.asn1 is used to decode known
+ extensions and enhance the signature field in
+ #'Certificate'{} and '#TBSCertificate'{}. This is currently used by the new ssl
+ implementation but not documented and supported for the public_key application.</d>
+ <v>Reason = term() </v>
+ </type>
+ <desc>
+ <p> Decodes an asn1 encoded pkix certificate.</p>
+ </desc>
+ </func>
+
+<!-- <func> -->
+<!-- <name> pkix_encode_cert(Cert) -> {ok, EncodedCert} | {error, Reason}</name> -->
+<!-- <fsummary>Encodes a certificate record using asn1. </fsummary> -->
+<!-- <type> -->
+<!-- <v>Cert = x509_certificate() </v> -->
+<!-- <v>EncodedCert = asn1_der_encoded() </v> -->
+<!-- <v>Reason = term() </v> -->
+<!-- </type> -->
+<!-- <desc> -->
+<!-- <p> Encodes a certificate record using asn1.</p> -->
+<!-- </desc> -->
+<!-- </func> -->
+
+<!-- <func> -->
+<!-- <name>pkix_path_validation(TrustedCert, CertChain, Options) -> {ok, Result} | {error, Reason}</name> -->
+
+<!-- <fsummary>Performs a basic path validation according to RFC 3280</fsummary> -->
+<!-- <type> -->
+<!-- <v>TrustedCert = asn1_der_encoded()</v> -->
+<!-- <v>CertChain = [asn1_der_encoded()]</v> -->
+<!-- <v>Options = [{Option, Value}]</v> -->
+<!-- <v>Result = {{algorithm(), public_key(), -->
+<!-- public_key_params()}, policy_tree()}</v> -->
+<!-- </type> -->
+
+<!-- <desc> -->
+<!-- <p>Available options are: </p> -->
+<!-- <taglist> -->
+<!-- <tag>{validate_extension_fun, fun()}</tag> -->
+<!-- <item> A fun behaving according to the following outline: -->
+<!-- <code> -->
+<!-- [...] -->
+<!-- ValidateExtensionFun = fun(Extensions, UserState) -> -->
+<!-- validate_extensions(Extensions, UserState, []) -->
+<!-- end, -->
+<!-- [...] -->
+
+<!-- validate_extensions([], UserState, UnknowExtension) -> -->
+<!-- {UserState, UnknowExtension}; -->
+<!-- validate_extensions([#'Extension'{} = Ext | Rest], UserState, UnknowExtension) -> -->
+<!-- case valid_extension(Ext) of -->
+<!-- {true, NewUserState} -> -->
+<!-- validate_extensions(Rest, NewUserState, UnknowExtension); -->
+<!-- unknown -> -->
+<!-- validate_extensions(Rest, UserState, [Ext | UnknowExtension]); -->
+<!-- {false, Reason} -> -->
+<!-- throw(bad_cert, Reason) -->
+<!-- end. -->
+<!-- </code> -->
+
+<!-- </item> -->
+
+<!-- <tag>{policy_set, [oid()]}</tag> -->
+<!-- <item>A set of certificate policy -->
+<!-- identifiers naming the policies that are acceptable to the -->
+<!-- certificate user. If the user is not concerned about -->
+<!-- certificate policy there is no need -->
+<!-- to set this option. Defaults to the -->
+<!-- special value [?anyPolicy]. -->
+<!-- </item> -->
+
+<!-- <tag>{policy_mapping, boolean()}</tag> -->
+<!-- <item>Indicates if policy -->
+<!-- mapping, initially, is allowed in the certification path. -->
+<!-- Defaults to false. -->
+<!-- </item> -->
+
+<!-- <tag> {explicit_policy, boolean()}</tag> -->
+<!-- <item>Indicates if the path, initially, must be -->
+<!-- valid for at least one of the certificate policies in the user -->
+<!-- specified policy set. -->
+<!-- Defaults to false. -->
+<!-- </item> -->
+
+<!-- <tag>{inhibit_any_policy, boolean()}</tag> -->
+<!-- <item>Indicates whether the anyPolicy OID, initially, should -->
+<!-- be processed if it is included in a certificate. -->
+<!-- Defaults to false. -->
+<!-- </item> -->
+
+<!-- </taglist> -->
+
+<!-- <p>Performs a basic path validation according to RFC 3280, -->
+<!-- e.i. signature validation, time validation, issuer validation, -->
+<!-- alternative subject name validation, CRL validation, policy -->
+<!-- validation and checks that no unknown extensions -->
+<!-- are marked as critical. The option <c>validate_extension_fun</c> -->
+<!-- may be used to validate application specific extensions. If -->
+<!-- a validation criteria is found to be invalid the validation process -->
+<!-- will immediately be stopped and this functions will return -->
+<!-- {error, Reason}. -->
+<!-- </p> -->
+<!-- </desc> -->
+<!-- </func> -->
+
+<!-- <func> -->
+<!-- <name>sign(DigestOrTBSCert, Key) -> </name> -->
+<!-- <name>sign(DigestOrTBSCert, Key, KeyParams) -> {ok, SignatureOrDerCert} | {error, Reason}</name> -->
+<!-- <fsummary>Signs Digest/Certificate using Key.</fsummary> -->
+<!-- <type> -->
+<!-- <v>DigestOrTBSCert = binary() | x509_tbs_certificate()</v> -->
+<!-- <v>Key = private_key()</v> -->
+<!-- <v>SignatureORDerCert = binary() | der_bin() </v> -->
+<!-- <v>Reason = term() </v> -->
+<!-- </type> -->
+<!-- <desc> -->
+<!-- <p> Signs Digest/Certificate using Key, in the later -->
+<!-- case a der encoded x509_certificate() will be returned. </p> -->
+<!-- </desc> -->
+<!-- </func> -->
+
+<!-- <func> -->
+<!-- <name>verify_signature(Digest, Signature, Key) -> </name> -->
+<!-- <name>verify_signature(DerCert, Key, KeyParams) -> </name> -->
+<!-- <name>verify_signature(Digest, Signature, Key, Params) -> Verified </name> -->
+<!-- <fsummary> Verifies the signature. </fsummary> -->
+<!-- <type> -->
+<!-- <v>Digest = binary() </v> -->
+<!-- <v>DerCert = der_bin() </v> -->
+<!-- <v>Signature = binary() </v> -->
+<!-- <v>Key = public_key() </v> -->
+<!-- <v>Params = key_params()</v> -->
+<!-- <v>Verified = boolean()</v> -->
+<!-- </type> -->
+<!-- <desc> -->
+<!-- <p> Verifies the signature Signature. If the key is an rsa-key no -->
+<!-- paramters are neeed.</p> -->
+<!-- </desc> -->
+<!-- </func> -->
+</funcs>
+
+</erlref>
diff --git a/lib/public_key/doc/src/public_key_records.xml b/lib/public_key/doc/src/public_key_records.xml
new file mode 100644
index 0000000000..45b7106859
--- /dev/null
+++ b/lib/public_key/doc/src/public_key_records.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+ <header>
+ <copyright>
+ <year>2008</year>
+ <year>2008</year>
+ <holder>Ericsson AB, All Rights Reserved</holder>
+ </copyright>
+ <legalnotice>
+ The contents of this file are subject to the Erlang Public License,
+ Version 1.1, (the "License"); you may not use this file except in
+ compliance with the License. You should have received a copy of the
+ Erlang Public License along with this software. If not, it can be
+ retrieved online at http://www.erlang.org/.
+
+ Software distributed under the License is distributed on an "AS IS"
+ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ the License for the specific language governing rights and limitations
+ under the License.
+
+ The Initial Developer of the Original Code is Ericsson AB.
+ </legalnotice>
+
+ <title>Public key records</title>
+ <prepared>Ingela Anderton Andin</prepared>
+ <responsible></responsible>
+ <docno></docno>
+ <approved></approved>
+ <checked></checked>
+ <date>2008-02-06</date>
+ <rev>A</rev>
+ <file>public_key_records.xml</file>
+ </header>
+
+ <p>This chapter briefly describes Erlang records derived from asn1
+ specifications used to handle public and private keys. The intent
+ is to describe the data types and not to specify the meaning of
+ each component for this we refer you to the relevant standards and RFCs.</p>
+
+ <p>Use the following include directive to get access to the
+ records and constant macros used in the following sections.</p>
+
+ <code> -include_lib("public_key/include/public_key.hrl"). </code>
+
+ <section>
+ <title>RSA as defined by the PKCS-1 standard and RFC 3447.</title>
+
+ <code>
+#'RSAPublicKey'{
+ modulus, % integer()
+ publicExponent % integer()
+ }.
+
+#'RSAPrivateKey'{
+ version, % two-prime | multi
+ modulus, % integer()
+ publicExponent, % integer()
+ privateExponent, % integer()
+ prime1, % integer()
+ prime2, % integer()
+ exponent1, % integer()
+ exponent2, % integer()
+ coefficient, % integer()
+ otherPrimeInfos % [#OtherPrimeInfo{}] | asn1_NOVALUE
+ }.
+
+#'OtherPrimeInfo'{
+ prime, % integer()
+ exponent, % integer()
+ coefficient % integer()
+ }.
+ </code>
+
+ </section>
+
+ <section>
+ <title>DSA as defined by Digital Signature Standard (NIST FIPS PUB 186-2)
+ </title>
+
+ <code>
+#'DSAPrivateKey',{
+ version, % integer()
+ p, % integer()
+ q, % integer()
+ g, % integer()
+ y, % integer()
+ x % integer()
+ }.
+
+#'Dss-Parms',{
+ p, % integer()
+ q, % integer()
+ g % integer()
+ }.
+ </code>
+ </section>
+</chapter>
diff --git a/lib/public_key/doc/src/ref_man.xml b/lib/public_key/doc/src/ref_man.xml
new file mode 100644
index 0000000000..0f11281d05
--- /dev/null
+++ b/lib/public_key/doc/src/ref_man.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE application SYSTEM "application.dtd">
+
+<application xmlns:xi="http://www.w3.org/2001/XInclude">
+ <header>
+ <copyright>
+ <year>2008</year>
+ <year>2008</year>
+ <holder>Ericsson AB, All Rights Reserved</holder>
+ </copyright>
+ <legalnotice>
+ The contents of this file are subject to the Erlang Public License,
+ Version 1.1, (the "License"); you may not use this file except in
+ compliance with the License. You should have received a copy of the
+ Erlang Public License along with this software. If not, it can be
+ retrieved online at http://www.erlang.org/.
+
+ Software distributed under the License is distributed on an "AS IS"
+ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+ the License for the specific language governing rights and limitations
+ under the License.
+
+ The Initial Developer of the Original Code is Ericsson AB.
+ </legalnotice>
+
+ <title>public_key Reference Manual</title>
+ <prepared>Ingela Anderton Andin</prepared>
+ <docno></docno>
+ <date>2008-01-22</date>
+ <rev></rev>
+ <file>ref_man.xml</file>
+ </header>
+ <description>
+ <p> Provides functions to handle public key infrastructure
+ from RFC 3280 (X.509 certificates) and some parts of the PKCS-standard.
+ </p>
+ </description>
+ <xi:include href="public_key.xml"/>
+</application>
+
+
+
+