diff options
Diffstat (limited to 'lib/public_key/doc')
-rw-r--r-- | lib/public_key/doc/specs/.gitignore | 1 | ||||
-rw-r--r-- | lib/public_key/doc/src/Makefile | 10 | ||||
-rw-r--r-- | lib/public_key/doc/src/notes.xml | 183 | ||||
-rw-r--r-- | lib/public_key/doc/src/public_key.xml | 796 | ||||
-rw-r--r-- | lib/public_key/doc/src/public_key_records.xml | 2 | ||||
-rw-r--r-- | lib/public_key/doc/src/specs.xml | 4 | ||||
-rw-r--r-- | lib/public_key/doc/src/using_public_key.xml | 6 |
7 files changed, 540 insertions, 462 deletions
diff --git a/lib/public_key/doc/specs/.gitignore b/lib/public_key/doc/specs/.gitignore new file mode 100644 index 0000000000..322eebcb06 --- /dev/null +++ b/lib/public_key/doc/specs/.gitignore @@ -0,0 +1 @@ +specs_*.xml diff --git a/lib/public_key/doc/src/Makefile b/lib/public_key/doc/src/Makefile index f5157fe87a..c8647750af 100644 --- a/lib/public_key/doc/src/Makefile +++ b/lib/public_key/doc/src/Makefile @@ -1,7 +1,7 @@ # # %CopyrightBegin% # -# Copyright Ericsson AB 2008-2017. All Rights Reserved. +# Copyright Ericsson AB 2008-2018. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -77,12 +77,18 @@ HTML_REF_MAN_FILE = $(HTMLDIR)/index.html TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf +SPECS_FILES = $(XML_REF3_FILES:%.xml=$(SPECDIR)/specs_%.xml) + +TOP_SPECS_FILE = specs.xml + # ---------------------------------------------------- # FLAGS # ---------------------------------------------------- XML_FLAGS += DVIPS_FLAGS += +SPECS_FLAGS = -I../../include -I../../src -I../../.. + # ---------------------------------------------------- # Targets # ---------------------------------------------------- @@ -99,9 +105,11 @@ html: gifs $(HTML_REF_MAN_FILE) clean clean_docs: rm -rf $(HTMLDIR)/* + rm -rf $(XMLDIR) rm -f $(MAN3DIR)/* rm -f $(MAN6DIR)/* rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo) + rm -f $(SPECS_FILES) rm -f errs core *~ man: $(MAN3_FILES) $(MAN6_FILES) diff --git a/lib/public_key/doc/src/notes.xml b/lib/public_key/doc/src/notes.xml index 11012ee9e5..d83dd24f41 100644 --- a/lib/public_key/doc/src/notes.xml +++ b/lib/public_key/doc/src/notes.xml @@ -5,7 +5,7 @@ <header> <copyright> <year>2008</year> - <year>2017</year> + <year>2018</year> <holder>Ericsson AB, All Rights Reserved</holder> </copyright> <legalnotice> @@ -35,6 +35,187 @@ <file>notes.xml</file> </header> +<section><title>Public_Key 1.6.6</title> + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Back port of bug fix ERL-893 from OTP-22 and document + enhancements that will solve dialyzer warnings for users + of the ssl application.</p> + <p> + This change also affects public_key, eldap (and inet + doc).</p> + <p> + Own Id: OTP-15785 Aux Id: ERL-929, ERL-893, PR-2215 </p> + </item> + </list> + </section> + +</section> + +<section><title>Public_Key 1.6.5</title> + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Add export of dialyzer type</p> + <p> + Own Id: OTP-15624</p> + </item> + </list> + </section> + +</section> + +<section><title>Public_Key 1.6.4</title> + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Added ed25519 and ed448 sign/verify.</p> + <p> + Requires OpenSSL 1.1.1 or higher as cryptolib under the + OTP application <c>crypto</c>.</p> + <p> + Own Id: OTP-15419 Aux Id: OTP-15094 </p> + </item> + </list> + </section> + +</section> + +<section><title>Public_Key 1.6.3</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Add DSA SHA2 oids in public_keys ASN1-spec and + public_key:pkix_sign_types/1</p> + <p> + Own Id: OTP-15367</p> + </item> + </list> + </section> + +</section> + +<section><title>Public_Key 1.6.2</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Removed <c>#DSAPrivateKey{}</c> as acceptable input to + <c>public_key:verify/5</c>.</p> + <p> + Own Id: OTP-15284</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + The typing in the CRYPTO and PUBLIC_KEY applications are + reworked and a few mistakes are corrected.</p> + <p> + The documentation is now generated from the typing and + some clarifications are made.</p> + <p> + A new chapter on Algorithm Details such as key sizes and + availability is added to the CRYPTO User's Guide.</p> + <p> + Own Id: OTP-15134</p> + </item> + </list> + </section> + +</section> + +<section><title>Public_Key 1.6.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Some of the keylengths in the newly generated moduli file + in public_key are not universally supported. This could + cause the SSH key exchange + diffie-hellman-group-exchange-sha* to fail.</p> + <p> + Those keylengths are now removed.</p> + <p> + Own Id: OTP-15151 Aux Id: OTP-15113 </p> + </item> + </list> + </section> + +</section> + +<section><title>Public_Key 1.6</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Update calls to the base64 module to conform to that + module's type specifications.</p> + <p> + Own Id: OTP-14788 Aux Id: OTP-14624 </p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Use uri_string module instead of http_uri.</p> + <p> + Own Id: OTP-14902</p> + </item> + <item> + <p> + A new function - + <c>public_key:pkix_verify_hostname_match_fun/1</c> - + returns a fun to be given as option <c>match_fun</c> to + <c>public_key:pkix_verify_hostname/3</c> or via ssl.</p> + <p> + The fun makes the verify hostname matching according to + the specific rules for the protocol in the argument. + Presently only <c>https</c> is supported.</p> + <p> + Own Id: OTP-14962 Aux Id: ERL-542, OTP-15102 </p> + </item> + <item> + <p> + Compleate PKCS-8 encoding support and enhance the + decoding of 'PrivateKeyInfo' to conform to the rest of + Erlang public_key API.</p> + <p> + Own Id: OTP-15093</p> + </item> + <item> + <p> + A new moduli file is generated. This file is used for the + recommended <c>diffie-hellman-group-exchange-sha256</c> + key exchange algorithm in SSH.</p> + <p> + Own Id: OTP-15113</p> + </item> + </list> + </section> + +</section> + <section><title>Public_Key 1.5.2</title> <section><title>Fixed Bugs and Malfunctions</title> diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index dea35bc390..b7589f6653 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -5,7 +5,7 @@ <header> <copyright> <year>2008</year> - <year>2017</year> + <year>2018</year> <holder>Ericsson AB, All Rights Reserved</holder> </copyright> <legalnotice> @@ -31,7 +31,7 @@ <date></date> <rev></rev> </header> - <module>public_key</module> + <module since="">public_key</module> <modulesummary>API module for public-key infrastructure.</modulesummary> <description> <p>Provides functions to handle public-key infrastructure, @@ -41,7 +41,7 @@ </description> <section> - <title>DATA TYPES</title> + <title>Common Records and ASN.1 Types</title> <note><p>All records used in this Reference Manual <!-- except #policy_tree_node{} --> @@ -54,191 +54,147 @@ records and constant macros described here and in the User's Guide:</p> <code> -include_lib("public_key/include/public_key.hrl").</code> + </section> + + <datatypes> + <datatype> + <name name="oid"/> + <desc> + <p>Object identifier, a tuple of integers as generated by the <c>ASN.1</c> compiler.</p> + </desc> + </datatype> + + <datatype> + <name name="der_encoded"/> + <desc> + </desc> + </datatype> + + <datatype> + <name name="pki_asn1_type"/> + <desc> + </desc> + </datatype> + + <datatype> + <name name="asn1_type"/> + <desc> + <p>ASN.1 type present in the Public Key applications ASN.1 specifications.</p> + </desc> + </datatype> + + <datatype> + <name name="pem_entry"/> + <name name="der_or_encrypted_der"/> + <name name="cipher_info"/> + <name name="cipher"/> + <name name="salt"/> + <name name="cipher_info_params"/> + <desc> + <code>Cipher = "RC2-CBC" | "DES-CBC" | "DES-EDE3-CBC"</code> + <p><c>Salt</c> could be generated with + <seealso marker="crypto:crypto#strong_rand_bytes-1"><c>crypto:strong_rand_bytes(8)</c></seealso>.</p> + </desc> + </datatype> + + <datatype> + <name name="public_key"/> + <name name="rsa_public_key"/> + <name name="dsa_public_key"/> + <name name="ec_public_key"/> + <name name="ecpk_parameters"/> + <name name="ecpk_parameters_api"/> + <desc> + </desc> + </datatype> + + <datatype> + <name name="ed_public_key"/> + <desc> + <warning><p>This format of the EdDSA curves is temporary and may change without prior notice!</p></warning> + </desc> + </datatype> + + <datatype> + <name name="private_key"/> + <name name="rsa_private_key"/> + <name name="dsa_private_key"/> + <name name="ec_private_key"/> + <desc> + </desc> + </datatype> + + <datatype> + <name name="ed_private_key"/> + <desc> + <warning><p>This format of the EdDSA curves is temporary and may change without prior notice!</p></warning> + </desc> + </datatype> + + + <datatype> + <name name="key_params"/> + <desc> + </desc> + </datatype> + + <datatype> + <name name="digest_type"/> + <desc> + </desc> + </datatype> + + <datatype> + <name name="crl_reason"/> + <desc> + </desc> + </datatype> + + <datatype> + <name name="issuer_id"/> + <desc> + </desc> + </datatype> + + <datatype> + <name name="issuer_name"/> + <desc> + </desc> + </datatype> + + <datatype> + <name name="ssh_file"/> + <desc> + </desc> + </datatype> + + + + </datatypes> - <p>The following data types are used in the functions for <c>public_key</c>:</p> - - <taglist> - <tag><c>oid()</c></tag> - <item><p>Object identifier, a tuple of integers as generated by the <c>ASN.1</c> compiler.</p></item> - - <tag><c>boolean() =</c></tag> - <item><p><c>true | false</c></p></item> - - <tag><c>string() =</c></tag> - <item><p><c>[bytes()]</c></p></item> - - <tag><c>der_encoded() =</c></tag> - <item><p><c>binary()</c></p></item> - - <tag><c>pki_asn1_type() =</c></tag> - <item> - <p><c>'Certificate'</c></p> - <p><c>| 'RSAPrivateKey'</c></p> - <p><c>| 'RSAPublicKey'</c></p> - <p><c>| 'DSAPrivateKey'</c></p> - <p><c>| 'DSAPublicKey'</c></p> - <p><c>| 'DHParameter'</c></p> - <p><c>| 'SubjectPublicKeyInfo'</c></p> - <p><c>| 'PrivateKeyInfo'</c></p> - <p><c>| 'CertificationRequest'</c></p> - <p><c>| 'CertificateList'</c></p> - <p><c>| 'ECPrivateKey'</c></p> - <p><c>| 'EcpkParameters'</c></p> - </item> - - <tag><c>pem_entry () =</c></tag> - <item><p><c>{pki_asn1_type(), binary(), %% DER or encrypted DER</c></p> - <p><c> not_encrypted | cipher_info()}</c></p></item> - - <tag><c>cipher_info() = </c></tag> - <item><p><c>{"RC2-CBC" | "DES-CBC" | "DES-EDE3-CBC", crypto:strong_rand_bytes(8)</c></p> - <p><c>| {#'PBEParameter{}, digest_type()} | #'PBES2-params'{}}</c></p> - </item> - - <tag><c>public_key() =</c></tag> - <item><p><c>rsa_public_key() | dsa_public_key() | ec_public_key()</c></p></item> - - <tag><c>private_key() =</c></tag> - <item><p><c>rsa_private_key() | dsa_private_key() | ec_private_key()</c></p></item> - - <tag><c>rsa_public_key() =</c></tag> - <item><p><c>#'RSAPublicKey'{}</c></p></item> - - <tag><c>rsa_private_key() =</c></tag> - <item><p><c>#'RSAPrivateKey'{}</c></p></item> - - <tag><c>dsa_public_key() =</c></tag> - <item><p><c>{integer(), #'Dss-Parms'{}}</c></p></item> - - <tag><c>dsa_private_key() =</c></tag> - <item><p><c>#'DSAPrivateKey'{}</c></p></item> - - <tag><c>ec_public_key()</c></tag> - <item><p>= <c>{#'ECPoint'{}, #'ECParameters'{} | {namedCurve, oid()}}</c></p></item> - - <tag><c>ec_private_key() =</c></tag> - <item><p><c>#'ECPrivateKey'{}</c></p></item> - - <tag><c>key_params() =</c></tag> - <item><p> #'DHParameter'{} | {namedCurve, oid()} | #'ECParameters'{} - | {rsa, Size::integer(), PubExp::integer()} </p></item> - - <tag><c>public_crypt_options() =</c></tag> - <item><p><c>[{rsa_pad, rsa_padding()}]</c></p></item> - - <tag><c>rsa_padding() =</c></tag> - <item> - <p><c>'rsa_pkcs1_padding'</c></p> - <p><c>| 'rsa_pkcs1_oaep_padding'</c></p> - <p><c>| 'rsa_no_padding'</c></p> - </item> - - <tag><c>public_sign_options() =</c></tag> - <item><p><c>[{rsa_pad, rsa_sign_padding()} | {rsa_pss_saltlen, integer()}]</c></p></item> - - <tag><c>rsa_sign_padding() =</c></tag> - <item> - <p><c>'rsa_pkcs1_padding'</c></p> - <p><c>| 'rsa_pkcs1_pss_padding'</c></p> - </item> - - <tag><c>digest_type() = </c></tag> - <item><p>Union of <c>rsa_digest_type()</c>, <c>dss_digest_type()</c>, - and <c>ecdsa_digest_type()</c>.</p></item> - - <tag><c>rsa_digest_type() = </c></tag> - <item><p><c>'md5' | 'ripemd160' | 'sha' | 'sha224' | 'sha256' | 'sha384' | 'sha512'</c></p></item> - - <tag><c>dss_digest_type() = </c></tag> - <item><p><c>'sha' | 'sha224' | 'sha256' | 'sha384' | 'sha512'</c></p> - <p>Note that the actual supported dss_digest_type depends on the underlying crypto library. - In OpenSSL version >= 1.0.1 the listed digest are supported, while in 1.0.0 only - sha, sha224 and sha256 are supported. In version 0.9.8 only sha is supported.</p> - </item> - - <tag><c>ecdsa_digest_type() = </c></tag> - <item><p><c>'sha' | 'sha224' | 'sha256' | 'sha384' | 'sha512'</c></p></item> - - <tag><c>crl_reason() = </c></tag> - <item> - <p><c>unspecified</c></p> - <p><c>| keyCompromise</c></p> - <p><c>| cACompromise</c></p> - <p><c>| affiliationChanged</c></p> - <p><c>| superseded</c></p> - <p><c>| cessationOfOperation</c></p> - <p><c>| certificateHold</c></p> - <p><c>| privilegeWithdrawn</c></p> - <p><c>| aACompromise</c></p> - </item> - - <tag><c>issuer_name() =</c></tag> - <item><p><c>{rdnSequence,[#'AttributeTypeAndValue'{}]}</c></p> - </item> - - <tag><c>ssh_file() =</c></tag> - <item> - <p><c>openssh_public_key</c></p> - <p><c>| rfc4716_public_key</c></p> - <p><c>| known_hosts</c></p> - <p><c>| auth_keys</c></p> - </item> - </taglist> - - -<!-- <p><code>policy_tree() = [Root, Children]</code></p> --> - -<!-- <p><code>Root = #policy_tree_node{}</code></p> --> - -<!-- <p><code>Children = [] | policy_tree()</code></p> --> - -<!-- <p>The <c>policy_tree_node</c> record has the following fields:</p> --> - -<!-- <taglist> --> - -<!-- <tag>valid_policy</tag> --> -<!-- <item>A single policy OID representing a --> -<!-- valid policy for the path of length x.</item> --> - -<!-- <tag>qualifier_set</tag> --> -<!-- <item>A set of policy qualifiers associated --> -<!-- with the valid policy in certificate x.</item> --> - -<!-- <tag>critically_indicator</tag> --> -<!-- <item>Indicates whether the --> -<!-- certificate policy extension in certificate x was marked as --> -<!-- critical.</item> --> - -<!-- <tag>expected_policy_set</tag> --> -<!-- <item>Contains one or more policy OIDs --> -<!-- that would satisfy this policy in the certificate x+1.</item> --> -<!-- </taglist> --> - </section> <funcs> <func> - <name>compute_key(OthersKey, MyKey)-></name> - <name>compute_key(OthersKey, MyKey, Params)-></name> + <name name="compute_key" arity="2" since="OTP R16B01"/> + <fsummary>Computes shared secret.</fsummary> + <desc> + <p>Computes shared secret.</p> + </desc> + </func> + + <func> + <name name="compute_key" arity="3" since="OTP R16B01"/> <fsummary>Computes shared secret.</fsummary> - <type> - <v>OthersKey = #'ECPoint'{} | binary(), MyKey = #'ECPrivateKey'{} | binary()</v> - <v>Params = #'DHParameter'{}</v> - </type> <desc> <p>Computes shared secret.</p> </desc> </func> <func> - <name>decrypt_private(CipherText, Key) -> binary()</name> - <name>decrypt_private(CipherText, Key, Options) -> binary()</name> + <name name="decrypt_private" arity="2" since="OTP R14B"/> + <name name="decrypt_private" arity="3" since="OTP R14B"/> <fsummary>Public-key decryption.</fsummary> - <type> - <v>CipherText = binary()</v> - <v>Key = rsa_private_key()</v> - <v>Options = public_crypt_options()</v> - </type> <desc> <p>Public-key decryption using the private key. See also <seealso marker="crypto:crypto#private_decrypt/4">crypto:private_decrypt/4</seealso></p> @@ -246,14 +202,9 @@ </func> <func> - <name>decrypt_public(CipherText, Key) - > binary()</name> - <name>decrypt_public(CipherText, Key, Options) - > binary()</name> + <name name="decrypt_public" arity="2" since="OTP R14B"/> + <name name="decrypt_public" arity="3" since="OTP R14B"/> <fsummary>Public-key decryption.</fsummary> - <type> - <v>CipherText = binary()</v> - <v>Key = rsa_public_key()</v> - <v>Options = public_crypt_options()</v> - </type> <desc> <p>Public-key decryption using the public key. See also <seealso marker="crypto:crypto#public_decrypt/4">crypto:public_decrypt/4</seealso></p> @@ -261,47 +212,24 @@ </func> <func> - <name>der_decode(Asn1type, Der) -> term()</name> + <name name="der_decode" arity="2" since="OTP R14B"/> <fsummary>Decodes a public-key ASN.1 DER encoded entity.</fsummary> - <type> - <v>Asn1Type = atom()</v> - <d>ASN.1 type present in the Public Key applications - ASN.1 specifications.</d> - <v>Der = der_encoded()</v> - </type> - <desc> + <desc> <p>Decodes a public-key ASN.1 DER encoded entity.</p> </desc> </func> - + <func> - <name>der_encode(Asn1Type, Entity) -> der_encoded()</name> + <name name="der_encode" arity="2" since="OTP R14B"/> <fsummary>Encodes a public-key entity with ASN.1 DER encoding.</fsummary> - <type> - <v>Asn1Type = atom()</v> - <d>ASN.1 type present in the Public Key applications - ASN.1 specifications.</d> - <v>Entity = term()</v> - <d>Erlang representation of <c>Asn1Type</c></d> - </type> <desc> <p>Encodes a public-key entity with ASN.1 DER encoding.</p> </desc> </func> <func> - <name>dh_gex_group(MinSize, SuggestedSize, MaxSize, Groups) -> {ok, {Size,Group}} | {error,Error}</name> + <name name="dh_gex_group" arity="4" since="OTP 18.2"/> <fsummary>Selects a group for Diffie-Hellman key exchange</fsummary> - <type> - <v>MinSize = positive_integer()</v> - <v>SuggestedSize = positive_integer()</v> - <v>MaxSize = positive_integer()</v> - <v>Groups = undefined | [{Size,[{G,P}]}]</v> - <v>Size = positive_integer()</v> - <v>Group = {G,P}</v> - <v>G = positive_integer()</v> - <v>P = positive_integer()</v> - </type> <desc> <p>Selects a group for Diffie-Hellman key exchange with the key size in the range <c>MinSize...MaxSize</c> and as close to <c>SuggestedSize</c> as possible. If <c>Groups == undefined</c> a default set will be @@ -320,13 +248,10 @@ </desc> </func> - <func> - <name>encrypt_private(PlainText, Key) -> binary()</name> + <func> + <name name="encrypt_private" arity="2" since="OTP R14B"/> + <name name="encrypt_private" arity="3" since="OTP 21.1"/> <fsummary>Public-key encryption using the private key.</fsummary> - <type> - <v>PlainText = binary()</v> - <v>Key = rsa_private_key()</v> - </type> <desc> <p>Public-key encryption using the private key. See also <seealso @@ -335,12 +260,9 @@ </func> <func> - <name>encrypt_public(PlainText, Key) -> binary()</name> + <name name="encrypt_public" arity="2" since="OTP R14B"/> + <name name="encrypt_public" arity="3" since="OTP 21.1"/> <fsummary>Public-key encryption using the public key.</fsummary> - <type> - <v>PlainText = binary()</v> - <v>Key = rsa_public_key()</v> - </type> <desc> <p>Public-key encryption using the public key. See also <seealso marker="crypto:crypto#public_encrypt/4">crypto:public_encrypt/4</seealso>.</p> @@ -348,11 +270,8 @@ </func> <func> - <name>generate_key(Params) -> {Public::binary(), Private::binary()} | #'ECPrivateKey'{} | #'RSAPrivateKey'{}</name> + <name name="generate_key" arity="1" since="OTP R16B01"/> <fsummary>Generates a new keypair.</fsummary> - <type> - <v>Params = key_params()</v> - </type> <desc> <p>Generates a new keypair. Note that except for Diffie-Hellman the public key is included in the private key structure. See also @@ -362,38 +281,27 @@ </func> <func> - <name>pem_decode(PemBin) -> [pem_entry()]</name> + <name name="pem_decode" arity="1" since="OTP R14B"/> <fsummary>Decodes PEM binary data and returns entries as ASN.1 DER encoded entities.</fsummary> - <type> - <v>PemBin = binary()</v> - <d>Example {ok, PemBin} = file:read_file("cert.pem").</d> - </type> <desc> - <p>Decodes PEM binary data and returns - entries as ASN.1 DER encoded entities.</p> + <p>Decodes PEM binary data and returns entries as ASN.1 DER encoded entities.</p> + <p>Example <c>{ok, PemBin} = file:read_file("cert.pem").</c></p> </desc> </func> - <func> - <name>pem_encode(PemEntries) -> binary()</name> + <func> + <name name="pem_encode" arity="1" since="OTP R14B"/> <fsummary>Creates a PEM binary.</fsummary> - <type> - <v> PemEntries = [pem_entry()] </v> - </type> - <desc> - <p>Creates a PEM binary.</p> - </desc> + <desc> + <p>Creates a PEM binary.</p> + </desc> </func> - <func> - <name>pem_entry_decode(PemEntry) -> term()</name> - <name>pem_entry_decode(PemEntry, Password) -> term()</name> + <func> + <name name="pem_entry_decode" arity="1" since="OTP R14B"/> + <name name="pem_entry_decode" arity="2" since="OTP R14B"/> <fsummary>Decodes a PEM entry.</fsummary> - <type> - <v>PemEntry = pem_entry()</v> - <v>Password = string()</v> - </type> <desc> <p>Decodes a PEM entry. <c>pem_decode/1</c> returns a list of PEM entries. Notice that if the PEM entry is of type @@ -402,51 +310,36 @@ </desc> </func> - <func> - <name>pem_entry_encode(Asn1Type, Entity) -> pem_entry()</name> - <name>pem_entry_encode(Asn1Type, Entity, {CipherInfo, Password}) -> pem_entry()</name> + <func> + <name name="pem_entry_encode" arity="2" since="OTP R14B"/> + <name name="pem_entry_encode" arity="3" since="OTP R14B"/> <fsummary>Creates a PEM entry that can be fed to <c>pem_encode/1</c>.</fsummary> - <type> - <v>Asn1Type = pki_asn1_type()</v> - <v>Entity = term()</v> - <d>Erlang representation of - <c>Asn1Type</c>. If <c>Asn1Type</c> is 'SubjectPublicKeyInfo', + <desc> + <p>Creates a PEM entry that can be feed to <c>pem_encode/1</c>.</p> + <p>If <c>Asn1Type</c> is <c>'SubjectPublicKeyInfo'</c>, <c>Entity</c> must be either an <c>rsa_public_key()</c>, <c>dsa_public_key()</c> or an <c>ec_public_key()</c> and this function creates the appropriate - 'SubjectPublicKeyInfo' entry. - </d> - <v>CipherInfo = cipher_info()</v> - <v>Password = string()</v> - </type> - <desc> - <p>Creates a PEM entry that can be feed to <c>pem_encode/1</c>.</p> - </desc> + <c>'SubjectPublicKeyInfo'</c> entry. + </p> + </desc> </func> - + <func> - <name>pkix_decode_cert(Cert, otp|plain) -> #'Certificate'{} | #'OTPCertificate'{}</name> + <name name="pkix_decode_cert" arity="2" since=""/> <fsummary>Decodes an ASN.1 DER-encoded PKIX x509 certificate.</fsummary> - <type> - <v>Cert = der_encoded()</v> - </type> - <desc> - <p>Decodes an ASN.1 DER-encoded PKIX certificate. Option <c>otp</c> - uses the customized ASN.1 specification OTP-PKIX.asn1 for - decoding and also recursively decode most of the standard - parts.</p> - </desc> + <desc> + <p>Decodes an ASN.1 DER-encoded PKIX certificate. Option <c>otp</c> + uses the customized ASN.1 specification OTP-PKIX.asn1 for + decoding and also recursively decode most of the standard + parts.</p> + </desc> </func> <func> - <name>pkix_encode(Asn1Type, Entity, otp | plain) -> der_encoded()</name> + <name name="pkix_encode" arity="3" since="OTP R14B"/> <fsummary>DER encodes a PKIX x509 certificate or part of such a certificate.</fsummary> - <type> - <v>Asn1Type = atom()</v> - <d>The ASN.1 type can be 'Certificate', 'OTPCertificate' or a subtype of either.</d> - <v>Entity = #'Certificate'{} | #'OTPCertificate'{} | a valid subtype</v> - </type> <desc> <p>DER encodes a PKIX x509 certificate or part of such a certificate. This function must be used for encoding certificates or parts of certificates @@ -456,71 +349,49 @@ </func> <func> - <name>pkix_is_issuer(Cert, IssuerCert) -> boolean()</name> - <fsummary>Checks if <c>IssuerCert</c> issued <c>Cert</c>.</fsummary> - <type> - <v>Cert = der_encoded() | #'OTPCertificate'{} | #'CertificateList'{}</v> - <v>IssuerCert = der_encoded() | #'OTPCertificate'{}</v> - </type> - <desc> - <p>Checks if <c>IssuerCert</c> issued <c>Cert</c>.</p> - </desc> - </func> + <name name="pkix_is_issuer" arity="2" since="OTP R14B"/> + <fsummary>Checks if <c>IssuerCert</c> issued <c>Cert</c>.</fsummary> + <desc> + <p>Checks if <c>IssuerCert</c> issued <c>Cert</c>.</p> + </desc> + </func> - <func> - <name>pkix_is_fixed_dh_cert(Cert) -> boolean()</name> - <fsummary>Checks if a certificate is a fixed Diffie-Hellman certificate.</fsummary> - <type> - <v>Cert = der_encoded() | #'OTPCertificate'{}</v> - </type> - <desc> - <p>Checks if a certificate is a fixed Diffie-Hellman certificate.</p> - </desc> - </func> + <func> + <name name="pkix_is_fixed_dh_cert" arity="1" since="OTP R14B"/> + <fsummary>Checks if a certificate is a fixed Diffie-Hellman certificate.</fsummary> + <desc> + <p>Checks if a certificate is a fixed Diffie-Hellman certificate.</p> + </desc> + </func> - <func> - <name>pkix_is_self_signed(Cert) -> boolean()</name> - <fsummary>Checks if a certificate is self-signed.</fsummary> - <type> - <v>Cert = der_encoded() | #'OTPCertificate'{}</v> - </type> - <desc> - <p>Checks if a certificate is self-signed.</p> - </desc> - </func> + <func> + <name name="pkix_is_self_signed" arity="1" since="OTP R14B"/> + <fsummary>Checks if a certificate is self-signed.</fsummary> + <desc> + <p>Checks if a certificate is self-signed.</p> + </desc> + </func> - <func> - <name>pkix_issuer_id(Cert, IssuedBy) -> {ok, IssuerID} | {error, Reason}</name> - <fsummary>Returns the issuer id.</fsummary> - <type> - <v>Cert = der_encoded() | #'OTPCertificate'{}</v> - <v>IssuedBy = self | other</v> - <v>IssuerID = {integer(), issuer_name()}</v> - <d>The issuer id consists of the serial number and the issuers name.</d> - <v>Reason = term()</v> - </type> - <desc> - <p>Returns the issuer id.</p> - </desc> - </func> - + <func> + <name name="pkix_issuer_id" arity="2" since="OTP R14B"/> + <fsummary>Returns the issuer id.</fsummary> + <desc> + <p>Returns the issuer id.</p> + </desc> + </func> + <func> + <name name="pkix_normalize_name" arity="1" since="OTP R14B"/> + <fsummary>Normalizes an issuer name so that it can be easily + compared to another issuer name.</fsummary> + <desc> + <p>Normalizes an issuer name so that it can be easily + compared to another issuer name.</p> + </desc> + </func> + <func> - <name>pkix_normalize_name(Issuer) -> Normalized</name> - <fsummary>Normalizes an issuer name so that it can be easily - compared to another issuer name.</fsummary> - <type> - <v>Issuer = issuer_name()</v> - <v>Normalized = issuer_name()</v> - </type> - <desc> - <p>Normalizes an issuer name so that it can be easily - compared to another issuer name.</p> - </desc> - </func> - - <func> - <name>pkix_path_validation(TrustedCert, CertChain, Options) -> {ok, {PublicKeyInfo, PolicyTree}} | {error, {bad_cert, Reason}} </name> + <name since="OTP R16B">pkix_path_validation(TrustedCert, CertChain, Options) -> {ok, {PublicKeyInfo, PolicyTree}} | {error, {bad_cert, Reason}} </name> <fsummary>Performs a basic path validation according to RFC 5280.</fsummary> <type> <v>TrustedCert = #'OTPCertificate'{} | der_encoded() | atom()</v> @@ -620,26 +491,16 @@ fun(OtpCert :: #'OTPCertificate'{}, </func> <func> - <name>pkix_crl_issuer(CRL) -> issuer_name()</name> + <name name="pkix_crl_issuer" arity="1" since="OTP 17.5"/> <fsummary>Returns the issuer of the <c>CRL</c>.</fsummary> - <type> - <v>CRL = der_encoded() | #'CertificateList'{} </v> - </type> <desc> <p>Returns the issuer of the <c>CRL</c>.</p> </desc> </func> <func> - <name>pkix_crls_validate(OTPCertificate, DPAndCRLs, Options) -> CRLStatus()</name> + <name name="pkix_crls_validate" arity="3" since="OTP R16B"/> <fsummary>Performs CRL validation.</fsummary> - <type> - <v>OTPCertificate = #'OTPCertificate'{}</v> - <v>DPAndCRLs = [{DP::#'DistributionPoint'{}, {DerCRL::der_encoded(), CRL::#'CertificateList'{}}}] </v> - <v>Options = proplists:proplist()</v> - <v>CRLStatus() = valid | {bad_cert, revocation_status_undetermined} | {bad_cert, {revocation_status_undetermined, - {bad_crls, Details::term()}}} | {bad_cert, {revoked, crl_reason()}}</v> - </type> <desc> <p>Performs CRL validation. It is intended to be called from the verify fun of <seealso marker="#pkix_path_validation-3"> pkix_path_validation/3 @@ -690,24 +551,16 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, </func> <func> - <name>pkix_crl_verify(CRL, Cert) -> boolean()</name> + <name name="pkix_crl_verify" arity="2" since="OTP 17.5"/> <fsummary> Verify that <c>Cert</c> is the <c> CRL</c> signer. </fsummary> - <type> - <v>CRL = der_encoded() | #'CertificateList'{} </v> - <v>Cert = der_encoded() | #'OTPCertificate'{} </v> - </type> <desc> <p>Verify that <c>Cert</c> is the <c>CRL</c> signer.</p> </desc> </func> <func> - <name>pkix_dist_point(Cert) -> DistPoint</name> + <name name="pkix_dist_point" arity="1" since="OTP 17.5"/> <fsummary>Creates a distribution point for CRLs issued by the same issuer as <c>Cert</c>.</fsummary> - <type> - <v> Cert = der_encoded() | #'OTPCertificate'{} </v> - <v> DistPoint = #'DistributionPoint'{}</v> - </type> <desc> <p>Creates a distribution point for CRLs issued by the same issuer as <c>Cert</c>. Can be used as input to <seealso @@ -717,26 +570,17 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, </func> <func> - <name>pkix_dist_points(Cert) -> DistPoints</name> + <name name="pkix_dist_points" arity="1" since="OTP 17.5"/> <fsummary> Extracts distribution points from the certificates extensions.</fsummary> - <type> - <v> Cert = der_encoded() | #'OTPCertificate'{} </v> - <v> DistPoints = [#'DistributionPoint'{}]</v> - </type> <desc> <p> Extracts distribution points from the certificates extensions.</p> </desc> </func> <func> - <name>pkix_match_dist_point(CRL, DistPoint) -> boolean()</name> + <name name="pkix_match_dist_point" arity="2" since="OTP 19.0"/> <fsummary>Checks whether the given distribution point matches the Issuing Distribution Point of the CRL.</fsummary> - - <type> - <v>CRL = der_encoded() | #'CertificateList'{} </v> - <v>DistPoint = #'DistributionPoint'{}</v> - </type> <desc> <p>Checks whether the given distribution point matches the Issuing Distribution Point of the CRL, as described in RFC 5280. @@ -746,11 +590,8 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, </func> <func> - <name>pkix_sign(#'OTPTBSCertificate'{}, Key) -> der_encoded()</name> + <name name="pkix_sign" arity="2" since="OTP R14B"/> <fsummary>Signs certificate.</fsummary> - <type> - <v>Key = rsa_private_key() | dsa_private_key()</v> - </type> <desc> <p>Signs an 'OTPTBSCertificate'. Returns the corresponding DER-encoded certificate.</p> @@ -758,23 +599,18 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, </func> <func> - <name>pkix_sign_types(AlgorithmId) -> {DigestType, SignatureType}</name> + <name name="pkix_sign_types" arity="1" since="OTP R16B01"/> <fsummary>Translates signature algorithm OID to Erlang digest and signature algorithm types.</fsummary> - <type> - <v>AlgorithmId = oid()</v> - <d>Signature OID from a certificate or a certificate revocation list.</d> - <v>DigestType = rsa_digest_type() | dss_digest_type()</v> - <v>SignatureType = rsa | dsa | ecdsa</v> - </type> <desc> <p>Translates signature algorithm OID to Erlang digest and signature types. </p> + <p>The <c>AlgorithmId</c> is the signature OID from a certificate or a certificate revocation list.</p> </desc> </func> <func> - <name>pkix_test_data(Options) -> Config </name> - <name>pkix_test_data([chain_opts()]) -> [conf_opt()]</name> + <name since="OTP 20.1">pkix_test_data(Options) -> Config </name> + <name since="OTP 20.1">pkix_test_data([chain_opts()]) -> [conf_opt()]</name> <fsummary>Creates certificate test data.</fsummary> <type> <v>Options = #{chain_type() := chain_opts()} </v> @@ -808,7 +644,7 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, <v>conf_opt() = {cert, der_encoded()} | {key, PrivateKey} |{cacerts, [der_encoded()]}</v> <d> This is a subset of the type - <seealso marker="ssl:ssl#type-ssloption"> ssl:ssl_option()</seealso>. + <seealso marker="ssl:ssl#type-tls_option"> ssl:tls_option()</seealso>. <c>PrivateKey</c> is what <seealso marker="#generate_key-1">generate_key/1</seealso> returns. @@ -906,7 +742,7 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, </func> <func> - <name>pkix_test_root_cert(Name, Options) -> RootCert</name> + <name since="OTP 20.2">pkix_test_root_cert(Name, Options) -> RootCert</name> <fsummary>Generates a test data root cert.</fsummary> <type> <v>Name = string()</v> @@ -936,20 +772,16 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, </func> <func> - <name>pkix_verify(Cert, Key) -> boolean()</name> + <name name="pkix_verify" arity="2" since="OTP R14B"/> <fsummary>Verifies PKIX x.509 certificate signature.</fsummary> - <type> - <v>Cert = der_encoded()</v> - <v>Key = rsa_public_key() | dsa_public_key() | ec_public_key()</v> - </type> <desc> <p>Verifies PKIX x.509 certificate signature.</p> </desc> </func> <func> - <name>pkix_verify_hostname(Cert, ReferenceIDs) -> boolean()</name> - <name>pkix_verify_hostname(Cert, ReferenceIDs, Opts) -> boolean()</name> + <name since="OTP 19.3">pkix_verify_hostname(Cert, ReferenceIDs) -> boolean()</name> + <name since="OTP 19.3">pkix_verify_hostname(Cert, ReferenceIDs, Opts) -> boolean()</name> <fsummary>Verifies that a PKIX x.509 certificate <i>presented identifier</i> (e.g hostname) is an expected one.</fsummary> <type> @@ -967,62 +799,120 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, </type> <desc> <p>This function checks that the <i>Presented Identifier</i> (e.g hostname) in a peer certificate - is in agreement with the <i>Reference Identifier</i> that the client expects to be connected to. + is in agreement with at least one of the <i>Reference Identifier</i> that the client expects to be connected to. The function is intended to be added as an extra client check of the peer certificate when performing <seealso marker="public_key:public_key#pkix_path_validation-3">public_key:pkix_path_validation/3</seealso> </p> <p>See <url href="https://tools.ietf.org/html/rfc6125">RFC 6125</url> for detailed information about hostname verification. - The <seealso marker="using_public_key#verify_hostname">User's Manual</seealso> + The <seealso marker="using_public_key#verify_hostname">User's Guide</seealso> and <seealso marker="using_public_key#verify_hostname_examples">code examples</seealso> describes this function more detailed. </p> <p>The <c>{OtherRefId,term()}</c> is defined by the user and is passed to the <c>match_fun</c>, if defined. - If that term is a binary, it will be converted to a string. + If the term in <c>OtherRefId</c> is a binary, it will be converted to a string. </p> <p>The <c>ip</c> Reference ID takes an <seealso marker="inet:inet#type-ip_address">inet:ip_address()</seealso> or an ip address in string format (E.g "10.0.1.1" or "1234::5678:9012") as second element. </p> + <p>The options are:</p> + <taglist> + <tag><c>match_fun</c></tag> + <item> + The <c>fun/2</c> in this option replaces the default host name matching rules. The fun should return a + boolean to tell if the Reference ID and Presented ID matches or not. The fun can also return a third + value, the atom <c>default</c>, if the default matching rules shall apply. + This makes it possible to augment the tests with a special case: + <code> +fun(....) -> true; % My special case + (_, _) -> default % all others falls back to the inherit tests +end + </code> + <br/>See <seealso marker="#pkix_verify_hostname_match_fun-1">pkix_verify_hostname_match_fun/1</seealso> for a + function that takes a protocol name as argument and returns a <c>fun/2</c> suitable for this option and + <seealso marker="using_public_key#redefining_match_op">Re-defining the match operation</seealso> + in the User's Guide for an example. + </item> + + <tag><c>fail_callback</c></tag> + <item>If a matching fails, there could be circumstances when the certificate should be accepted anyway. Think for + example of a web browser where you choose to accept an outdated certificate. This option enables implementation + of such a function. This <c>fun/1</c> is called when no <c>ReferenceID</c> matches. The return value of the fun + (a <c>boolean()</c>) decides the outcome. If <c>true</c> the the certificate is accepted otherwise + it is rejected. See + <seealso marker="using_public_key#-pinning--a-certificate">"Pinning" a Certificate</seealso> + in the User's Guide. + </item> + + <tag><c>fqdn_fun</c></tag> + <item>This option augments the host name extraction from URIs and other Reference IDs. It could for example be + a very special URI that is not standardised. The fun takes a Reference ID as argument and returns one of: + <list> + <item>the hostname</item> + <item>the atom <c>default</c>: the default host name extract function will be used</item> + <item>the atom <c>undefined</c>: a host name could not be extracted. The pkix_verify_hostname/3 + will return <c>false</c>.</item> + </list> + <br/>For an example, see + <seealso marker="using_public_key#hostname_extraction">Hostname extraction</seealso> + in the User's Guide. + </item> + </taglist> + + </desc> + </func> + + <func> + <name since="OTP 21.0">pkix_verify_hostname_match_fun(Protcol) -> fun(RefId | FQDN::string(), PresentedID) -> boolean() | default</name> + <fsummary>Returns a fun that is intendended as argument to the match_fun option in pkix_verify_hostname/3. + </fsummary> + <type> + <v>Protocol = https</v> + <d>The algorithm for wich the fun should implement the special matching rules</d> + <v>RefId</v> + <d>See <seealso marker="#pkix_verify_hostname-3">pkix_verify_hostname/3</seealso>.</d> + <v>FQDN</v> + <d>See <seealso marker="#pkix_verify_hostname-3">pkix_verify_hostname/3</seealso>.</d> + <v>PresentedID</v> + <d>See <seealso marker="#pkix_verify_hostname-3">pkix_verify_hostname/3</seealso>.</d> + </type> + <desc> + <p>The return value of calling this function is intended to be used in the <c>match_fun</c> option in + <seealso marker="#pkix_verify_hostname-3">pkix_verify_hostname/3</seealso>. + </p> + <p>The returned fun augments the verify hostname matching according to the specific rules for + the protocol in the argument. + </p> </desc> </func> + <func> - <name>sign(Msg, DigestType, Key) -> binary()</name> - <name>sign(Msg, DigestType, Key, Options) -> binary()</name> + <name name="sign" arity="3" since=""/> + <name name="sign" arity="4" since="OTP 20.1"/> <fsummary>Creates a digital signature.</fsummary> - <type> - <v>Msg = binary() | {digest,binary()}</v> - <d>The <c>Msg</c> is either the binary "plain text" data to be - signed or it is the hashed value of "plain text", that is, the - digest.</d> - <v>DigestType = rsa_digest_type() | dss_digest_type() | ecdsa_digest_type()</v> - <v>Key = rsa_private_key() | dsa_private_key() | ec_private_key()</v> - <v>Options = public_sign_options()</v> - </type> <desc> <p>Creates a digital signature.</p> + <p>The <c>Msg</c> is either the binary "plain text" data to be + signed or it is the hashed value of "plain text", that is, the + digest.</p> </desc> </func> <func> - <name>ssh_decode(SshBin, Type) -> [{public_key(), Attributes::list()}]</name> + <name name="ssh_decode" arity="2" since="OTP R14B03"/> <fsummary>Decodes an SSH file-binary.</fsummary> - <type> - <v>SshBin = binary()</v> - <d>Example <c>{ok, SshBin} = file:read_file("known_hosts")</c>.</d> - <v>Type = public_key | ssh_file()</v> - <d>If <c>Type</c> is <c>public_key</c> the binary can be either - an RFC4716 public key or an OpenSSH public key.</d> - </type> - <desc> - <p>Decodes an SSH file-binary. In the case of <c>known_hosts</c> or - <c>auth_keys</c>, the binary can include one or more lines of the - file. Returns a list of public keys and their attributes, possible - attribute values depends on the file type represented by the - binary. - </p> - + <desc> + <p>Decodes an SSH file-binary. In the case of <c>known_hosts</c> or + <c>auth_keys</c>, the binary can include one or more lines of the + file. Returns a list of public keys and their attributes, possible + attribute values depends on the file type represented by the + binary. + </p> + <p>If the <c>Type</c> is <c>ssh2_pubkey</c>, the result will be + <c>Decoded_ssh2_pubkey</c>. Otherwise it will be <c>Decoded_OtherType</c>. + </p> <taglist> <tag>RFC4716 attributes - see RFC 4716.</tag> <item><p>{headers, [{string(), utf8_string()}]}</p></item> @@ -1035,33 +925,35 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, <item>{comment, string()}</item> <item><p>{bits, integer()} - In SSH version 1 files.</p></item> </taglist> - + <p>Example: <c>{ok, SshBin} = file:read_file("known_hosts")</c>. + </p> + <p>If <c>Type</c> is <c>public_key</c> the binary can be either + an RFC4716 public key or an OpenSSH public key.</p> </desc> </func> <func> - <name>ssh_encode([{Key, Attributes}], Type) -> binary()</name> + <name name="ssh_encode" arity="2" since="OTP R14B03"/> <fsummary>Encodes a list of SSH file entries to a binary.</fsummary> - <type> - <v>Key = public_key()</v> - <v>Attributes = list()</v> - <v>Type = ssh_file()</v> - </type> - <desc> - <p>Encodes a list of SSH file entries (public keys and attributes) to a binary. Possible - attributes depend on the file type, see <seealso - marker="#ssh_decode-2"> ssh_decode/2 </seealso>.</p> - </desc> + <desc> + <p>Encodes a list of SSH file entries (public keys and attributes) to a binary. Possible + attributes depend on the file type, see + <seealso marker="#ssh_decode-2"> ssh_decode/2 </seealso>. + </p> + <p>If the <c>Type</c> is <c>ssh2_pubkey</c>, the <c>InData</c> shall be + <c>InData_ssh2_pubkey</c>. Otherwise it shall be <c>OtherInData</c>. + </p> + </desc> </func> <func> - <name>ssh_hostkey_fingerprint(HostKey) -> string()</name> - <name>ssh_hostkey_fingerprint(DigestType, HostKey) -> string()</name> - <name>ssh_hostkey_fingerprint([DigestType], HostKey) -> [string()]</name> + <name since="OTP 19.2">ssh_hostkey_fingerprint(HostKey) -> string()</name> + <name since="OTP 19.2">ssh_hostkey_fingerprint(DigestType, HostKey) -> string()</name> + <name since="OTP 19.2">ssh_hostkey_fingerprint([DigestType], HostKey) -> [string()]</name> <fsummary>Calculates a ssh fingerprint for a hostkey.</fsummary> <type> - <v>Key = public_key()</v> - <v>DigestType = digest_type()</v> + <v>HostKey = <seealso marker="#type-public_key">public_key()</seealso></v> + <v>DigestType = <seealso marker="#type-digest_type">digest_type()</seealso></v> </type> <desc> <p>Calculates a ssh fingerprint from a public host key as openssh does.</p> @@ -1090,29 +982,19 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, </func> <func> - <name>verify(Msg, DigestType, Signature, Key) -> boolean()</name> - <name>verify(Msg, DigestType, Signature, Key, Options) -> boolean()</name> + <name name="verify" arity="4" since="OTP R14B"/> + <name name="verify" arity="5" since="OTP 20.1"/> <fsummary>Verifies a digital signature.</fsummary> - <type> - <v>Msg = binary() | {digest,binary()}</v> - <d>The <c>Msg</c> is either the binary "plain text" data - or it is the hashed value of "plain text", that is, the digest.</d> - <v>DigestType = rsa_digest_type() | dss_digest_type() | ecdsa_digest_type()</v> - <v>Signature = binary()</v> - <v>Key = rsa_public_key() | dsa_public_key() | ec_public_key()</v> - <v>Options = public_sign_options()</v> - </type> <desc> <p>Verifies a digital signature.</p> + <p>The <c>Msg</c> is either the binary "plain text" data + or it is the hashed value of "plain text", that is, the digest.</p> </desc> </func> <func> - <name>short_name_hash(Name) -> string()</name> + <name name="short_name_hash" arity="1" since="OTP 19.0"/> <fsummary>Generates a short hash of an issuer name.</fsummary> - <type> - <v>Name = issuer_name()</v> - </type> <desc> <p>Generates a short hash of an issuer name. The hash is returned as a string containing eight hexadecimal digits.</p> diff --git a/lib/public_key/doc/src/public_key_records.xml b/lib/public_key/doc/src/public_key_records.xml index 9ebdbb244d..d26867c12f 100644 --- a/lib/public_key/doc/src/public_key_records.xml +++ b/lib/public_key/doc/src/public_key_records.xml @@ -5,7 +5,7 @@ <header> <copyright> <year>2008</year> - <year>2015</year> + <year>2018</year> <holder>Ericsson AB, All Rights Reserved</holder> </copyright> <legalnotice> diff --git a/lib/public_key/doc/src/specs.xml b/lib/public_key/doc/src/specs.xml new file mode 100644 index 0000000000..e358ea1154 --- /dev/null +++ b/lib/public_key/doc/src/specs.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<specs xmlns:xi="http://www.w3.org/2001/XInclude"> + <xi:include href="../specs/specs_public_key.xml"/> +</specs> diff --git a/lib/public_key/doc/src/using_public_key.xml b/lib/public_key/doc/src/using_public_key.xml index 417d479da3..de0a6596c3 100644 --- a/lib/public_key/doc/src/using_public_key.xml +++ b/lib/public_key/doc/src/using_public_key.xml @@ -4,7 +4,7 @@ <chapter> <header> <copyright> - <year>2011</year><year>2016</year> + <year>2011</year><year>2018</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -570,6 +570,7 @@ true = public_key:verify(Digest, none, Signature, PublicKey),</code> <c>fqdn_fun</c> and <c>match_fun</c>. </p> <section> + <marker id="hostname_extraction"></marker> <title>Hostname extraction</title> <p>The <c>fqdn_fun</c> extracts hostnames (Fully Qualified Domain Names) from uri_id or other ReferenceIDs that are not pre-defined in the public_key function. @@ -595,7 +596,8 @@ true = public_key:verify(Digest, none, Signature, PublicKey),</code> </code> </section> <section> - <title>Re-defining the match operations</title> + <marker id="redefining_match_op"></marker> + <title>Re-defining the match operation</title> <p>The default matching handles dns_id and uri_id. In an uri_id the value is tested for equality with a value from the <c>Subject Alternate Name</c>. If som other kind of matching is needed, use the <c>match_fun</c> option. |