Age | Commit message (Collapse) | Author |
|
Also add missing test for PEM encoded private EC keys.
|
|
RFC 1421 Privacy Enhancement for Electronic Mail February 1993
Encapsulated Message
Pre-Encapsulation Boundary (Pre-EB)
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Encapsulated Header Portion
(Contains encryption control fields inserted in plaintext.
Examples include "DEK-Info:" and "Key-Info:".
Note that, although these control fields have line-oriented
representations similar to RFC 822 header fields, the set
of fields valid in this context is disjoint from those used
in RFC 822 processing.)
Blank Line
(Separates Encapsulated Header from subsequent
Encapsulated Text Portion)
Encapsulated Text Portion
(Contains message data encoded as specified in Section 4.3.)
Post-Encapsulation Boundary (Post-EB)
-----END PRIVACY-ENHANCED MESSAGE-----
|
|
Added encode/decode for ecdsa public keys in openssh and rfc4716
format. This is for the ssh public key algorithm ecdsa-sha2-*.
|
|
|
|
* E.I bitstrings will not be decode as {Unused, Binary}, they are now
Erlang bitstrings.
* Also the compact_bit_string implies the legacy_erlang_types switch
- So removing the switch will also make OCTET STRING values be represented
as binaries.
- Undecoded open type will now be wrapped in a asn1_OPENTYPE tuple.
We need to handle this in pubkey_pbe.erl, maybe this can be eliminated
later by updating/refreshing ASN1-specs.
This will change some values in records returned by the public_key API
making this change a potentiall incompatibility.
|
|
|
|
|
|
See #535
Signed-off-by: Peter Lemenkov <[email protected]>
|
|
|
|
Add the mentioned test suites for *all* library and touched
non-library applications.
|
|
|
|
Author: Daniel Barney <[email protected]>
Date: Thu Oct 25 14:33:11 2012 -0600
Most common browsers are lax in thier handling of how the
emailAddress field is encoded. RFC 3280 section 4.1.2.6
defines the encoding as IA5String, however browsers will
also handle certificates with the emailAddress field
encoded as UTF8String. This fix allows the emailAddress
to be decoded as both an IA5String and an UTF8String.
Reviewed by: Andrew Bennett <[email protected]>
|
|
* dotsimon/pubkey_aes_cbc/OTP-11281:
Allow public_key:pem_entry_decode/2) to handle AES-128-CBC ciphered keys
|
|
Private keys generated by modern versions of ssh-keygen are ciphered
with AES-128-CBC instead of DES-EDE3-CBC.
Since DES-EDE3-CBC ciphered keys are handled, and the underlying
support for AES-128-CBC is already present, it seems a bug of omission
that AES-128-CBC ciphered keys are not.
|
|
|
|
to clean up.
|
|
As the ASN-1 application relies on a nif in R16 for decodeing (that
was not the case in R15), public_key currently has a runtime
dependency on ASN-1. Hopefully we will be able to remove this
dependency again in the future.
|
|
|
|
|
|
test code
|
|
|
|
|
|
|
|
To ensure that 'master' compiles when we merge 'maint' to it,
regardless of which encoding is default in 'master', all source
files with non-ascii characters *must* have the encoding specified.
|
|
Some certificates may use these OIDs instead of the ones defined by
PKIX/PKCS standard.
Refactor code so that all handling of the "duplicate" oids is done by
public_key.
Update algorithm information in documentation.
|
|
|
|
|
|
|
|
|
|
|
|
Note that PKCS-7 is an undocumented feature for now.
Also added some minor enhancements to the documentation.
|
|
Used defenitions from PKIX1Explicit88 to avoid most
of the overcomplicated InformationalFrameWork (and friends) ASN-1 specs.
We want to keep the public_key API as small and simple as possible.
|
|
|
|
containing withespaces correctly
|
|
|
|
utf8 and close down gracefully if other ASN-1 errors occur.
The reason certificate_unknown that is used as ALERT for ASN-1 encoding failure is described as:
Some other (unspecified) issue arose in processing the
certificate, rendering it unacceptable.
|
|
OTP-10106
OTP-10107
|
|
|
|
to deal with changes to the pkits suite.
|
|
|
|
|
|
|
|
|
|
This reverts commit c7e5f7576e213060cbb332be64a7c3798f6a2cc2.
|
|
|
|
conformance tests suite certificates has expired.
New conformance tests uses another format to save certificates so
we need to implement PKCS-12 support.
CRL tests are commented out as the CRL support is not included
in the main development yet.
|
|
* hw/call-chmod-without-f:
Call chmod without the "-f" flag
Conflicts:
erts/emulator/test/Makefile
lib/asn1/test/Makefile
lib/crypto/test/Makefile
lib/debugger/test/Makefile
lib/docbuilder/test/Makefile
lib/edoc/test/Makefile
lib/erl_interface/test/Makefile
lib/inviso/test/Makefile
lib/parsetools/test/Makefile
lib/percept/test/Makefile
lib/ssl/test/Makefile
lib/syntax_tools/test/Makefile
lib/test_server/test/Makefile
lib/tools/test/Makefile
OTP-9170
|
|
|
|
|
|
|