From 006f45a738a6612958381b2fcbf48586c008d911 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 26 Feb 2013 15:52:18 +0100 Subject: public_key & ssl: Add support for ISO oids 1.3.14.3.2.29 and 1.3.14.3.2.27 Some certificates may use these OIDs instead of the ones defined by PKIX/PKCS standard. Refactor code so that all handling of the "duplicate" oids is done by public_key. Update algorithm information in documentation. --- lib/public_key/doc/src/cert_records.xml | 27 +++++++++++++++++++-------- lib/public_key/doc/src/public_key.xml | 21 +++++++++++++++++++-- 2 files changed, 38 insertions(+), 10 deletions(-) (limited to 'lib/public_key/doc') diff --git a/lib/public_key/doc/src/cert_records.xml b/lib/public_key/doc/src/cert_records.xml index ac4b4e4489..c9249d40c3 100644 --- a/lib/public_key/doc/src/cert_records.xml +++ b/lib/public_key/doc/src/cert_records.xml @@ -60,9 +60,6 @@ marker="public_key">public key reference manual or follows here.

-

oid() - a tuple of integers - as generated by the ASN1 compiler.

-

time() = uct_time() | general_time()

uct_time() = {utcTime, "YYMMDDHHMMSSZ"}

@@ -158,6 +155,9 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

id-dsa-with-sha1 + id-dsaWithSHA1 (ISO alt oid to above) + + md2WithRSAEncryption @@ -165,10 +165,22 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

 sha1WithRSAEncryption + + + sha-1WithRSAEncryption (ISO alt oid to above) + + + sha224WithRSAEncryption - ecdsa-with-SHA1 + sha256WithRSAEncryption + + sha512WithRSAEncryption + + + ecdsa-with-SHA1 + Signature algorithm oids @@ -276,15 +288,14 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

dhpublicnumber - ecdsa-with-SHA1 - - id-keyExchangeAlgorithm + + id-ecPublicKey + Public key algorithm oids - #'Extension'{ extnID, % id_extensions() | oid() diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index 5864de2d57..84300f6e65 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -48,7 +48,7 @@ Supports RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile Supports PKCS-1 - RSA Cryptography Standard - Supports DSA- Digital Signature Algorithm + Supports DSS- Digital Signature Standard (DSA - Digital Signature Algorithm) Supports PKCS-3 - Diffie-Hellman Key Agreement Standard Supports PKCS-5 - Password-Based Cryptography Standard Supports PKCS-8 - Private-Key Information Syntax Standard @@ -72,8 +72,10 @@ -include_lib("public_key/include/public_key.hrl"). -

Data Types

+

Data Types

+

oid() - a tuple of integers as generated by the ASN1 compiler.

+

boolean() = true | false

string() = [bytes()]

@@ -491,6 +493,21 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} | + + pkix_sign_types(AlgorithmId) -> {DigestType, SignatureType} + Translates signature algorithm oid to erlang digest and signature algorithm types. + + AlgorithmId = oid() + Signature oid from a certificate or a certificate revocation list + DigestType = rsa_digest_type() | dss_digest_type() + SignatureType = rsa | dsa + + +

Translates signature algorithm oid to erlang digest and signature types. +

+ + + pkix_verify(Cert, Key) -> boolean() Verify pkix x.509 certificate signature. -- cgit v1.2.3