Module x509_private_key

Functions for generating, reading and writing RSA and EC private keys.

Description

Functions for generating, reading and writing RSA and EC private keys.

Data Types

from_pem_opts()

from_pem_opts() = [{password, string() | binary()}]

new_rsa_opts()

new_rsa_opts() = [{exponent, non_neg_integer()}]

private_key()

private_key() = public_key:rsa_private_key() | public_key:ec_private_key()

private_key_info()

private_key_info() = #'PrivateKeyInfo'{}

to_der_opts()

to_der_opts() = [{wrap, boolean()}]

to_pem_opts()

to_pem_opts() = [{wrap, boolean()} | {password, string()} | {cipher, public_key:cipher()}]

Function Index

from_der/1Attempts to parse a private key in DER (binary) format.
from_pem/1Attempts to parse a private key in PEM format.
from_pem/2Attempts to parse a private key in PEM format.
new_ec/1Generates a new private EC private key.
new_rsa/1Generates a new private RSA private key.
new_rsa/2Generates a new private RSA private key.
to_der/1Converts a private key to DER (binary) format.
to_der/2Converts a private key to DER (binary) format.
to_pem/1Converts a private key to PEM format.
to_pem/2Converts a private key to PEM format.
unwrap/1Extracts a private key from a PKCS#8 PrivateKeyInfo container.
wrap/1Wraps a private key in a PKCS#8 PrivateKeyInfo container.

Function Details

from_der/1

from_der(DER::binary()) -> {ok, private_key()} | {error, malformed}

Attempts to parse a private key in DER (binary) format. Unwraps a PKCS#8 PrivateKeyInfo container, if present.

Returns an 'ok' tuple in case of success, or an 'error' tuple in case of failure. Possible error reasons are:

from_pem/1

from_pem(PEM::binary()) -> {ok, private_key()} | {error, not_found | malformed}

Attempts to parse a private key in PEM format.

Equivalent to from_pem(PEM, []).

from_pem/2

from_pem(PEM::binary(), Opts::from_pem_opts()) -> {ok, private_key()} | {error, not_found | malformed}

Attempts to parse a private key in PEM format. Unwraps a PKCS#8 PrivateKeyInfo container, if present.

Expects the input string to include at least one of the following PEM entry types: "PRIVATE KEY", "EC PRIVATE KEY" or "RSA PRIVATE KEY". Use 'from_pem/2' for password-protected PEM entries.

If the PEM entry is password protected, the 'password' option must be specified to decrypt the private key.

Returns an 'ok' tuple in case of success, or an 'error' tuple in case of failure. Possible error reasons are:

new_ec/1

new_ec(Curve::crypto:ec_named_curve() | public_key:oid()) -> public_key:ec_private_key()

Generates a new private EC private key. The curve can be specified as an atom or an OID tuple.

To derive the public key, use x509_public_key:derive/1.

Note that this function uses the 'public_key' application, which does not support all curve names returned by the 'crypto:ec_curves/0' function. In particular, the NIST Prime curves must be selected by their SECG id, e.g. NIST P-256 is ':secp256r1' rather than ':prime256v1'. Please refer to RFC4492 appendix A for a mapping table.

new_rsa/1

new_rsa(KeySize::non_neg_integer()) -> public_key:rsa_private_key()

Generates a new private RSA private key.

Equivalent to new_rsa(KeySize, []).

new_rsa/2

new_rsa(KeySize::non_neg_integer(), Opts::new_rsa_opts()) -> public_key:rsa_private_key()

Generates a new private RSA private key.

The key length in bits must be specified as an integer (minimum 256).

Options:

To derive the public key, use x509_public_key:derive/1.

to_der/1

to_der(PrivateKey::private_key()) -> binary()

Converts a private key to DER (binary) format.

Equivalent to to_der(PrivateKey, []).

to_der/2

to_der(PrivateKey::private_key(), Opts::to_der_opts()) -> binary()

Converts a private key to DER (binary) format.

Options:

to_pem/1

to_pem(PrivateKey::private_key()) -> binary()

Converts a private key to PEM format.

Equivalent to to_pem(PrivateKey, []).

to_pem/2

to_pem(PrivateKey::private_key(), Opts::to_pem_opts()) -> binary()

Converts a private key to PEM format.

Options:

unwrap/1

unwrap(Container::private_key_info()) -> private_key()

Extracts a private key from a PKCS#8 PrivateKeyInfo container.

wrap/1

wrap(PrivateKey::private_key()) -> private_key_info()

Wraps a private key in a PKCS#8 PrivateKeyInfo container.


Generated by EDoc