package tls-async

  1. Overview
  2. Docs

Private keys

The type for private keys

The polymorphic variant of private keys.

Constructing private keys

val generate : ?seed:Cstruct.t -> ?bits:int -> X509.Key_type.t -> t

generate ~seed ~bits type generates a private key of the given key type. The argument bits is only used for the bit length of RSA keys. If seed is provided, this is used to seed the random number generator.

val of_cstruct : Cstruct.t -> X509.Key_type.t -> (t, [> `Msg of string ]) Stdlib.result

of_cstruct data type decodes the buffer as private key. Only supported for elliptic curve keys.

val of_string : ?seed_or_data:[ `Seed | `Data ] -> ?bits:int -> X509.Key_type.t -> string -> (t, [> `Msg of string ]) Stdlib.result

of_string ~seed_or_data ~bits type data attempts to decode the data as a private key. If seed_or_data is provided and `Seed, the data is taken as seed and generate is used. If it is `Data, of_cstruct is used with the Base64 decoded data. By default, if type is RSA, the data is used as seed, otherwise directly as the private key data.

Operations on private keys

val key_type : t -> X509.Key_type.t

key_type priv is the key type of priv.

val public : t -> X509.Public_key.t

public priv is the corresponding public key of priv.

Cryptographic sign operation

Decoding and encoding in ASN.1 DER and PEM format

val encode_der : t -> Cstruct.t

encode_der key is der, the encoded private key as PKCS8 (RFC 5208, Section 5) PrivateKeyInfo structure.

val encode_pem : t -> Cstruct.t

encode_pem key is pem, the encoded private key (using PRIVATE KEY).

val sign : Mirage_crypto.Hash.hash -> ?scheme:Key_type.signature_scheme -> t -> [ `Digest of Cstruct.t | `Message of Cstruct.t ] -> string Core.Or_error.t
val decode_der : contents:string -> t Core.Or_error.t
val decode_pem : contents:string -> t Core.Or_error.t
OCaml

Innovation. Community. Security.