package x509

  1. Overview
  2. Docs

Private keys

Private keys as defined in PKCS 8: decoding and encoding in PEM format

The type for private keys

The polymorphic variant of private keys.

Constructing private keys

val generate : ?seed:Cstruct.t -> ?bits:int -> Key_type.t -> t

generate ~seed ~bits type generates a private key of the given key type. The argument bits is only used for the bit length of RSA keys. If seed is provided, this is used to seed the random number generator.

val of_cstruct : Cstruct.t -> Key_type.t -> (t, [> `Msg of string ]) result

of_cstruct data decodes the buffer as private key. Only supported for elliptic curve keys.

Operations on private keys

val key_type : t -> Key_type.t

key_type priv is the key type of priv.

val public : t -> Public_key.t

public priv is the corresponding public key of priv.

Cryptographic sign operation

val sign : Mirage_crypto.Hash.hash -> ?scheme:Key_type.signature_scheme -> t -> [ `Digest of Cstruct.t | `Message of Cstruct.t ] -> (Cstruct.t, [> `Msg of string ]) result

sign hash ~scheme key data signs data with key using hash and scheme. If data is `Message _, the hash will be applied before the signature. The scheme defaults to `RSA_PSS for RSA keys, `ED25519 for ED25519, and `ECDSA for other EC keys.

Decoding and encoding in ASN.1 DER and PEM format

val decode_der : Cstruct.t -> (t, [> `Msg of string ]) result

decode_der der is t, where the private key of der is extracted. It must be in PKCS8 (RFC 5208, Section 5) PrivateKeyInfo structure.

val encode_der : t -> Cstruct.t

encode_der key is der, the encoded private key as PKCS8 (RFC 5208, Section 5) PrivateKeyInfo structure.

val decode_pem : Cstruct.t -> (t, [> `Msg of string ]) result

decode_pem pem is t, where the private key of pem is extracted. Both RSA PRIVATE KEY and PRIVATE KEY stanzas are supported.

val encode_pem : t -> Cstruct.t

encode_pem key is pem, the encoded private key (using PRIVATE KEY).

OCaml

Innovation. Community. Security.