Library
Module
Module type
Parameter
Class
Class type
Private keys
Private keys as defined in PKCS 8: decoding and encoding in PEM format
type t = [
| `RSA of Mirage_crypto_pk.Rsa.priv
| `ED25519 of Mirage_crypto_ec.Ed25519.priv
| `P224 of Mirage_crypto_ec.P224.Dsa.priv
| `P256 of Mirage_crypto_ec.P256.Dsa.priv
| `P384 of Mirage_crypto_ec.P384.Dsa.priv
| `P521 of Mirage_crypto_ec.P521.Dsa.priv
]
The polymorphic variant of private keys.
val generate : ?seed:Cstruct.t -> ?bits:int -> Key_type.t -> t
generate ~seed ~bits type
generates a private key of the given key type. The argument bits
is only used for the bit length of RSA keys. If seed
is provided, this is used to seed the random number generator.
val of_cstruct : Cstruct.t -> Key_type.t -> (t, [> `Msg of string ]) result
of_cstruct data
decodes the buffer as private key. Only supported for elliptic curve keys.
val key_type : t -> Key_type.t
key_type priv
is the key type of priv
.
val public : t -> Public_key.t
public priv
is the corresponding public key of priv
.
val sign :
Mirage_crypto.Hash.hash ->
?scheme:Key_type.signature_scheme ->
t ->
[ `Digest of Cstruct.t | `Message of Cstruct.t ] ->
(Cstruct.t, [> `Msg of string ]) result
sign hash ~scheme key data
signs data
with key
using hash
and scheme
. If data
is `Message _
, the hash
will be applied before the signature. The scheme
defaults to `RSA_PSS
for RSA keys, `ED25519
for ED25519, and `ECDSA
for other EC keys.
decode_der der
is t
, where the private key of der
is extracted. It must be in PKCS8 (RFC 5208, Section 5) PrivateKeyInfo structure.
encode_der key
is der
, the encoded private key as PKCS8 (RFC 5208, Section 5) PrivateKeyInfo structure.
decode_pem pem
is t
, where the private key of pem
is extracted. Both RSA PRIVATE KEY and PRIVATE KEY stanzas are supported.