package x509

  1. Overview
  2. Docs
Public Key Infrastructure (RFC 5280, PKCS) purely in OCaml

Install 

dune-project
 Dependency

github.com Readme Changelog BSD-2-Clause License Edit opam file Versions (11)

Authors

  1. H
    Hannes Mehnert <hannes@mehnert.org>
  2. D
    David Kaloper <dk505@cam.ac.uk>

Maintainers

  1. H
    Hannes Mehnert <hannes@mehnert.org>

Sources

x509-1.0.6.tbz
sha256=fc816ae2c65e8b42fa60d90a507b2140495e28d095ad37b27e4c268ae3c00d6c
sha512=3ca30aa78366cbb0599cce69a7bbfeaf857cc885f1367f3cf62d4236a55b40172478b73bda70c38b658dcfe9e407326f8db0a260cb36b568e3063c6eb75e0bd7

doc/x509/X509/Private_key/index.html

Module X509.Private_keySource

Private keys

Private keys as defined in PKCS 8: decoding and encoding in PEM format

The type for private keys

The polymorphic variant of private keys.

Constructing private keys

val generate : ?seed:string -> ?bits:int -> Key_type.t -> t

generate ~seed ~bits type generates a private key of the given key type. The argument bits is only used for the bit length of RSA keys. If seed is provided, this is used to seed the random number generator.

val of_octets : string -> Key_type.t -> (t, [> `Msg of string ]) result

of_octets data type decodes the buffer as private key. Only supported for elliptic curve keys.

val of_string : ?seed_or_data:[ `Seed | `Data ] -> ?bits:int -> Key_type.t -> string -> (t, [> `Msg of string ]) result

of_string ~seed_or_data ~bits type data attempts to decode the data as a private key. If seed_or_data is provided and `Seed, the data is taken as seed and generate is used. If it is `Data, of_octets is used with the Base64 decoded data. By default, if type is RSA, the data is used as seed, otherwise directly as the private key data.

Operations on private keys

val key_type : t -> Key_type.t

key_type priv is the key type of priv.

val public : t -> Public_key.t

public priv is the corresponding public key of priv.

Cryptographic sign operation

val sign : Digestif.hash' -> ?scheme:Key_type.signature_scheme -> t -> [ `Digest of string | `Message of string ] -> (string, [> `Msg of string ]) result

sign hash ~scheme key data signs data with key using hash and scheme. If data is `Message _, the hash will be applied before the signature. The scheme defaults to `RSA_PSS for RSA keys, `ED25519 for ED25519, and `ECDSA for other EC keys.

Decoding and encoding in ASN.1 DER and PEM format

val decode_der : string -> (t, [> `Msg of string ]) result

decode_der der is t, where the private key of der is extracted. It must be in PKCS8 (RFC 5208, Section 5) PrivateKeyInfo structure.

val encode_der : t -> string

encode_der key is der, the encoded private key as PKCS8 (RFC 5208, Section 5) PrivateKeyInfo structure.

val decode_pem : string -> (t, [> `Msg of string ]) result

decode_pem pem is t, where the private key of pem is extracted. Both RSA PRIVATE KEY and PRIVATE KEY stanzas are supported.

val encode_pem : t -> string

encode_pem key is pem, the encoded private key (using PRIVATE KEY).