.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "PKCS10 3pm" .TH PKCS10 3pm "2018-11-02" "perl v5.28.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Crypt::OpenSSL::PKCS10 \- Perl extension to OpenSSL's PKCS10 API. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& use Crypt::OpenSSL::PKCS10::PKCS10 qw( :const ); \& \& my $req = Crypt::OpenSSL::PKCS10\->new; \& $req\->set_subject("/C=RO/O=UTI/OU=ssi"); \& $req\->add_ext(Crypt::OpenSSL::PKCS10::NID_key_usage,"critical,digitalSignature,keyEncipherment"); \& $req\->add_ext(Crypt::OpenSSL::PKCS10::NID_ext_key_usage,"serverAuth, nsSGC, msSGC, 1.3.4"); \& $req\->add_ext(Crypt::OpenSSL::PKCS10::NID_subject_alt_name,"email:steve@openssl.org"); \& $req\->add_custom_ext(\*(Aq1.2.3.3\*(Aq,"My new extension"); \& $req\->add_ext_final(); \& $req\->sign(); \& $req\->write_pem_req(\*(Aqrequest.pem\*(Aq); \& $req\->write_pem_pk(\*(Aqpk.pem\*(Aq); \& print $req\->get_pem_pubkey(); \& print $req\->pubkey_type(); \& print $req\->get_pem_req(); .Ve .SH "ABSTRACT" .IX Header "ABSTRACT" .Vb 1 \& Crypt::OpenSSL::PKCS10 \- Perl extension to OpenSSL\*(Aqs PKCS10 API. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Crypt::OpenSSL::PKCS10 provides the ability to create \s-1PKCS10\s0 certificate requests using \s-1RSA\s0 key pairs. .SH "Class Methods" .IX Header "Class Methods" .IP "new" 4 .IX Item "new" Create a new Crypt::OpenSSL::PKCS10 object by generating a new \s-1RSA\s0 key pair. There is one optional argument, the key size, which has the default value of 1024 if omitted. .ie n .IP "new_from_rsa( $rsa_object )" 4 .el .IP "new_from_rsa( \f(CW$rsa_object\fR )" 4 .IX Item "new_from_rsa( $rsa_object )" Create a new Crypt::OpenSSL::PKCS10 object by using key information from a Crypt::OpenSSL::RSA object. Here is an example: .Sp .Vb 2 \& my $rsa = Crypt::OpenSSL::RSA\->generate_key(512); \& my $req = Crypt::OpenSSL::PKCS10\->new_from_rsa($rsa); .Ve .ie n .IP "new_from_file( $filename )" 4 .el .IP "new_from_file( \f(CW$filename\fR )" 4 .IX Item "new_from_file( $filename )" Create a new Crypt::OpenSSL::PKCS10 object by reading the request and key information from a \s-1PEM\s0 formatted file. Here is an example: .Sp .Vb 1 \& my $req = Crypt::OpenSSL::PKCS10\->new_from_file("CSR.csr"); .Ve .SH "Instance Methods" .IX Header "Instance Methods" .ie n .IP "set_subject($subject, [ $utf8 ])" 2 .el .IP "set_subject($subject, [ \f(CW$utf8\fR ])" 2 .IX Item "set_subject($subject, [ $utf8 ])" Sets the subject \s-1DN\s0 of the request. Note: \f(CW$subject\fR is expected to be in the format /type0=value0/type1=value1/type2=... where characters may be escaped by \e. If \f(CW$utf8\fR is non-zero integer, \f(CW$subject\fR is interpreted as \s-1UTF\-8\s0 string. .ie n .IP "add_ext($nid, $extension)" 2 .el .IP "add_ext($nid, \f(CW$extension\fR)" 2 .IX Item "add_ext($nid, $extension)" Adds a new extension to the request. The first argument \f(CW$nid\fR is one of the exported constants (see below). The second one \f(CW$extension\fR is a string (for more info read \f(CWopenssl(3)\fR). .Sp .Vb 3 \& $req\->add_ext(Crypt::OpenSSL::PKCS10::NID_key_usage,"critical,digitalSignature,keyEncipherment"); \& $req\->add_ext(Crypt::OpenSSL::PKCS10::NID_ext_key_usage,"serverAuth, nsSGC, msSGC, 1.3.4"); \& $req\->add_ext(Crypt::OpenSSL::PKCS10::NID_subject_alt_name,"email:steve@openssl.org"); .Ve .ie n .IP "add_custom_ext($oid, $desc)" 2 .el .IP "add_custom_ext($oid, \f(CW$desc\fR)" 2 .IX Item "add_custom_ext($oid, $desc)" Adds a new custom extension to the request. The value is added as a text string, using \s-1ASN.1\s0 encoding rules inherited from the Netscape Comment \s-1OID.\s0 .Sp .Vb 1 \& $req\->add_custom_ext(\*(Aq1.2.3.3\*(Aq,"My new extension"); .Ve .ie n .IP "add_custom_ext_raw($oid, $bytes)" 2 .el .IP "add_custom_ext_raw($oid, \f(CW$bytes\fR)" 2 .IX Item "add_custom_ext_raw($oid, $bytes)" Adds a new custom extension to the request. The value is added as a raw \s-1DER\s0 octet string. Use this if you are packing your own \s-1ASN.1\s0 structures and need to set the extension value directly. .Sp .Vb 1 \& $req\->add_custom_ext_raw($oid, pack(\*(AqH*\*(Aq,\*(Aq1E06006100620063\*(Aq)) # BMPString \*(Aqabc\*(Aq .Ve .IP "\fBadd_ext_final()\fR" 2 .IX Item "add_ext_final()" This must be called after all extensions has been added. It actually copies the extension stack to request structure. .Sp .Vb 2 \& $req\->add_ext(Crypt::OpenSSL::PKCS10::NID_subject_alt_name,"email:my@email.org"); \& $req\->add_ext_final(); .Ve .IP "\fBsign()\fR" 2 .IX Item "sign()" This adds the signature to the \s-1PKCS10\s0 request. .Sp .Vb 1 \& $req\->sign(); .Ve .IP "\fBpubkey_type()\fR" 2 .IX Item "pubkey_type()" Returns the type of the \s-1PKCS10\s0 public key \- one of (rsa|dsa|ec). .Sp .Vb 1 \& $req\->pubkey_type(); .Ve .IP "\fBget_pubkey()\fR" 2 .IX Item "get_pubkey()" Returns the \s-1PEM\s0 encoding of the \s-1PKCS10\s0 public key. .Sp .Vb 1 \& $req\->get_pubkey(); .Ve .IP "\fBget_pem_req()\fR" 2 .IX Item "get_pem_req()" Returns the \s-1PEM\s0 encoding of the \s-1PKCS10\s0 request. .Sp .Vb 1 \& $req\->get_pem_req(); .Ve .IP "write_pem_req($filename)" 2 .IX Item "write_pem_req($filename)" Writes the \s-1PEM\s0 encoding of the \s-1PKCS10\s0 request to a given file. .Sp .Vb 1 \& $req\->write_pem_req(\*(Aqrequest.pem\*(Aq); .Ve .IP "\fBget_pem_pk()\fR" 2 .IX Item "get_pem_pk()" Returns the \s-1PEM\s0 encoding of the private key. .Sp .Vb 1 \& $req\->get_pem_pk(); .Ve .IP "write_pem_pk($filename)" 2 .IX Item "write_pem_pk($filename)" Writes the \s-1PEM\s0 encoding of the private key to a given file. .Sp .Vb 1 \& $req\->write_pem_pk(\*(Aqrequest.pem\*(Aq); .Ve .IP "\fBsubject()\fR" 2 .IX Item "subject()" returns the subject of the \s-1PKCS10\s0 request .Sp .Vb 1 \& $subject = $req\->subject(); .Ve .IP "\fBkeyinfo()\fR" 2 .IX Item "keyinfo()" returns the human readable info about the key of the \s-1PKCS10\s0 request .Sp .Vb 1 \& $keyinfo = $req\->keyinfo(); .Ve .SS "\s-1EXPORT\s0" .IX Subsection "EXPORT" None by default. .PP On request: .PP .Vb 2 \& NID_key_usage NID_subject_alt_name NID_netscape_cert_type NID_netscape_comment \& NID_ext_key_usage .Ve .SH "BUGS" .IX Header "BUGS" If you destroy \f(CW$req\fR object that is linked to a Crypt::OpenSSL::RSA object, the \s-1RSA\s0 private key is also freed, thus you can't use latter object anymore. Avoid this: .PP .Vb 4 \& my $rsa = Crypt::OpenSSL::RSA\->generate_key(512); \& my $req = Crypt::OpenSSL::PKCS10\->new_from_rsa($rsa); \& undef $req; \& print $rsa\->get_private_key_string(); .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\f(CW\*(C`Crypt::OpenSSL::RSA\*(C'\fR, \f(CW\*(C`Crypt::OpenSSL::X509\*(C'\fR. .SH "AUTHOR" .IX Header "AUTHOR" JoNO, .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" Copyright (C) 2006 by JoNO .PP This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.2 or, at your option, any later version of Perl 5 you may have available.