NAME¶

Crypt::OpenSSL::PKCS12 - Perl extension to OpenSSL's PKCS12 API.

SYNOPSIS¶

  use Crypt::OpenSSL::PKCS12;
  my $pass   = "your password";
  my $pkcs12 = Crypt::OpenSSL::PKCS12->new_from_file('cert.p12');
  print $pkcs12->certificate($pass);
  print $pkcs12->private_key($pass);
  if ($pkcs12->mac_ok($pass)) {
  ...
  # Creating a file
  $pkcs12->create('test-cert.pem', 'test-key.pem', $pass, 'out.p12', 'friendly name');
  # Creating a string
  my $pksc12_data = $pkcs12->create_as_string('test-cert.pem', 'test-key.pem', $pass, 'friendly name');
  # Reproducing OpenSSL's info
  my $info = $pkcs12->info($pass);
  # Accessing OpenSSL's info as a hash
  my $info_hash = $pkcs12->info_as_hash($pass);

VERSION¶

This documentation describes version 1.94 of Crypt::OpenSSL::PKCS12

DESCRIPTION¶

PKCS12 is a file format for storing cryptography objects as a single file or string. PKCS12 is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.

This distribution implements a subset of OpenSSL's PKCS12 API.

SUBROUTINES/METHODS¶

new( )
legacy_support ( )
Check whether the openssl version installed supports the legacy provider.
new_from_string( $string )
new_from_file( $filename )
Create a new Crypt::OpenSSL::PKCS12 instance.
certificate( [$pass] )
Get the Base64 representation of the certificate.
ca_certificate( [$pass] )
Get the Base64 representation of the CA certificate chain.
private_key( [$pass] )
Get the Base64 representation of the private key.
as_string( [$pass] )
Get the binary represenation as a string.
mac_ok( [$pass] )
Verifiy the certificates Message Authentication Code
changepass( $old, $new )
Change a certificate's password.
create( $cert, $key, $pass, $output_file, $friendly_name )
Create a new PKCS12 certificate. $cert & $key may either be strings or filenames.

$friendly_name is optional.
create_as_string( $cert, $key, $pass, $friendly_name )
Create a new PKCS12 certificate string. $cert & $key may either be strings or filenames.

$friendly_name is optional.

Returns a string holding the PKCS12 certicate.
info( $pass )
Returns a string containing the output of information about the pkcs12 file in the same format as produced by the openssl command:
```
    openssl pkcs12 -in certs/test_le_1.1.p12 -info -nodes
    
```
info_as_hash( $pass )
Places the information about the pkcs12 file, the certificates and keys in a hash.

The format of the hash is complex to represent the data in the PKCS12 file:

Essentially, the hash follows the format of the -info output.

1. pkcs7_data and pkcs7_encrypted_data are arrays as more than one of each can exist 2. mac provieds the top level mac parameters for the file 3. safe_contents_bag is an array that contains an array of bags 4. bags is an array of bags 5. a bag is a container for a key or certificate

Each bag has a type and the following are available:

1. key_bag 2. certificate_bag 3. shrouded_keybag 4. secret_bag 5. safe_contents_bag

{
mac {
digest "sha1",
iteration 2048,
length 20,
salt_length 20
},
pkcs7_data [
[0] {
bags [
[0] {
bag_attributes {
friendlyName "...",
localKeyID "..." (dualvar: 54)
},
key "...",
key_attributes {
"X509v3 Key Usage" 10
},
parameters {
iteration 10000,
nid_long_name "PBKDF2",
nid_short_name "PBKDF2"
},
type "shrouded_keybag"
}
]
},
[1] {
safe_contents_bag [
[0] {
bags [
[0] {
bag_attributes {
localKeyID "01" (dualvar: 1)
friendlyName "",
},
cert "...".
issuer "...",
subject "...",
type "certificate_bag"
}
],
type "safe_contents_bag"
}
]
},
[2] {
bags [
[0] {
bag_attributes {
localKeyID "02" (dualvar: 2)
},
cert "...",
issuer "...",
subject "...",
type "certificate_bag"
}
]
},
],
pkcs7_encrypted_data [
[0] {
bags [
[0] {
bag_attributes {
2.16.840.1.113894.746875.1.1 "<Unsupported tag 6>",
friendlyName "..."
},
cert "...",
issuer "...",
subject "...",
type "certificate_bag"
},
[1] {
bag_attributes {
friendlyName "...",
localKeyID "..." (dualvar: 54)
},
cert "...",
issuer "...",
subject "...",
type "certificate_bag"
}
],
parameters {
iteration 10000,
nid_long_name "PBKDF2",
nid_short_name "PBKDF2"
}
}
] }

EXPORTS¶

None by default.

On request:

"NOKEYS"
"NOCERTS"
"INFO"
"CLCERTS"
"CACERTS"

DIAGNOSTICS¶

No diagnostics are documented at this time

CONFIGURATION AND ENVIRONMENT¶

No special environment or configuration is required.

DEPENDENCIES¶

This distribution has the following dependencies

An installation of OpenSSL, either version 1.X.X or version 3.X.X
Perl 5.8

INCOMPATIBILITIES¶

Currently the library has been updated to support both OpenSSL 1.X.X and OpenSSL 3.X.X

BUGS AND LIMITATIONS¶

Please see the GitHub repository <https://github.com/dsully/perl-crypt-openssl-pkcs12/issues> for known issues.

AUTHOR¶

•: Dan Sully, <daniel@cpan.org>

Current maintainer

•: jonasbn

CONTRIBUTORS¶

In alphabetical order, contributors, bug reporters and all

@mmuehlenhoff
@sectokia
@SmartCodeMaker
Alexandr Ciornii, @chorny
Christopher Hoskin, @mans0954
Daisuke Murase, @typester
Darko Prelec, @dprelec
David Steinbrunner, @dsteinbrunner
Gianni Ceccarelli, @dakkar
Giuseppe Di Terlizzi, @giterlizzi
H.Merijn Brand, @tux
Hakim, @osfameron
J. Nick Koston, @bdraco
James Rouzier, @jrouzierinverse
jonasbn. @jonasbn
Kelson, @kelson42
Lance Wicks, @lancew
Leonid Antonenkov
Masayuki Matsuki, @songmu
Mikołaj Zalewski
Shoichi Kaji
Slaven Rezić
Timothy Legge, @timlegge
Todd Rinaldo, @toddr

LICENSE AND COPYRIGHT¶

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.

Source file:	Crypt::OpenSSL::PKCS12.3pm.en.gz (from libcrypt-openssl-pkcs12-perl 1.94-1)
Source last updated:	2024-10-05T17:14:53Z
Converted to HTML:	2024-10-21T18:21:37Z