NAME

Crypt::OpenSSL::PKCS12 - Perl extension to OpenSSL's PKCS12 API.

SYNOPSIS

my $pass = "your password";
my $pkcs12 = Crypt::OpenSSL::PKCS12->new_from_file('cert.p12');
print $pkcs12->certificate($pass);
print $pkcs12->private_key($pass);
if ($pkcs12->mac_ok($pass)) {
...
# Creating a file
$pkcs12->create('test-cert.pem', 'test-key.pem', $pass, 'out.p12', 'friendly name');
# Creating a string
my $pksc12_data = $pkcs12->create_as_string('test-cert.pem', 'test-key.pem', $pass, 'friendly name');
# Reproducing OpenSSL's info
my $info = $pkcs12->info($pass);
# Accessing OpenSSL's info as a hash
my $info_hash = $pkcs12->info_as_hash($pass);

VERSION

This documentation describes version 1.94 of Crypt::OpenSSL::PKCS12

DESCRIPTION

PKCS12 is a file format for storing cryptography objects as a single file or string. PKCS12 is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.

This distribution implements a subset of OpenSSL's PKCS12 API.

SUBROUTINES/METHODS

  • new( )

  • legacy_support ( )

    Check whether the openssl version installed supports the legacy provider.

  • new_from_string( $string )

  • new_from_file( $filename )

    Create a new Crypt::OpenSSL::PKCS12 instance.

  • certificate( [$pass] )

    Get the Base64 representation of the certificate.

  • ca_certificate( [$pass] )

    Get the Base64 representation of the CA certificate chain.

  • private_key( [$pass] )

    Get the Base64 representation of the private key.

  • as_string( [$pass] )

    Get the binary represenation as a string.

  • mac_ok( [$pass] )

    Verifiy the certificates Message Authentication Code

  • changepass( $old, $new )

    Change a certificate's password.

  • create( $cert, $key, $pass, $output_file, $friendly_name )

    Create a new PKCS12 certificate. $cert & $key may either be strings or filenames.

    $friendly_name is optional.

  • create_as_string( $cert, $key, $pass, $friendly_name )

    Create a new PKCS12 certificate string. $cert & $key may either be strings or filenames.

    $friendly_name is optional.

    Returns a string holding the PKCS12 certicate.

  • info( $pass )

    Returns a string containing the output of information about the pkcs12 file in the same format as produced by the openssl command:

    openssl pkcs12 -in certs/test_le_1.1.p12 -info -nodes
  • info_as_hash( $pass )

    Places the information about the pkcs12 file, the certificates and keys in a hash.

    The format of the hash is complex to represent the data in the PKCS12 file:

    Essentially, the hash follows the format of the -info output.

    1. pkcs7_data and pkcs7_encrypted_data are arrays as more than one of each can exist 2. mac provieds the top level mac parameters for the file 3. safe_contents_bag is an array that contains an array of bags 4. bags is an array of bags 5. a bag is a container for a key or certificate

    Each bag has a type and the following are available:

    1. key_bag 2. certificate_bag 3. shrouded_keybag 4. secret_bag 5. safe_contents_bag

    { mac { digest "sha1", iteration 2048, length 20, salt_length 20 }, pkcs7_data [ [0] { bags [ [0] { bag_attributes { friendlyName "...", localKeyID "..." (dualvar: 54) }, key "...", key_attributes { "X509v3 Key Usage" 10 }, parameters { iteration 10000, nid_long_name "PBKDF2", nid_short_name "PBKDF2" }, type "shrouded_keybag" } ] }, [1] { safe_contents_bag [ [0] { bags [ [0] { bag_attributes { localKeyID "01" (dualvar: 1) friendlyName "", }, cert "...". issuer "...", subject "...", type "certificate_bag" } ], type "safe_contents_bag" } ] }, [2] { bags [ [0] { bag_attributes { localKeyID "02" (dualvar: 2) }, cert "...", issuer "...", subject "...", type "certificate_bag" } ] }, ], pkcs7_encrypted_data [ [0] { bags [ [0] { bag_attributes { 2.16.840.1.113894.746875.1.1 "<Unsupported tag 6>", friendlyName "..." }, cert "...", issuer "...", subject "...", type "certificate_bag" }, [1] { bag_attributes { friendlyName "...", localKeyID "..." (dualvar: 54) }, cert "...", issuer "...", subject "...", type "certificate_bag" } ], parameters { iteration 10000, nid_long_name "PBKDF2", nid_short_name "PBKDF2" } } ] }

EXPORTS

None by default.

On request:

  • NOKEYS

  • NOCERTS

  • INFO

  • CLCERTS

  • CACERTS

DIAGNOSTICS

No diagnostics are documented at this time

CONFIGURATION AND ENVIRONMENT

No special environment or configuration is required.

DEPENDENCIES

This distribution has the following dependencies

  • An installation of OpenSSL, either version 1.X.X or version 3.X.X

  • Perl 5.8

SEE ALSO

INCOMPATIBILITIES

Currently the library has been updated to support both OpenSSL 1.X.X and OpenSSL 3.X.X

BUGS AND LIMITATIONS

Please see the GitHub repository for known issues.

AUTHOR

  • Dan Sully, <daniel@cpan.org>

Current maintainer

  • jonasbn

CONTRIBUTORS

In alphabetical order, contributors, bug reporters and all

  • @mmuehlenhoff

  • @sectokia

  • @SmartCodeMaker

  • Alexandr Ciornii, @chorny

  • Christopher Hoskin, @mans0954

  • Daisuke Murase, @typester

  • Darko Prelec, @dprelec

  • David Steinbrunner, @dsteinbrunner

  • Gianni Ceccarelli, @dakkar

  • Giuseppe Di Terlizzi, @giterlizzi

  • H.Merijn Brand, @tux

  • Hakim, @osfameron

  • J. Nick Koston, @bdraco

  • James Rouzier, @jrouzierinverse

  • jonasbn. @jonasbn

  • Kelson, @kelson42

  • Lance Wicks, @lancew

  • Leonid Antonenkov

  • Masayuki Matsuki, @songmu

  • Mikołaj Zalewski

  • Shoichi Kaji

  • Slaven Rezić

  • Timothy Legge, @timlegge

  • Todd Rinaldo, @toddr

LICENSE AND COPYRIGHT

Copyright 2004-2024 by Dan Sully

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.