Crypt::Perl::PKCS10 - Certificate Signing Request (CSR) creation
my $pkcs10 = Crypt::Perl::PKCS10->new( key => $private_key_obj, subject => [ commonName => 'foo.com', localityName => 'somewhere', #... ], attributes => [ [ 'extensionRequest', [ 'subjectAltName', [ dNSName => 'foo.com' ], [ dNSName => 'bar.com' ], ], ], ], ); my $der = $pkcs10->to_der(); my $pem = $pkcs10->to_pem();
This module is for creation of (PKCS #10) certificate signing requests (CSRs). Right now it supports only a subset of what OpenSSL can create; however, it’s useful enough for use with many certificate authorities, including ACME services like Let’s Encrypt.
It’s also a good deal easier to use!
I believe this is the only CPAN module that can create CSRs for RSA, ECDSA, and Ed25519 keys. Other encryption schemes would not be difficult to integrate—but do any CAs accept them?
After a brief flirtation (cf. v0.13) with producing ECDSA-signed CSRs using explicit curve parameters, this module produces CSRs using named curves. Certificate authorities seem to prefer this format—which makes sense since they only allow certain curves in the first place.
The signature digest algorithm is determined based on the passed-in key: for RSA it’s always SHA-512, and for ECDSA it’s the strongest SHA digest algorithm that the key allows (e.g., SHA-224 for a 239-bit key, etc.)
If you need additional flexibility, let me know.
(Note that Ed25519 signs an entire document rather than a digest.)
Create an instance of this class. Parameters are:
key - An instance of Crypt::Perl::RSA::PrivateKey, Crypt::Perl::ECDSA::PrivateKey, or Crypt::Perl::Ed25519::PrivateKey. If you’ve got a DER- or PEM-encoded key string, use Crypt::Perl::PK (included in this distribution) to create an appropriate object.
key
Crypt::Perl::RSA::PrivateKey
Crypt::Perl::ECDSA::PrivateKey
Crypt::Perl::Ed25519::PrivateKey
subject - An array reference of arguments into Crypt::Perl::X509::Name’s constructor.
subject
attributes - An array reference of arguments into Crypt::Perl::PKCS10::Attributes’s constructor.
attributes
Let me know what features you would find useful, ideally with a representative sample CSR that demonstrates the requested feature. (Or, better yet, send me a pull request!)
Crypt::PKCS10 - Parse CSRs, in pure Perl.
Crypt::OpenSSL::PKCS10 - Create CSRs using OpenSSL via XS. Currently this only seems to support RSA.
To install Crypt::Perl, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Crypt::Perl
CPAN shell
perl -MCPAN -e shell install Crypt::Perl
For more information on module installation, please visit the detailed CPAN module installation guide.