NAME
Crypt::OpenSSL::PKCS12 - Perl extension to OpenSSL's PKCS12 API.
SYNOPSIS
use Crypt::OpenSSL::PKCS12;
my $pass = "your password";
my $pkcs12 = Crypt::OpenSSL::PKCS12->new_from_file('cert.p12');
print $pkcs12->certificate($pass);
print $pkcs12->private_key($pass);
if ($pkcs12->mac_ok($pass)) {
...
# Creating a file
$pkcs12->create('test-cert.pem', 'test-key.pem', $pass, 'out.p12', 'friendly name');
# Creating a string
my $pksc12_data = $pkcs12->create_as_string('test-cert.pem', 'test-key.pem', $pass, 'friendly name');
# Reproducing OpenSSL's info
my $info = $pkcs12->info($pass);
# Accessing OpenSSL's info as a hash
my $info_hash = $pkcs12->info_as_hash($pass);
VERSION
This documentation describes version 1.93 of Crypt::OpenSSL::PKCS12
DESCRIPTION
PKCS12 is a file format for storing cryptography objects as a single file or string. PKCS12 is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.
This distribution implements a subset of OpenSSL's PKCS12 API.
SUBROUTINES/METHODS
new( )
legacy_support ( )
Check whether the openssl version installed supports the legacy provider.
new_from_string(
$string
)new_from_file(
$filename
)Create a new Crypt::OpenSSL::PKCS12 instance.
certificate( [
$pass
] )Get the Base64 representation of the certificate.
ca_certificate( [
$pass
] )Get the Base64 representation of the CA certificate chain.
private_key( [
$pass
] )Get the Base64 representation of the private key.
as_string( [
$pass
] )Get the binary represenation as a string.
mac_ok( [
$pass
] )Verifiy the certificates Message Authentication Code
changepass(
$old
,$new
)Change a certificate's password.
create(
$cert
,$key
,$pass
,$output_file
,$friendly_name
)Create a new PKCS12 certificate. $cert & $key may either be strings or filenames.
$friendly_name
is optional.create_as_string(
$cert
,$key
,$pass
,$friendly_name
)Create a new PKCS12 certificate string. $cert & $key may either be strings or filenames.
$friendly_name
is optional.Returns a string holding the PKCS12 certicate.
info(
$pass
)Returns a string containing the output of information about the pkcs12 file in the same format as produced by the openssl command:
openssl pkcs12 -in certs/test_le_1.1.p12 -info -nodes
info_as_hash(
$pass
)Places the information about the pkcs12 file, the certificates and keys in a hash.
The format of the hash is complex to represent the data in the PKCS12 file:
Essentially, the hash follows the format of the -info output.
1. pkcs7_data and pkcs7_encrypted_data are arrays as more than one of each can exist 2. mac provieds the top level mac parameters for the file 3. safe_contents_bag is an array that contains an array of bags 4. bags is an array of bags 5. a bag is a container for a key or certificate
Each bag has a type and the following are available:
1. key_bag 2. certificate_bag 3. shrouded_keybag 4. secret_bag 5. safe_contents_bag
{ mac { digest "sha1", iteration 2048, length 20, salt_length 20 }, pkcs7_data [ [0] { bags [ [0] { bag_attributes { friendlyName "...", localKeyID "..." (dualvar: 54) }, key "...", key_attributes { "X509v3 Key Usage" 10 }, parameters { iteration 10000, nid_long_name "PBKDF2", nid_short_name "PBKDF2" }, type "shrouded_keybag" } ] }, [1] { safe_contents_bag [ [0] { bags [ [0] { bag_attributes { localKeyID "01" (dualvar: 1) friendlyName "", }, cert "...". issuer "...", subject "...", type "certificate_bag" } ], type "safe_contents_bag" } ] }, [2] { bags [ [0] { bag_attributes { localKeyID "02" (dualvar: 2) }, cert "...", issuer "...", subject "...", type "certificate_bag" } ] }, ], pkcs7_encrypted_data [ [0] { bags [ [0] { bag_attributes { 2.16.840.1.113894.746875.1.1 "<Unsupported tag 6>", friendlyName "..." }, cert "...", issuer "...", subject "...", type "certificate_bag" }, [1] { bag_attributes { friendlyName "...", localKeyID "..." (dualvar: 54) }, cert "...", issuer "...", subject "...", type "certificate_bag" } ], parameters { iteration 10000, nid_long_name "PBKDF2", nid_short_name "PBKDF2" } } ] }
EXPORTS
None by default.
On request:
NOKEYS
NOCERTS
INFO
CLCERTS
CACERTS
DIAGNOSTICS
No diagnostics are documented at this time
CONFIGURATION AND ENVIRONMENT
No special environment or configuration is required.
DEPENDENCIES
This distribution has the following dependencies
An installation of OpenSSL, either version 1.X.X or version 3.X.X
Perl 5.8
SEE ALSO
OpenSSL(1) (HTTP version with OpenSSL.org)
RFC:7292: "PKCS #12: Personal Information Exchange Syntax v1.1"
INCOMPATIBILITIES
Currently the library has been updated to support both OpenSSL 1.X.X and OpenSSL 3.X.X
BUGS AND LIMITATIONS
Please see the GitHub repository for known issues.
AUTHOR
Dan Sully, <daniel@cpan.org>
Current maintainer
jonasbn
CONTRIBUTORS
In alphabetical order, contributors, bug reporters and all
@mmuehlenhoff
@sectokia
@SmartCodeMaker
Alexandr Ciornii, @chorny
Christopher Hoskin, @mans0954
Daisuke Murase, @typester
Darko Prelec, @dprelec
David Steinbrunner, @dsteinbrunner
Giuseppe Di Terlizzi, @giterlizzi
H.Merijn Brand, @tux
Hakim, @osfameron
J. Nick Koston, @bdraco
James Rouzier, @jrouzierinverse
jonasbn. @jonasbn
Kelson, @kelson42
Lance Wicks, @lancew
Leonid Antonenkov
Masayuki Matsuki, @songmu
Mikołaj Zalewski
Shoichi Kaji
Slaven Rezić
Timothy Legge, @timlegge
Todd Rinaldo, @toddr
LICENSE AND COPYRIGHT
Copyright 2004-2024 by Dan Sully
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.