Botan  1.10.9
Functions
Botan::X509 Namespace Reference

Functions

MemoryVector< byteBER_encode (const Public_Key &key)
 
Public_Keycopy_key (const Public_Key &key)
 
PKCS10_Request create_cert_req (const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
 
X509_Certificate create_self_signed_cert (const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
 
void encode (const Public_Key &key, Pipe &pipe, X509_Encoding encoding=PEM)
 
Key_Constraints find_constraints (const Public_Key &pub_key, Key_Constraints limits)
 
Public_Keyload_key (DataSource &source)
 
Public_Keyload_key (const std::string &fsname)
 
Public_Keyload_key (const MemoryRegion< byte > &mem)
 
std::string PEM_encode (const Public_Key &key)
 

Detailed Description

This namespace contains functions for handling X.509 public keys

Function Documentation

BOTAN_DLL MemoryVector< byte > Botan::X509::BER_encode ( const Public_Key key)

BER encode a key

Parameters
keythe public key to encode
Returns
BER encoding of this key

Definition at line 21 of file x509_key.cpp.

References Botan::Public_Key::algorithm_identifier(), Botan::BIT_STRING, Botan::DER_Encoder::encode(), encode(), Botan::SEQUENCE, Botan::DER_Encoder::start_cons(), and Botan::Public_Key::x509_subject_public_key().

Referenced by create_cert_req(), create_self_signed_cert(), encode(), and PEM_encode().

22  {
23  return DER_Encoder()
24  .start_cons(SEQUENCE)
25  .encode(key.algorithm_identifier())
26  .encode(key.x509_subject_public_key(), BIT_STRING)
27  .end_cons()
28  .get_contents();
29  }
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:19
BOTAN_DLL Public_Key * Botan::X509::copy_key ( const Public_Key key)

Copy a key.

Parameters
keythe public key to copy
Returns
new public key object

Definition at line 104 of file x509_key.cpp.

References load_key(), and PEM_encode().

105  {
106  DataSource_Memory source(PEM_encode(key));
107  return X509::load_key(source);
108  }
Public_Key * load_key(const MemoryRegion< byte > &mem)
Definition: x509_key.cpp:95
std::string PEM_encode(const Public_Key &key)
Definition: x509_key.cpp:34
BOTAN_DLL PKCS10_Request Botan::X509::create_cert_req ( const X509_Cert_Options opts,
const Private_Key key,
const std::string &  hash_fn,
RandomNumberGenerator rng 
)

Create a PKCS#10 certificate request.

Parameters
optsthe options defining the request to create
keythe key used to sign this request
rngthe rng to use
hash_fnthe hash function to use
Returns
newly created PKCS#10 request

Definition at line 91 of file x509self.cpp.

References Botan::Extensions::add(), BER_encode(), Botan::X509_Cert_Options::challenge, Botan::choose_sig_format(), Botan::X509_Cert_Options::constraints, Botan::CRL_SIGN, Botan::DIRECTORY_STRING, Botan::DER_Encoder::encode(), encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::end_explicit(), Botan::X509_Cert_Options::ex_constraints, find_constraints(), Botan::DER_Encoder::get_contents(), Botan::X509_Cert_Options::is_CA, Botan::KEY_CERT_SIGN, Botan::X509_Object::make_signed(), Botan::X509_Cert_Options::path_limit, Botan::DER_Encoder::raw_bytes(), rng, Botan::X509_Cert_Options::sanity_check(), Botan::SEQUENCE, Botan::DER_Encoder::start_cons(), and Botan::DER_Encoder::start_explicit().

95  {
96  AlgorithmIdentifier sig_algo;
97  X509_DN subject_dn;
98  AlternativeName subject_alt;
99 
100  opts.sanity_check();
101 
102  MemoryVector<byte> pub_key = X509::BER_encode(key);
103  std::auto_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
104  load_info(opts, subject_dn, subject_alt);
105 
106  const size_t PKCS10_VERSION = 0;
107 
108  Extensions extensions;
109 
110  extensions.add(
111  new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit));
112  extensions.add(
113  new Cert_Extension::Key_Usage(
114  opts.is_CA ? Key_Constraints(KEY_CERT_SIGN | CRL_SIGN) :
115  find_constraints(key, opts.constraints)
116  )
117  );
118  extensions.add(
119  new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
120  extensions.add(
121  new Cert_Extension::Subject_Alternative_Name(subject_alt));
122 
123  DER_Encoder tbs_req;
124 
125  tbs_req.start_cons(SEQUENCE)
126  .encode(PKCS10_VERSION)
127  .encode(subject_dn)
128  .raw_bytes(pub_key)
129  .start_explicit(0);
130 
131  if(opts.challenge != "")
132  {
133  ASN1_String challenge(opts.challenge, DIRECTORY_STRING);
134 
135  tbs_req.encode(
136  Attribute("PKCS9.ChallengePassword",
137  DER_Encoder().encode(challenge).get_contents()
138  )
139  );
140  }
141 
142  tbs_req.encode(
143  Attribute("PKCS9.ExtensionRequest",
144  DER_Encoder()
145  .start_cons(SEQUENCE)
146  .encode(extensions)
147  .end_cons()
148  .get_contents()
149  )
150  )
151  .end_explicit()
152  .end_cons();
153 
154  DataSource_Memory source(
155  X509_Object::make_signed(signer.get(),
156  rng,
157  sig_algo,
158  tbs_req.get_contents())
159  );
160 
161  return PKCS10_Request(source);
162  }
SecureVector< byte > BER_encode(const Private_Key &key)
Definition: pkcs8.cpp:134
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
Key_Constraints find_constraints(const Public_Key &pub_key, Key_Constraints limits)
Definition: x509_key.cpp:113
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:19
Key_Constraints
Definition: pubkey_enums.h:18
PK_Signer * choose_sig_format(const Private_Key &key, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:218
BOTAN_DLL X509_Certificate Botan::X509::create_self_signed_cert ( const X509_Cert_Options opts,
const Private_Key key,
const std::string &  hash_fn,
RandomNumberGenerator rng 
)

Create a self-signed X.509 certificate.

Parameters
optsthe options defining the certificate to create
keythe private key used for signing, i.e. the key associated with this self-signed certificate
hash_fnthe hash function to use
rngthe rng to use
Returns
newly created self-signed certificate

Definition at line 45 of file x509self.cpp.

References Botan::Extensions::add(), BER_encode(), Botan::choose_sig_format(), Botan::X509_Cert_Options::constraints, Botan::CRL_SIGN, Botan::X509_Cert_Options::end, Botan::X509_Cert_Options::ex_constraints, find_constraints(), Botan::X509_Cert_Options::is_CA, Botan::KEY_CERT_SIGN, Botan::X509_CA::make_cert(), Botan::X509_Cert_Options::path_limit, rng, Botan::X509_Cert_Options::sanity_check(), and Botan::X509_Cert_Options::start.

49  {
50  AlgorithmIdentifier sig_algo;
51  X509_DN subject_dn;
52  AlternativeName subject_alt;
53 
54  opts.sanity_check();
55 
56  MemoryVector<byte> pub_key = X509::BER_encode(key);
57  std::auto_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
58  load_info(opts, subject_dn, subject_alt);
59 
60  Key_Constraints constraints;
61  if(opts.is_CA)
62  constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
63  else
64  constraints = find_constraints(key, opts.constraints);
65 
66  Extensions extensions;
67 
68  extensions.add(
69  new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit),
70  true);
71 
72  extensions.add(new Cert_Extension::Key_Usage(constraints), true);
73 
74  extensions.add(new Cert_Extension::Subject_Key_ID(pub_key));
75 
76  extensions.add(
77  new Cert_Extension::Subject_Alternative_Name(subject_alt));
78 
79  extensions.add(
80  new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
81 
82  return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key,
83  opts.start, opts.end,
84  subject_dn, subject_dn,
85  extensions);
86  }
SecureVector< byte > BER_encode(const Private_Key &key)
Definition: pkcs8.cpp:134
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
Key_Constraints find_constraints(const Public_Key &pub_key, Key_Constraints limits)
Definition: x509_key.cpp:113
Key_Constraints
Definition: pubkey_enums.h:18
PK_Signer * choose_sig_format(const Private_Key &key, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:218
void Botan::X509::encode ( const Public_Key key,
Pipe pipe,
X509_Encoding  encoding = PEM 
)
inline

Encode a key into a pipe.

Deprecated:
Use PEM_encode or BER_encode instead
Parameters
keythe public key to encode
pipethe pipe to feed the encoded key into
encodingthe encoding type to use

Definition at line 87 of file x509_key.h.

References BER_encode(), and PEM_encode().

Referenced by BER_encode(), and create_cert_req().

90  {
91  if(encoding == PEM)
92  pipe.write(X509::PEM_encode(key));
93  else
94  pipe.write(X509::BER_encode(key));
95  }
SecureVector< byte > BER_encode(const Private_Key &key)
Definition: pkcs8.cpp:134
std::string PEM_encode(const Private_Key &key)
Definition: pkcs8.cpp:150
BOTAN_DLL Key_Constraints Botan::X509::find_constraints ( const Public_Key pub_key,
Key_Constraints  limits 
)

Create the key constraints for a specific public key.

Parameters
pub_keythe public key from which the basic set of constraints to be placed in the return value is derived
limitsadditional limits that will be incorporated into the return value
Returns
combination of key type specific constraints and additional limits

Definition at line 113 of file x509_key.cpp.

References Botan::Public_Key::algo_name(), Botan::DATA_ENCIPHERMENT, Botan::DIGITAL_SIGNATURE, Botan::KEY_AGREEMENT, Botan::KEY_ENCIPHERMENT, and Botan::NON_REPUDIATION.

Referenced by create_cert_req(), create_self_signed_cert(), and Botan::X509_CA::sign_request().

115  {
116  const std::string name = pub_key.algo_name();
117 
118  size_t constraints = 0;
119 
120  if(name == "DH" || name == "ECDH")
121  constraints |= KEY_AGREEMENT;
122 
123  if(name == "RSA" || name == "ElGamal")
124  constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT;
125 
126  if(name == "RSA" || name == "RW" || name == "NR" ||
127  name == "DSA" || name == "ECDSA")
128  constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION;
129 
130  if(limits)
131  constraints &= limits;
132 
133  return Key_Constraints(constraints);
134  }
Key_Constraints
Definition: pubkey_enums.h:18
BOTAN_DLL Public_Key * Botan::X509::load_key ( DataSource source)

Create a public key from a data source.

Parameters
sourcethe source providing the DER or PEM encoded key
Returns
new public key object

Definition at line 43 of file x509_key.cpp.

References Botan::BIT_STRING, Botan::BER_Decoder::decode(), Botan::PEM_Code::decode_check_label(), Botan::MemoryRegion< T >::empty(), Botan::BER_Decoder::end_cons(), Botan::make_public_key(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), Botan::SEQUENCE, Botan::BER_Decoder::start_cons(), and Botan::BER_Decoder::verify_end().

Referenced by copy_key(), load_key(), Botan::PKCS10_Request::subject_public_key(), and Botan::X509_Certificate::subject_public_key().

44  {
45  try {
46  AlgorithmIdentifier alg_id;
47  MemoryVector<byte> key_bits;
48 
49  if(ASN1::maybe_BER(source) && !PEM_Code::matches(source))
50  {
51  BER_Decoder(source)
52  .start_cons(SEQUENCE)
53  .decode(alg_id)
54  .decode(key_bits, BIT_STRING)
55  .verify_end()
56  .end_cons();
57  }
58  else
59  {
60  DataSource_Memory ber(
61  PEM_Code::decode_check_label(source, "PUBLIC KEY")
62  );
63 
64  BER_Decoder(ber)
65  .start_cons(SEQUENCE)
66  .decode(alg_id)
67  .decode(key_bits, BIT_STRING)
68  .verify_end()
69  .end_cons();
70  }
71 
72  if(key_bits.empty())
73  throw Decoding_Error("X.509 public key decoding failed");
74 
75  return make_public_key(alg_id, key_bits);
76  }
77  catch(Decoding_Error)
78  {
79  throw Decoding_Error("X.509 public key decoding failed");
80  }
81  }
bool maybe_BER(DataSource &source)
Definition: asn1_int.cpp:55
bool matches(DataSource &source, const std::string &extra, size_t search_range)
Definition: pem.cpp:116
SecureVector< byte > decode_check_label(DataSource &source, const std::string &label_want)
Definition: pem.cpp:42
Public_Key * make_public_key(const AlgorithmIdentifier &alg_id, const MemoryRegion< byte > &key_bits)
Definition: pk_algs.cpp:49
BOTAN_DLL Public_Key * Botan::X509::load_key ( const std::string &  filename)

Create a public key from a file

Parameters
filenamepathname to the file to load
Returns
new public key object

Definition at line 86 of file x509_key.cpp.

References load_key().

87  {
88  DataSource_Stream source(fsname, true);
89  return X509::load_key(source);
90  }
Public_Key * load_key(const MemoryRegion< byte > &mem)
Definition: x509_key.cpp:95
BOTAN_DLL Public_Key * Botan::X509::load_key ( const MemoryRegion< byte > &  enc)

Create a public key from a memory region.

Parameters
encthe memory region containing the DER or PEM encoded key
Returns
new public key object

Definition at line 95 of file x509_key.cpp.

References load_key().

96  {
97  DataSource_Memory source(mem);
98  return X509::load_key(source);
99  }
Public_Key * load_key(const MemoryRegion< byte > &mem)
Definition: x509_key.cpp:95
BOTAN_DLL std::string Botan::X509::PEM_encode ( const Public_Key key)

PEM encode a public key into a string.

Parameters
keythe key to encode
Returns
PEM encoded key

Definition at line 34 of file x509_key.cpp.

References BER_encode(), and Botan::PEM_Code::encode().

Referenced by copy_key(), encode(), and Botan::X509_Certificate::to_string().

35  {
37  "PUBLIC KEY");
38  }
MemoryVector< byte > BER_encode(const Public_Key &key)
Definition: x509_key.cpp:21
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:19