View Source Public_Key Application

The Public Key application deals with public-key related file formats, digital signatures, and X-509 certificates. It handles validation of certificate paths and certificate revocation lists (CRLs) and other functions for handling of certificates, keys and CRLs. It is a library application that does not read or write files, it expects or returns file contents or partial file contents as binaries. Except for the functions public-key:cacerts_load/0, public-key:cacerts_load/1, and public-key:cacerts_get/0 that reads files.

Supported PKIX functionality

  • Supports RFC 5280 - Internet X.509 Public-Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Certificate policies supported since OTP-26.2
  • Supports PKCS-1 - RSA Cryptography Standard
  • Supports DSS - Digital Signature Standard (DSA - Digital Signature Algorithm)
  • Supports PKCS-3 - Diffie-Hellman Key Agreement Standard
  • Supports PKCS-5 - Password-Based Cryptography Standard
  • Supports AES - Use of the Advanced Encryption Standard (AES) Algorithm in Cryptographic Message Syntax (CMS)
  • Supports PKCS-8 - Private-Key Information Syntax Standard
  • Supports PKCS-10 - Certification Request Syntax Standard


The public_key application uses the Crypto application to perform cryptographic operations and the ASN-1 application to handle PKIX-ASN-1 specifications, hence these applications must be loaded for the public_key application to work. In an embedded environment this means they must be started with application:start/[1,2] before the public_key application is started.

Error Logger and Event Handlers

The public_key application is a library application and does not use the error logger. The functions will either succeed or fail with a runtime error.

See Also