Public_Key Application
View SourceThe Public Key application deals with public-key related file formats,
digital signatures, and X-509
certificates. It handles
validation of certificate paths and certificate revocation lists
(CRLs) and other functions for handling of certificates, keys and
CRLs. It is a library application that does not read or write files,
it expects or returns file contents or partial file contents as
binaries. Except for the functions public-key:cacerts_load/0,
public-key:cacerts_load/1, and public-key:cacerts_get/0
that reads files.
Supported PKIX functionality
- Supports RFC 5280 - Internet X.509 Public-Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Certificate policies supported since OTP-26.2
- Supports PKCS-1 - RSA Cryptography Standard
- Supports DSS - Digital Signature Standard (DSA - Digital Signature Algorithm)
- Supports PKCS-3 - Diffie-Hellman Key Agreement Standard
- Supports Cryptographic Message Syntax (CMS) (http://www.ietf.org/rfc/rfc5652.txt) including Password-Based Encryption with original PKCS-5 support, but currently excluding offical support for most of section 10-12 (if proven useful, especially Attribute Certificates v2, it might be added later).
- Supports PKCS-8 - Private-Key Information Syntax Standard
- Supports PKCS-10 - Certification Request Syntax Standard
Dependencies
The public_key application uses the Crypto application to perform
cryptographic operations and the ASN-1 application to handle PKIX-ASN-1
specifications, hence these applications must be loaded for the public_key
application to work. In an embedded environment this means they must be started
with application:start/[1,2] before the public_key application is started.
Error Logger and Event Handlers
The public_key application is a library application and does not use the error
logger. The functions will either succeed or fail with a runtime error.