Provides functions to handle public-key infrastructure.

Provides encode/decode of different file formats (PEM, OpenSSH), digital signature and verification functions, validation of certificate paths and certificate revocation lists (CRLs) and other functions for handling of certificates, keys and CRLs.

  • Supports RFC 5280 - Internet X.509 Public-Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Certificate policies are currently not supported.
  • Supports PKCS-1 - RSA Cryptography Standard
  • Supports DSS - Digital Signature Standard (DSA - Digital Signature Algorithm)
  • Supports PKCS-3 - Diffie-Hellman Key Agreement Standard
  • Supports PKCS-5 - Password-Based Cryptography Standard
  • Supports AES - Use of the Advanced Encryption Standard (AES) Algorithm in Cryptographic Message Syntax (CMS)
  • Supports PKCS-8 - Private-Key Information Syntax Standard
  • Supports PKCS-10 - Certification Request Syntax Standard

The public_key application uses the Crypto application to perform cryptographic operations and the ASN-1 application to handle PKIX-ASN-1 specifications, hence these applications must be loaded for the public_key application to work. In an embedded environment this means they must be started with application:start/[1,2] before the public_key application is started.

The public_key application is a library application and does not use the error logger. The functions will either succeed or fail with a runtime error.