Botan 3.0.0-alpha0
Crypto and TLS for C&
|
Functions | |
secure_vector< uint8_t > | BER_encode (const Private_Key &key) |
std::vector< uint8_t > | BER_encode (const Private_Key &key, RandomNumberGenerator &rng, const std::string &pass, std::chrono::milliseconds msec, const std::string &pbe_algo) |
std::vector< uint8_t > | BER_encode_encrypted_pbkdf_iter (const Private_Key &key, RandomNumberGenerator &rng, const std::string &pass, size_t pbkdf_iterations, const std::string &cipher, const std::string &pbkdf_hash) |
std::vector< uint8_t > | BER_encode_encrypted_pbkdf_msec (const Private_Key &key, RandomNumberGenerator &rng, const std::string &pass, std::chrono::milliseconds pbkdf_msec, size_t *pbkdf_iterations, const std::string &cipher, const std::string &pbkdf_hash) |
std::unique_ptr< Private_Key > | copy_key (const Private_Key &key) |
Private_Key * | copy_key (const Private_Key &key, RandomNumberGenerator &rng) |
std::unique_ptr< Private_Key > | load_key (DataSource &source) |
std::unique_ptr< Private_Key > | load_key (DataSource &source, const std::function< std::string()> &get_pass) |
std::unique_ptr< Private_Key > | load_key (DataSource &source, const std::string &pass) |
Private_Key * | load_key (DataSource &source, RandomNumberGenerator &rng) |
Private_Key * | load_key (DataSource &source, RandomNumberGenerator &rng, const std::string &pass) |
Private_Key * | load_key (DataSource &source, RandomNumberGenerator &rng, std::function< std::string()> get_passphrase) |
std::string | PEM_encode (const Private_Key &key) |
std::string | PEM_encode (const Private_Key &key, RandomNumberGenerator &rng, const std::string &pass, std::chrono::milliseconds msec, const std::string &pbe_algo) |
std::string | PEM_encode_encrypted_pbkdf_iter (const Private_Key &key, RandomNumberGenerator &rng, const std::string &pass, size_t pbkdf_iterations, const std::string &cipher, const std::string &pbkdf_hash) |
std::string | PEM_encode_encrypted_pbkdf_msec (const Private_Key &key, RandomNumberGenerator &rng, const std::string &pass, std::chrono::milliseconds pbkdf_msec, size_t *pbkdf_iterations, const std::string &cipher, const std::string &pbkdf_hash) |
This namespace contains functions for handling PKCS #8 private keys
|
inline |
BER encode a private key
key | the private key to encode |
Definition at line 43 of file pkcs8.h.
References Botan::Private_Key::private_key_info().
std::vector< uint8_t > Botan::PKCS8::BER_encode | ( | const Private_Key & | key, |
RandomNumberGenerator & | rng, | ||
const std::string & | pass, | ||
std::chrono::milliseconds | msec = std::chrono::milliseconds(300) , |
||
const std::string & | pbe_algo = "" |
||
) |
Encrypt a key using PKCS #8 encryption
key | the key to encode |
rng | the rng to use |
pass | the password to use for encryption |
msec | number of milliseconds to run the password derivation |
pbe_algo | the name of the desired password-based encryption algorithm; if empty ("") a reasonable (portable/secure) default will be chosen. |
Definition at line 189 of file pkcs8.cpp.
References Botan::Public_Key::algo_name(), BER_encode(), BOTAN_UNUSED, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::OctetString, Botan::pbes2_encrypt_msec(), and Botan::DER_Encoder::start_sequence().
Referenced by BER_encode(), botan_privkey_export(), Botan::Certificate_Store_In_SQL::insert_key(), and PEM_encode().
std::vector< uint8_t > Botan::PKCS8::BER_encode_encrypted_pbkdf_iter | ( | const Private_Key & | key, |
RandomNumberGenerator & | rng, | ||
const std::string & | pass, | ||
size_t | pbkdf_iter, | ||
const std::string & | cipher = "" , |
||
const std::string & | pbkdf_hash = "" |
||
) |
Encrypt a key using PKCS #8 encryption and a fixed iteration count
key | the key to encode |
rng | the rng to use |
pass | the password to use for encryption |
pbkdf_iter | number of interations to run PBKDF2 |
cipher | if non-empty specifies the cipher to use. CBC and GCM modes are supported, for example "AES-128/CBC", "AES-256/GCM", "Serpent/CBC". If empty a suitable default is chosen. |
pbkdf_hash | if non-empty specifies the PBKDF hash function to use. For example "SHA-256" or "SHA-384". If empty a suitable default is chosen. |
Definition at line 235 of file pkcs8.cpp.
References BOTAN_UNUSED, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::OctetString, Botan::pbes2_encrypt_iter(), Botan::Private_Key::private_key_info(), and Botan::DER_Encoder::start_sequence().
Referenced by botan_privkey_export_encrypted_pbkdf_iter(), and PEM_encode_encrypted_pbkdf_iter().
std::vector< uint8_t > Botan::PKCS8::BER_encode_encrypted_pbkdf_msec | ( | const Private_Key & | key, |
RandomNumberGenerator & | rng, | ||
const std::string & | pass, | ||
std::chrono::milliseconds | pbkdf_msec, | ||
size_t * | pbkdf_iterations, | ||
const std::string & | cipher = "" , |
||
const std::string & | pbkdf_hash = "" |
||
) |
Encrypt a key using PKCS #8 encryption and a variable iteration count
key | the key to encode |
rng | the rng to use |
pass | the password to use for encryption |
pbkdf_msec | how long to run PBKDF2 |
pbkdf_iterations | if non-null, set to the number of iterations used |
cipher | if non-empty specifies the cipher to use. CBC and GCM modes are supported, for example "AES-128/CBC", "AES-256/GCM", "Serpent/CBC". If empty a suitable default is chosen. |
pbkdf_hash | if non-empty specifies the PBKDF hash function to use. For example "SHA-256" or "SHA-384". If empty a suitable default is chosen. |
Definition at line 283 of file pkcs8.cpp.
References BOTAN_UNUSED, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::OctetString, Botan::pbes2_encrypt_msec(), Botan::Private_Key::private_key_info(), and Botan::DER_Encoder::start_sequence().
Referenced by botan_privkey_export_encrypted_pbkdf_msec(), and PEM_encode_encrypted_pbkdf_msec().
|
inline |
Copy an existing encoded key object.
key | the key to copy |
Definition at line 214 of file pkcs8.h.
References load_key().
Referenced by copy_key().
|
inline |
Copy an existing encoded key object.
key | the key to copy |
rng | ignored for compatibility |
Definition at line 324 of file pkcs8.h.
References BOTAN_UNUSED, and copy_key().
std::unique_ptr< Private_Key > Botan::PKCS8::load_key | ( | DataSource & | source | ) |
Load an unencrypted key from a data source.
source | the data source providing the encoded key |
Definition at line 375 of file pkcs8.cpp.
References load_key().
std::unique_ptr< Private_Key > Botan::PKCS8::load_key | ( | DataSource & | source, |
const std::function< std::string()> & | get_passphrase | ||
) |
Load an encrypted key from a data source.
source | the data source providing the encoded key |
get_passphrase | a function that returns passphrases |
Definition at line 355 of file pkcs8.cpp.
References load_key().
Referenced by botan_privkey_load(), copy_key(), Botan::Certificate_Store_In_SQL::find_key(), and load_key().
std::unique_ptr< Private_Key > Botan::PKCS8::load_key | ( | DataSource & | source, |
const std::string & | pass | ||
) |
Load an encrypted key from a data source.
source | the data source providing the encoded key |
pass | the passphrase to decrypt the key |
Definition at line 364 of file pkcs8.cpp.
References load_key().
|
inline |
Load an unencrypted key from a data source.
source | the data source providing the encoded key |
rng | ignored for compatibility |
Definition at line 259 of file pkcs8.h.
References BOTAN_UNUSED, and load_key().
|
inline |
Load an encrypted key from a data source.
source | the data source providing the encoded key |
rng | ignored for compatibility |
pass | the passphrase to decrypt the key |
Definition at line 245 of file pkcs8.h.
References BOTAN_UNUSED, and load_key().
|
inline |
Load an encrypted key from a data source.
source | the data source providing the encoded key |
rng | ignored for compatibility |
get_passphrase | a function that returns passphrases |
Definition at line 230 of file pkcs8.h.
References BOTAN_UNUSED, and load_key().
std::string Botan::PKCS8::PEM_encode | ( | const Private_Key & | key | ) |
Get a string containing a PEM encoded private key.
key | the key to encode |
Definition at line 137 of file pkcs8.cpp.
References Botan::PEM_Code::encode(), and Botan::Private_Key::private_key_info().
Referenced by botan_privkey_export(), and PEM_encode().
std::string Botan::PKCS8::PEM_encode | ( | const Private_Key & | key, |
RandomNumberGenerator & | rng, | ||
const std::string & | pass, | ||
std::chrono::milliseconds | msec = std::chrono::milliseconds(300) , |
||
const std::string & | pbe_algo = "" |
||
) |
Get a string containing a PEM encoded private key, encrypting it with a password.
key | the key to encode |
rng | the rng to use |
pass | the password to use for encryption |
msec | number of milliseconds to run the password derivation |
pbe_algo | the name of the desired password-based encryption algorithm; if empty ("") a reasonable (portable/secure) default will be chosen. |
Definition at line 219 of file pkcs8.cpp.
References BER_encode(), Botan::PEM_Code::encode(), and PEM_encode().
std::string Botan::PKCS8::PEM_encode_encrypted_pbkdf_iter | ( | const Private_Key & | key, |
RandomNumberGenerator & | rng, | ||
const std::string & | pass, | ||
size_t | pbkdf_iter, | ||
const std::string & | cipher = "" , |
||
const std::string & | pbkdf_hash = "" |
||
) |
Get a string containing a PEM encoded private key, encrypting it with a password.
key | the key to encode |
rng | the rng to use |
pass | the password to use for encryption |
pbkdf_iter | number of iterations to run PBKDF |
cipher | if non-empty specifies the cipher to use. CBC and GCM modes are supported, for example "AES-128/CBC", "AES-256/GCM", "Serpent/CBC". If empty a suitable default is chosen. |
pbkdf_hash | if non-empty specifies the PBKDF hash function to use. For example "SHA-256" or "SHA-384". If empty a suitable default is chosen. |
Definition at line 268 of file pkcs8.cpp.
References BER_encode_encrypted_pbkdf_iter(), and Botan::PEM_Code::encode().
Referenced by botan_privkey_export_encrypted_pbkdf_iter().
std::string Botan::PKCS8::PEM_encode_encrypted_pbkdf_msec | ( | const Private_Key & | key, |
RandomNumberGenerator & | rng, | ||
const std::string & | pass, | ||
std::chrono::milliseconds | pbkdf_msec, | ||
size_t * | pbkdf_iterations, | ||
const std::string & | cipher = "" , |
||
const std::string & | pbkdf_hash = "" |
||
) |
Get a string containing a PEM encoded private key, encrypting it with a password.
key | the key to encode |
rng | the rng to use |
pass | the password to use for encryption |
pbkdf_msec | how long in milliseconds to run PBKDF2 |
pbkdf_iterations | (output argument) number of iterations of PBKDF that ended up being used |
cipher | if non-empty specifies the cipher to use. CBC and GCM modes are supported, for example "AES-128/CBC", "AES-256/GCM", "Serpent/CBC". If empty a suitable default is chosen. |
pbkdf_hash | if non-empty specifies the PBKDF hash function to use. For example "SHA-256" or "SHA-384". If empty a suitable default is chosen. |
Definition at line 316 of file pkcs8.cpp.
References BER_encode_encrypted_pbkdf_msec(), and Botan::PEM_Code::encode().
Referenced by botan_privkey_export_encrypted_pbkdf_msec().