Botan 3.5.0
Crypto and TLS for C&
|
Functions | |
secure_vector< uint8_t > | BER_encode (const Private_Key &key) |
std::vector< uint8_t > | BER_encode (const Private_Key &key, RandomNumberGenerator &rng, std::string_view pass, std::chrono::milliseconds msec, std::string_view pbe_algo) |
std::vector< uint8_t > | BER_encode_encrypted_pbkdf_iter (const Private_Key &key, RandomNumberGenerator &rng, std::string_view pass, size_t pbkdf_iterations, std::string_view cipher, std::string_view pbkdf_hash) |
std::vector< uint8_t > | BER_encode_encrypted_pbkdf_msec (const Private_Key &key, RandomNumberGenerator &rng, std::string_view pass, std::chrono::milliseconds pbkdf_msec, size_t *pbkdf_iterations, std::string_view cipher, std::string_view pbkdf_hash) |
std::unique_ptr< Private_Key > | copy_key (const Private_Key &key) |
std::unique_ptr< Private_Key > | load_key (DataSource &source) |
std::unique_ptr< Private_Key > | load_key (DataSource &source, const std::function< std::string()> &get_pass) |
std::unique_ptr< Private_Key > | load_key (DataSource &source, std::string_view pass) |
std::unique_ptr< Private_Key > | load_key (std::span< const uint8_t > source) |
std::unique_ptr< Private_Key > | load_key (std::span< const uint8_t > source, const std::function< std::string()> &get_passphrase) |
std::unique_ptr< Private_Key > | load_key (std::span< const uint8_t > source, std::string_view pass) |
std::string | PEM_encode (const Private_Key &key) |
std::string | PEM_encode (const Private_Key &key, RandomNumberGenerator &rng, std::string_view pass, std::chrono::milliseconds msec, std::string_view pbe_algo) |
std::string | PEM_encode_encrypted_pbkdf_iter (const Private_Key &key, RandomNumberGenerator &rng, std::string_view pass, size_t pbkdf_iterations, std::string_view cipher, std::string_view pbkdf_hash) |
std::string | PEM_encode_encrypted_pbkdf_msec (const Private_Key &key, RandomNumberGenerator &rng, std::string_view pass, std::chrono::milliseconds pbkdf_msec, size_t *pbkdf_iterations, std::string_view cipher, std::string_view pbkdf_hash) |
This namespace contains functions for handling PKCS #8 private keys
|
inline |
BER encode a private key
key | the private key to encode |
Definition at line 43 of file pkcs8.h.
References Botan::Private_Key::private_key_info().
std::vector< uint8_t > Botan::PKCS8::BER_encode | ( | const Private_Key & | key, |
RandomNumberGenerator & | rng, | ||
std::string_view | pass, | ||
std::chrono::milliseconds | msec = std::chrono::milliseconds(300), | ||
std::string_view | pbe_algo = "" ) |
Encrypt a key using PKCS #8 encryption
key | the key to encode |
rng | the rng to use |
pass | the password to use for encryption |
msec | number of milliseconds to run the password derivation |
pbe_algo | the name of the desired password-based encryption algorithm; if empty ("") a reasonable (portable/secure) default will be chosen. |
Definition at line 163 of file pkcs8.cpp.
References Botan::Asymmetric_Key::algo_name(), BER_encode(), BOTAN_UNUSED, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::OctetString, Botan::pbes2_encrypt_msec(), and Botan::DER_Encoder::start_sequence().
Referenced by BER_encode(), botan_privkey_view_der(), Botan::Certificate_Store_In_SQL::insert_key(), and PEM_encode().
std::vector< uint8_t > Botan::PKCS8::BER_encode_encrypted_pbkdf_iter | ( | const Private_Key & | key, |
RandomNumberGenerator & | rng, | ||
std::string_view | pass, | ||
size_t | pbkdf_iter, | ||
std::string_view | cipher = "", | ||
std::string_view | pbkdf_hash = "" ) |
Encrypt a key using PKCS #8 encryption and a fixed iteration count
key | the key to encode |
rng | the rng to use |
pass | the password to use for encryption |
pbkdf_iter | number of interations to run PBKDF2 |
cipher | if non-empty specifies the cipher to use. CBC and GCM modes are supported, for example "AES-128/CBC", "AES-256/GCM", "Serpent/CBC". If empty a suitable default is chosen. |
pbkdf_hash | if non-empty specifies the PBKDF hash function to use. For example "SHA-256" or "SHA-384". If empty a suitable default is chosen. |
Definition at line 203 of file pkcs8.cpp.
References BOTAN_UNUSED, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::OctetString, Botan::pbes2_encrypt_iter(), Botan::Private_Key::private_key_info(), and Botan::DER_Encoder::start_sequence().
Referenced by botan_privkey_view_encrypted_der(), and PEM_encode_encrypted_pbkdf_iter().
std::vector< uint8_t > Botan::PKCS8::BER_encode_encrypted_pbkdf_msec | ( | const Private_Key & | key, |
RandomNumberGenerator & | rng, | ||
std::string_view | pass, | ||
std::chrono::milliseconds | pbkdf_msec, | ||
size_t * | pbkdf_iterations, | ||
std::string_view | cipher = "", | ||
std::string_view | pbkdf_hash = "" ) |
Encrypt a key using PKCS #8 encryption and a variable iteration count
key | the key to encode |
rng | the rng to use |
pass | the password to use for encryption |
pbkdf_msec | how long to run PBKDF2 |
pbkdf_iterations | if non-null, set to the number of iterations used |
cipher | if non-empty specifies the cipher to use. CBC and GCM modes are supported, for example "AES-128/CBC", "AES-256/GCM", "Serpent/CBC". If empty a suitable default is chosen. |
pbkdf_hash | if non-empty specifies the PBKDF hash function to use. For example "SHA-256" or "SHA-384". If empty a suitable default is chosen. |
Definition at line 246 of file pkcs8.cpp.
References BOTAN_UNUSED, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::OctetString, Botan::pbes2_encrypt_msec(), Botan::Private_Key::private_key_info(), and Botan::DER_Encoder::start_sequence().
Referenced by botan_privkey_view_encrypted_der_timed(), and PEM_encode_encrypted_pbkdf_msec().
|
inline |
Copy an existing encoded key object.
key | the key to copy |
Definition at line 236 of file pkcs8.h.
References load_key().
std::unique_ptr< Private_Key > Botan::PKCS8::load_key | ( | DataSource & | source | ) |
Load an unencrypted key from a data source.
source | the data source providing the encoded key |
Definition at line 347 of file pkcs8.cpp.
References load_key().
std::unique_ptr< Private_Key > Botan::PKCS8::load_key | ( | DataSource & | source, |
const std::function< std::string()> & | get_passphrase ) |
Load an encrypted key from a data source.
source | the data source providing the encoded key |
get_passphrase | a function that returns passphrases |
Definition at line 316 of file pkcs8.cpp.
References load_key().
Referenced by botan_privkey_load(), copy_key(), Botan::Certificate_Store_In_SQL::find_key(), load_key(), load_key(), load_key(), load_key(), load_key(), and load_key().
std::unique_ptr< Private_Key > Botan::PKCS8::load_key | ( | DataSource & | source, |
std::string_view | pass ) |
Load an encrypted key from a data source.
source | the data source providing the encoded key |
pass | the passphrase to decrypt the key |
Definition at line 339 of file pkcs8.cpp.
References load_key().
std::unique_ptr< Private_Key > Botan::PKCS8::load_key | ( | std::span< const uint8_t > | source | ) |
Load an unencrypted key from memory.
source | the byte buffer containing the encoded key |
Definition at line 331 of file pkcs8.cpp.
References load_key().
std::unique_ptr< Private_Key > Botan::PKCS8::load_key | ( | std::span< const uint8_t > | source, |
const std::function< std::string()> & | get_passphrase ) |
Load an encrypted key from memory.
source | the byte buffer containing the encoded key |
get_passphrase | a function that returns passphrases |
Definition at line 320 of file pkcs8.cpp.
References load_key().
std::unique_ptr< Private_Key > Botan::PKCS8::load_key | ( | std::span< const uint8_t > | source, |
std::string_view | pass ) |
Load an encrypted key from memory.
source | the byte buffer containing the encoded key |
pass | the passphrase to decrypt the key |
Definition at line 326 of file pkcs8.cpp.
References load_key().
std::string Botan::PKCS8::PEM_encode | ( | const Private_Key & | key | ) |
Get a string containing a PEM encoded private key.
key | the key to encode |
Definition at line 118 of file pkcs8.cpp.
References Botan::PEM_Code::encode(), and Botan::Private_Key::private_key_info().
Referenced by botan_privkey_view_pem(), and PEM_encode().
std::string Botan::PKCS8::PEM_encode | ( | const Private_Key & | key, |
RandomNumberGenerator & | rng, | ||
std::string_view | pass, | ||
std::chrono::milliseconds | msec = std::chrono::milliseconds(300), | ||
std::string_view | pbe_algo = "" ) |
Get a string containing a PEM encoded private key, encrypting it with a password.
key | the key to encode |
rng | the rng to use |
pass | the password to use for encryption |
msec | number of milliseconds to run the password derivation |
pbe_algo | the name of the desired password-based encryption algorithm; if empty ("") a reasonable (portable/secure) default will be chosen. |
Definition at line 188 of file pkcs8.cpp.
References BER_encode(), Botan::PEM_Code::encode(), and PEM_encode().
std::string Botan::PKCS8::PEM_encode_encrypted_pbkdf_iter | ( | const Private_Key & | key, |
RandomNumberGenerator & | rng, | ||
std::string_view | pass, | ||
size_t | pbkdf_iter, | ||
std::string_view | cipher = "", | ||
std::string_view | pbkdf_hash = "" ) |
Get a string containing a PEM encoded private key, encrypting it with a password.
key | the key to encode |
rng | the rng to use |
pass | the password to use for encryption |
pbkdf_iter | number of iterations to run PBKDF |
cipher | if non-empty specifies the cipher to use. CBC and GCM modes are supported, for example "AES-128/CBC", "AES-256/GCM", "Serpent/CBC". If empty a suitable default is chosen. |
pbkdf_hash | if non-empty specifies the PBKDF hash function to use. For example "SHA-256" or "SHA-384". If empty a suitable default is chosen. |
Definition at line 233 of file pkcs8.cpp.
References BER_encode_encrypted_pbkdf_iter(), and Botan::PEM_Code::encode().
Referenced by botan_privkey_view_encrypted_pem().
std::string Botan::PKCS8::PEM_encode_encrypted_pbkdf_msec | ( | const Private_Key & | key, |
RandomNumberGenerator & | rng, | ||
std::string_view | pass, | ||
std::chrono::milliseconds | pbkdf_msec, | ||
size_t * | pbkdf_iterations, | ||
std::string_view | cipher = "", | ||
std::string_view | pbkdf_hash = "" ) |
Get a string containing a PEM encoded private key, encrypting it with a password.
key | the key to encode |
rng | the rng to use |
pass | the password to use for encryption |
pbkdf_msec | how long in milliseconds to run PBKDF2 |
pbkdf_iterations | (output argument) number of iterations of PBKDF that ended up being used |
cipher | if non-empty specifies the cipher to use. CBC and GCM modes are supported, for example "AES-128/CBC", "AES-256/GCM", "Serpent/CBC". If empty a suitable default is chosen. |
pbkdf_hash | if non-empty specifies the PBKDF hash function to use. For example "SHA-256" or "SHA-384". If empty a suitable default is chosen. |
Definition at line 280 of file pkcs8.cpp.
References BER_encode_encrypted_pbkdf_msec(), and Botan::PEM_Code::encode().
Referenced by botan_privkey_view_encrypted_pem_timed().