NAME

Crypt::OpenSSL::PKCS12 - Perl extension to OpenSSL's PKCS12 API.

SYNOPSIS

  use Crypt::OpenSSL::PKCS12;
  my $pass   = "your password";
  my $pkcs12 = Crypt::OpenSSL::PKCS12->new_from_file('cert.p12');
  print $pkcs12->certificate($pass);
  print $pkcs12->private_key($pass);
  if ($pkcs12->mac_ok($pass)) {
  ...
  # Creating a file
  $pkcs12->create('test-cert.pem', 'test-key.pem', $pass, 'out.p12', 'friendly name');
  # Creating a string
  my $pksc12_data = $pkcs12->create_as_string('test-cert.pem', 'test-key.pem', $pass, 'friendly name');
  # Reproducing OpenSSL's info
  my $info = $pkcs12->info($pass);
  # Accessing OpenSSL's info as a hash
  my $info_hash = $pkcs12->info_as_hash($pass);

VERSION

This documentation describes version 1.94 of Crypt::OpenSSL::PKCS12

DESCRIPTION

PKCS12 is a file format for storing cryptography objects as a single file or string. PKCS12 is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.

This distribution implements a subset of OpenSSL's PKCS12 API.

SUBROUTINES/METHODS

new( )
legacy_support ( )
Check whether the openssl version installed supports the legacy provider.
new_from_string( $string )
new_from_file( $filename )
Create a new Crypt::OpenSSL::PKCS12 instance.
certificate( [$pass] )
Get the Base64 representation of the certificate.
ca_certificate( [$pass] )
Get the Base64 representation of the CA certificate chain.
private_key( [$pass] )
Get the Base64 representation of the private key.
as_string( [$pass] )
Get the binary represenation as a string.
mac_ok( [$pass] )
Verifiy the certificates Message Authentication Code
changepass( $old, $new )
Change a certificate's password.
create( $cert, $key, $pass, $output_file, $friendly_name )
Create a new PKCS12 certificate. $cert & $key may either be strings or filenames.

$friendly_name is optional.
create_as_string( $cert, $key, $pass, $friendly_name )
Create a new PKCS12 certificate string. $cert & $key may either be strings or filenames.

$friendly_name is optional.

Returns a string holding the PKCS12 certicate.
info( $pass )
Returns a string containing the output of information about the pkcs12 file in the same format as produced by the openssl command:
```
    openssl pkcs12 -in certs/test_le_1.1.p12 -info -nodes
    
```
info_as_hash( $pass )
Places the information about the pkcs12 file, the certificates and keys in a hash.

The format of the hash is complex to represent the data in the PKCS12 file:

Essentially, the hash follows the format of the -info output.

1. pkcs7_data and pkcs7_encrypted_data are arrays as more than one of each can exist 2. mac provieds the top level mac parameters for the file 3. safe_contents_bag is an array that contains an array of bags 4. bags is an array of bags 5. a bag is a container for a key or certificate

Each bag has a type and the following are available:

1. key_bag 2. certificate_bag 3. shrouded_keybag 4. secret_bag 5. safe_contents_bag

{
mac {
digest "sha1",
iteration 2048,
length 20,
salt_length 20
},
pkcs7_data [
[0] {
bags [
[0] {
bag_attributes {
friendlyName "...",
localKeyID "..." (dualvar: 54)
},
key "...",
key_attributes {
"X509v3 Key Usage" 10
},
parameters {
iteration 10000,
nid_long_name "PBKDF2",
nid_short_name "PBKDF2"
},
type "shrouded_keybag"
}
]
},
[1] {
safe_contents_bag [
[0] {
bags [
[0] {
bag_attributes {
localKeyID "01" (dualvar: 1)
friendlyName "",
},
cert "...".
issuer "...",
subject "...",
type "certificate_bag"
}
],
type "safe_contents_bag"
}
]
},
[2] {
bags [
[0] {
bag_attributes {
localKeyID "02" (dualvar: 2)
},
cert "...",
issuer "...",
subject "...",
type "certificate_bag"
}
]
},
],
pkcs7_encrypted_data [
[0] {
bags [
[0] {
bag_attributes {
2.16.840.1.113894.746875.1.1 "<Unsupported tag 6>",
friendlyName "..."
},
cert "...",
issuer "...",
subject "...",
type "certificate_bag"
},
[1] {
bag_attributes {
friendlyName "...",
localKeyID "..." (dualvar: 54)
},
cert "...",
issuer "...",
subject "...",
type "certificate_bag"
}
],
parameters {
iteration 10000,
nid_long_name "PBKDF2",
nid_short_name "PBKDF2"
}
}
] }

EXPORTS

None by default.

On request:

"NOKEYS"
"NOCERTS"
"INFO"
"CLCERTS"
"CACERTS"

DIAGNOSTICS

No diagnostics are documented at this time

CONFIGURATION AND ENVIRONMENT

No special environment or configuration is required.

DEPENDENCIES

This distribution has the following dependencies

An installation of OpenSSL, either version 1.X.X or version 3.X.X
Perl 5.8

INCOMPATIBILITIES

Currently the library has been updated to support both OpenSSL 1.X.X and OpenSSL 3.X.X

BUGS AND LIMITATIONS

Please see the GitHub repository <https://github.com/dsully/perl-crypt-openssl-pkcs12/issues> for known issues.

AUTHOR

•: Dan Sully, <daniel@cpan.org>

Current maintainer

•: jonasbn

CONTRIBUTORS

In alphabetical order, contributors, bug reporters and all

@mmuehlenhoff
@sectokia
@SmartCodeMaker
Alexandr Ciornii, @chorny
Christopher Hoskin, @mans0954
Daisuke Murase, @typester
Darko Prelec, @dprelec
David Steinbrunner, @dsteinbrunner
Gianni Ceccarelli, @dakkar
Giuseppe Di Terlizzi, @giterlizzi
H.Merijn Brand, @tux
Hakim, @osfameron
J. Nick Koston, @bdraco
James Rouzier, @jrouzierinverse
jonasbn. @jonasbn
Kelson, @kelson42
Lance Wicks, @lancew
Leonid Antonenkov
Masayuki Matsuki, @songmu
Mikołaj Zalewski
Shoichi Kaji
Slaven Rezić
Timothy Legge, @timlegge
Todd Rinaldo, @toddr

LICENSE AND COPYRIGHT

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.