Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Crypt::Perl::PKCS10(3)User Contributed Perl DocumentatioCrypt::Perl::PKCS10(3)

NAME
       Crypt::Perl::PKCS10 - Certificate Signing Request (CSR) creation

SYNOPSIS
	   my $pkcs10 =	Crypt::Perl::PKCS10->new(

	       key => $private_key_obj,

	       subject => [
		   commonName => 'foo.com',
		   localityName	=> 'somewhere',
		   #...
	       ],
	       attributes => [
		   [ 'extensionRequest',
		       [ 'subjectAltName',
			   [ dNSName =>	'foo.com' ],
			   [ dNSName =>	'bar.com' ],
		       ],
		   ],
	       ],
	   );

	   my $der = $pkcs10->to_der();
	   my $pem = $pkcs10->to_pem();

DESCRIPTION
       This module is for creation of (PKCS #10) certificate signing requests
       (CSRs).	Right now it supports only a subset of what OpenSSL
       <http://openssl.org> can	create;	however, itas useful enough for	use
       with many certificate authorities, including ACME <https://ietf-wg-
       acme.github.io/acme/> services like Letas Encrypt
       <http://letsencrypt.org>.

       Itas also a good	deal easier to use!

       I believe this is the only CPAN <http://search.cpan.org>	module that
       can create CSRs for RSA,	ECDSA, and Ed25519 keys. Other encryption
       schemes would not be difficult to integrateabut do any CAs accept them?

ECDSA KEY FORMAT
       After a brief flirtation	(cf. v0.13) with producing ECDSA-signed	CSRs
       using explicit curve parameters,	this module produces CSRs using	named
       curves.	Certificate authorities	seem to	prefer this formatawhich makes
       sense since they	only allow certain curves in the first place.

SIGNATURE DIGEST ALGORITHMS
       The signature digest algorithm is determined based on the passed-in
       key: for	RSA itas always	SHA-512, and for ECDSA itas the	strongest SHA
       digest algorithm	that the key allows (e.g., SHA-224 for a 239-bit key,
       etc.)

       If you need additional flexibility, let me know.

       (Note that Ed25519 signs	an entire document rather than a digest.)

CLASS METHODS
   new(	NAME =>	VALUE, ... );
       Create an instance of this class. Parameters are:

       o   "key" - An instance of "Crypt::Perl::RSA::PrivateKey",
	   "Crypt::Perl::ECDSA::PrivateKey", or
	   "Crypt::Perl::Ed25519::PrivateKey".	If youave got a	DER- or	PEM-
	   encoded key string, use Crypt::Perl::PK (included in	this
	   distribution) to create an appropriate object.

       o   "subject" - An array	reference of arguments into
	   Crypt::Perl::X509::Nameas constructor.

       o   "attributes"	- An array reference of	arguments into
	   Crypt::Perl::PKCS10::Attributesas constructor.

TODO
       Let me know what	features you would find	useful,	ideally	with a
       representative sample CSR that demonstrates the requested feature.
       (Or, better yet,	send me	a pull request!)

SEE ALSO
       o   Crypt::PKCS10 - Parse CSRs, in pure Perl.

       o   Crypt::OpenSSL::PKCS10 - Create CSRs	using OpenSSL via XS.
	   Currently this only seems to	support	RSA.

perl v5.32.0			  2018-07-28		Crypt::Perl::PKCS10(3)

NAME | SYNOPSIS | DESCRIPTION | ECDSA KEY FORMAT | SIGNATURE DIGEST ALGORITHMS | CLASS METHODS | TODO | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Crypt::Perl::PKCS10&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help