ex_openssl

v0.1.3

ex_openssl v0.1.3 ExOpenssl.Crypto.PKCS7

PKCS7 Handling. See ExOpenssl.Crypto.PKCS7 for IO.

Link to this section Summary

Types

flag()
flags()
pkcs7()

Functions

decrypt(pkcs7, pkey, cert)

Decrypt pkcs7 pkcs7 using the recipients pkey and cert

decrypt!(pkcs7, pkey, cert)

See decrypt/3

encrypt(certs, input, cipher, flags \\ [:stream])

Encrypt binary input for the recipients certs

encrypt!(certs, input, cipher, flags \\ [:stream])

See encrypt/4

sign(signcert, pkey, certs \\ [], input, flags \\ [:stream])

Sign binary input

sign!(signcert, pkey, certs \\ [], input, flags \\ [:stream])

See sign/5

verify(pkcs7, certs, store, indata \\ nil, flags \\ [:stream])

Verify Signature

verify!(pkcs7, certs, store, indata \\ nil, flags \\ [:stream])

See verify/5

Link to this section Types

Link to this type

flag() 
flag() ::
  :text
  | :nocerts
  | :nosigs
  | :nochain
  | :nointern
  | :noverify
  | :detached
  | :binary
  | :noattr
  | :nosmimecap
  | :nooldmimetype
  | :crlfeol
  | :stream
  | :nocrl
  | :partial
  | :reuse_digest
  | :no_dual_content

Link to this type

flags() 
flags() :: [flag()]

Link to this opaque

pkcs7() (opaque) 
pkcs7()

Link to this section Functions

Link to this function

decrypt(pkcs7, pkey, cert) 
decrypt(
  pkcs7 :: pkcs7(),
  pkey :: ExOpenssl.PKey.key(),
  cert :: ExOpenssl.Crypto.X509.certificate()
) :: {:ok, binary()} | {:error, [ExOpenssl.Errors.Error.t()]}

Decrypt pkcs7 pkcs7 using the recipients pkey and cert.

Examples 

iex> [recipient] = ExOpenssl.Crypto.X509.from_pem!(File.read!("priv/test/cert.pem"))
iex> pkey = ExOpenssl.PKey.from_pem!(File.read!("priv/test/key.pem"))
iex> message = File.read!("priv/test/message_enc_foo.p7")
iex> {pkcs7, _} = ExOpenssl.Crypto.PKCS7.SMIME.read!(message)
iex> PKCS7.decrypt!(pkcs7, pkey, recipient)
"Foo"
Link to this function

decrypt!(pkcs7, pkey, cert) 
decrypt!(
  pkcs7 :: pkcs7(),
  pkey :: ExOpenssl.PKey.key(),
  cert :: ExOpenssl.Crypto.X509.certificate()
) :: binary() | no_return()

See decrypt/3

Link to this function

encrypt(certs, input, cipher, flags \\ [:stream]) 
encrypt(
  certs :: [ExOpenssl.Crypto.X509.certificate()],
  input :: binary(),
  cipher :: ExOpenssl.Symm.Cipher.cipher(),
  flags :: flags()
) :: {:ok, pkcs7()} | {:error, [ExOpenssl.Errors.Error.t()]}

Encrypt binary input for the recipients certs.

Examples 

iex> recipients = ExOpenssl.Crypto.X509.from_pem!(File.read!("priv/test/cert.pem"))
iex> cleartext = "Foo"
iex> {:ok, pkcs7} = PKCS7.encrypt(recipients, cleartext, :des_ede3_cbc)
iex> ExOpenssl.Crypto.PKCS7.SMIME.write!(pkcs7, cleartext)
"MIME-Version: 1.0...."
Link to this function

encrypt!(certs, input, cipher, flags \\ [:stream]) 
encrypt!(
  certs :: [ExOpenssl.Crypto.X509.certificate()],
  input :: binary(),
  cipher :: ExOpenssl.Symm.Cipher.cipher(),
  flags :: flags()
) :: pkcs7() | no_return()

See encrypt/4

Link to this function

sign(signcert, pkey, certs \\ [], input, flags \\ [:stream]) 
sign(
  signcert :: ExOpenssl.Crypto.X509.certificate(),
  pkey :: ExOpenssl.PKey.key(),
  certs :: [ExOpenssl.Crypto.X509.certificate()],
  input :: binary(),
  flags :: flags()
) :: {:ok, pkcs7()} | {:error, [ExOpenssl.Errors.Error.t()]}

Sign binary input.

Examples 

iex> [signcert] = ExOpenssl.Crypto.X509.from_pem!(File.read!("priv/test/cert.pem"))
iex> cleartext = "Foo"
iex> pkey = ExOpenssl.PKey.from_pem!(File.read!("priv/test/key.pem"))
iex> {:ok, pkcs7} = PKCS7.sign(signcert, pkey, cleartext)
iex> ExOpenssl.Crypto.PKCS7.SMIME.write!(pkcs7, cleartext)
"MIME-Version: 1.0...."
Link to this function

sign!(signcert, pkey, certs \\ [], input, flags \\ [:stream]) 
sign!(
  signcert :: ExOpenssl.Crypto.X509.certificate(),
  pkey :: ExOpenssl.PKey.key(),
  certs :: [ExOpenssl.Crypto.X509.certificate()],
  input :: binary(),
  flags :: flags()
) :: pkcs7() | no_return()

See sign/5

Link to this function

verify(pkcs7, certs, store, indata \\ nil, flags \\ [:stream]) 
verify(
  pkcs7 :: pkcs7(),
  certs :: [ExOpenssl.Crypto.X509.certificate()],
  store :: [ExOpenssl.Crypto.X509.certificate()],
  indata :: nil | binary(),
  flags :: flags()
) :: {:ok, {true, binary()}} | {:error, [ExOpenssl.Errors.Error.t()]}

Verify Signature

Examples 

iex> certs = ExOpenssl.Crypto.X509.from_pem!(File.read!("priv/test/cert.pem"))
iex> store = ExOpenssl.Crypto.X509.from_pem!(File.read!("priv/test/root-ca.pem"))
iex> message = File.read!("priv/test/message_sig_clear.p7")
iex> {pkcs7, bcount} = ExOpenssl.Crypto.PKCS7.SMIME.read!(message)
iex> PKCS7.verify(pkcs7, certs, store, bcount)
{:ok, {true, "Foo"}}
Link to this function

verify!(pkcs7, certs, store, indata \\ nil, flags \\ [:stream]) 
verify!(
  pkcs7 :: pkcs7(),
  certs :: [ExOpenssl.Crypto.X509.certificate()],
  store :: [ExOpenssl.Crypto.X509.certificate()],
  indata :: nil | binary(),
  flags :: flags()
) :: {true, binary()} | no_return()

See verify/5