@spec from_der(binary()) :: {:ok, t()} | {:error, :malformed}

Attempts to parse a private key in DER (binary) format.

Unwraps the PKCS#8 PrivateKeyInfo container, if present.

Returns an :ok tuple in case of success, or an :error tuple in case of failure. Possible error reasons are:

• :malformed - the data could not be decoded as a private key

@spec from_der!(binary()) :: t() | no_return()

Attempts to parse a private key in DER (binary) format. Raises in case of failure.

Unwraps the PKCS#8 PrivateKeyInfo container, if present.

@spec from_pem(String.t(), Keyword.t()) ::
  {:ok, t()} | {:error, :malformed | :not_found}

Attempts to parse a private key in PEM format.

Processes the first PEM entry of type PRIVATE KEY, RSA PRIVATE KEY or EC PRIVATE KEY found in the input. Unwraps the PKCS#8 PrivateKeyInfo container, if present. Returns an :ok tuple in case of success, or an :error tuple in case of failure. Possible error reasons are:

• :not_found - no PEM entry of a supported PRIVATE KEY type was found
• :malformed - the entry could not be decoded as a private key

options

Options:

• :password - the password used to decrypt an encrypted private key; may be specified as a string or a charlist

@spec from_pem!(String.t(), Keyword.t()) :: t() | no_return()

Attempts to parse a private key in PEM format. Raises in case of failure.

Processes the first PEM entry of type PRIVATE KEY, RSA PRIVATE KEY or EC PRIVATE KEY found in the input. Unwraps the PKCS#8 PrivateKeyInfo container, if present.

options

Options:

• :password - the password used to decrypt an encrypted private key; may be specified as a string or a charlist

@spec new_ec(:crypto.ec_named_curve() | :public_key.oid()) ::
  :public_key.ec_private_key()

Generates a new EC private key. To derive the public key, use X509.PublicKey.derive/1.

The first parameter must specify a named curve. The curve can be specified as an atom or an OID tuple.

Note that this function uses Erlang/OTP's :public_key application, which does not support all curve names returned by the :crypto.ec_curves/0 function. In particular, the NIST Prime curves must be selected by their SECG id, e.g. NIST P-256 is :secp256r1 rather than :prime256v1. Please refer to RFC4492 appendix A for a mapping table.

@spec new_rsa(non_neg_integer(), Keyword.t()) :: :public_key.rsa_private_key()

Generates a new RSA private key. To derive the public key, use X509.PublicKey.derive/1.

The key length in bits must be specified as an integer (minimum 256 bits). The default exponent of 65537 can be overridden using the :exponent option. Warning: the custom exponent value is not checked for safety!

@spec to_der(t(), Keyword.t()) :: binary()

Converts a private key to DER (binary) format.

options

Options:

• :wrap - Wrap the private key in a PKCS#8 PrivateKeyInfo container (default: false)

@spec to_pem(t(), Keyword.t()) :: String.t()

Converts a private key to PEM format.

options

Options:

• :wrap - Wrap the private key in a PKCS#8 PrivateKeyInfo container (default: false)
• :password - If a password is specified, the private key is encrypted using 3DES; to password will be required to decode the PEM entry

Extracts a private key from a PKCS#8 PrivateKeyInfo container.

@spec wrap(t()) :: X509.ASN.record(:private_key_info)

@spec wrap(X509.ASN.record(:private_key_info)) :: t()

Wraps a private key in a PKCS#8 PrivateKeyInfo container.