View Source X509.PublicKey (X509 v0.8.9)

Functions for deriving, reading and writing RSA and EC public keys.

Link to this section Summary

Types

SubjectPublicKeyInfo container

t()

RSA or EC public key

Functions

Derives the public key from the given RSA or EC private key.

Attempts to parse a public key in DER (binary) format.

Attempts to parse a public key in DER (binary) format. Raises in case of failure.

Attempts to parse a public key in PEM format.

Attempts to parse a public key in PEM format. Raises in case of failure.

Converts a public key to DER (binary) format.

Converts a public key to PEM format.

Extracts a public key from a SubjectPublicKeyInfo style container.

Wraps a public key in a SubjectPublicKeyInfo (or similar) container.

Link to this section Types

@type spki() ::
  X509.ASN.record(:subject_public_key_info)
  | X509.ASN.record(:otp_subject_public_key_info)
  | X509.ASN.record(:certification_request_subject_pk_info)

SubjectPublicKeyInfo container

RSA or EC public key

Link to this section Functions

@spec derive(X509.PrivateKey.t() | :crypto.engine_key_ref()) :: t()

Derives the public key from the given RSA or EC private key.

The private key may be specified as an 'engine reference'. Please refer to documentation for Erlang/OTP's :crypto application for further information about engines. However, please note that :crypto may not support this API for all key types.

@spec from_der(binary()) :: {:ok, t()} | {:error, :malformed}

Attempts to parse a public key in DER (binary) format.

Unwraps a SubjectPublicKeyInfo style container, if present.

Returns an :ok tuple in case of success, or an :error tuple in case of failure. Possible error reasons are:

  • :malformed - the data could not be decoded as a public key
@spec from_der!(binary()) :: t() | no_return()

Attempts to parse a public key in DER (binary) format. Raises in case of failure.

Unwraps a SubjectPublicKeyInfo style container, if present.

@spec from_pem(String.t()) :: {:ok, t()} | {:error, :malformed | :not_found}

Attempts to parse a public key in PEM format.

Expects the input string to include exactly one PEM entry, which must be of type "PUBLIC KEY" or "RSA PUBLIC KEY". Unwraps a SubjectPublicKeyInfo style container, if present. Returns an :ok tuple in case of success, or an :error tuple in case of failure. Possible error reasons are:

  • :not_found - no PEM entry of a supported PRIVATE KEY type was found
  • :malformed - the entry could not be decoded as a public key
@spec from_pem!(String.t()) :: t() | no_return()

Attempts to parse a public key in PEM format. Raises in case of failure.

Expects the input string to include exactly one PEM entry, which must be of type "PUBLIC KEY" or "RSA PUBLIC KEY". Unwraps a SubjectPublicKeyInfo style container, if present.

Link to this function

to_der(public_key, opts \\ [])

View Source
@spec to_der(t(), Keyword.t()) :: binary()

Converts a public key to DER (binary) format.

options

Options:

  • :wrap - Wrap the private key in a SubjectPublicKeyInfo container (default: true)
Link to this function

to_pem(public_key, opts \\ [])

View Source
@spec to_pem(t(), Keyword.t()) :: String.t()

Converts a public key to PEM format.

options

Options:

  • :wrap - Wrap the private key in a SubjectPublicKeyInfo container; for RSA public keys this defaults to true, but for EC public keys this option is ignored and the key is always exported in SubjectPublicKeyInfo format
@spec unwrap(spki()) :: t()

Extracts a public key from a SubjectPublicKeyInfo style container.

Supports the same container structures as wrap/2.

Link to this function

wrap(public_key, wrapper \\ :SubjectPublicKeyInfo)

View Source

Wraps a public key in a SubjectPublicKeyInfo (or similar) container.

The following container types are supported:

  • :SubjectPublicKeyInfo - standard X.509 structure for storing public keys (default)
  • :OTPSubjectPublicKeyInfo - Erlang/OTP record variant of :SubjectPublicKeyInfo, for use in the :OTPCertificate record
  • :CertificationRequestInfo_subjectPKInfo - for use in a PKCS#10 CertificationRequest (CSR)