 | Crypt::OpenSSL::CACrypt::OpenSSL::CA contains the crypto parts of an X509v3 Certification Authority. |
| Download | |
Crypt::OpenSSL::CA Ranking & Summary
Advertisement
- License:
- GPL
- Price:
- FREE
- Publisher Name:
- Dominique QUATRAVAUX
- Publisher web site:
- http://search.cpan.org/~domq/
Crypt::OpenSSL::CA Tags
Crypt::OpenSSL::CA Description
Crypt::OpenSSL::CA contains the crypto parts of an X509v3 Certification Authority. Crypt::OpenSSL::CA contains the crypto parts of an X509v3 Certification Authority.SYNOPSIS use Crypt::OpenSSL::CA; my $dn = Crypt::OpenSSL::CA::X509_NAME->new (C => "fr", CN => "test"); my $privkey = Crypt::OpenSSL::CA::PrivateKey ->parse($pem_private_key, -password => "secret"); my $pubkey = $privkey->get_public_key; my $x509 = Crypt::OpenSSL::CA::X509->new($pubkey); $x509->set_serial("0xdeadbeef"); $x509->set_subject_DN($dn); $x509->set_issuer_DN($dn); $x509->set_extension("basicConstraints", "CA:TRUE", -critical => 1); $x509->set_extension("subjectKeyIdentifier", $pubkey->get_openssl_keyid); $x509->set_extension("authorityKeyIdentifier", { keyid => $pubkey->get_openssl_keyid }); my $pem = $x509->sign($privkey, "sha1");This module performs the cryptographic operations necessary to issue X509 certificates and certificate revocation lists (CRLs). It is implemented as a Perl wrapper around the popular OpenSSL library.Crypt::OpenSSL::CA is an essential building block to create an X509v3 Certification Authority or CA, a crucial part of an X509 Public Key Infrastructure (PKI). A CA is defined by RFC4210 and friends (see Crypt::OpenSSL::CA::Resources) as a piece of software that can (among other things) issue and revoke X509v3 certificates. To perform the necessary cryptographic operations, it needs a private key that is kept secret (currently only RSA is supported).Despite the name and unlike the openssl ca command-line tool, Crypt::OpenSSL::CA is not designed as a full-fledged X509v3 Certification Authority (CA) in and of itself: some key features are missing, most notably persistence (e.g. to remember issued and revoked certificates between two CRL issuances) and security-policy based screening of certificate requests. Crypt::OpenSSL::CA mostly does ``just the crypto'', and this is deliberate: OpenSSL's features such as configuration file parsing, that are best implemented in Perl, have been left out for maximum flexibility. Requirements: · Perl
Crypt::OpenSSL::CA Related Software