1PKCS10(3) User Contributed Perl Documentation PKCS10(3)
2
6 Crypt::OpenSSL::PKCS10 - Perl extension to OpenSSL's PKCS10 API.
7
9 use Crypt::OpenSSL::PKCS10::PKCS10 qw( :const );
10 my $req = Crypt::OpenSSL::PKCS10->new;
12 $req->set_subject("/C=RO/O=UTI/OU=ssi");
13 $req->add_ext(Crypt::OpenSSL::PKCS10::NID_key_usage,"critical,digitalSignature,keyEncipherment");
14 $req->add_ext(Crypt::OpenSSL::PKCS10::NID_ext_key_usage,"serverAuth, nsSGC, msSGC, 1.3.4");
15 $req->add_ext(Crypt::OpenSSL::PKCS10::NID_subject_alt_name,"email:steve@openssl.org");
16 $req->add_custom_ext('1.2.3.3',"My new extension");
17 $req->add_ext_final();
18 $req->sign();
19 $req->write_pem_req('request.pem');
20 $req->write_pem_pk('pk.pem');
21 print $req->get_pem_req();
22
24 Crypt::OpenSSL::PKCS10 - Perl extension to OpenSSL's PKCS10 API.
25
27 Crypt::OpenSSL::PKCS10 provides the ability to create PKCS10
28 certificate requests using RSA key pairs.
29
31 new Create a new Crypt::OpenSSL::PKCS10 object by generating a new RSA
32 key pair. There is one optional argument, the key size, which has
33 the default value of 1024 if omitted.
34 new_from_rsa( $rsa_object )
36 Create a new Crypt::OpenSSL::PKCS10 object by using key information
37 from a Crypt::OpenSSL::RSA object. Here is an example:
38 my $rsa = Crypt::OpenSSL::RSA->generate_key(512);
40 my $req = Crypt::OpenSSL::PKCS10->new_from_rsa($rsa);
41
43 set_subject($subject)
44 Sets the subject DN of the request. Note: $subject is expected to be
45 in the format /type0=value0/type1=value1/type2=... where characters
46 may be escaped by \
47 add_ext($nid, $extension)
49 Adds a new extension to the request. The first argument $nid is one
50 of the exported constants (see below). The second one $extension is
51 a string (for more info read openssl(3)).
52 $req->add_ext(Crypt::OpenSSL::PKCS10::NID_key_usage,"critical,digitalSignature,keyEncipherment");
54 $req->add_ext(Crypt::OpenSSL::PKCS10::NID_ext_key_usage,"serverAuth, nsSGC, msSGC, 1.3.4");
55 $req->add_ext(Crypt::OpenSSL::PKCS10::NID_subject_alt_name,"email:steve@openssl.org");
56 add_custom_ext($oid, $desc)
58 Adds a new custom extension to the request.
59 $req->add_custom_ext('1.2.3.3',"My new extension");
61 add_ext_final()
63 This must be called after all extensions has been added. It actually
64 copies the extension stack to request structure.
65 $req->add_ext(Crypt::OpenSSL::PKCS10::NID_subject_alt_name,"email:my@email.org");
67 $req->add_ext_final();
68 sign()
70 This adds the signature to the PKCS10 request.
71 $req->sign();
73 get_pem_req()
75 Returns the PEM encoding of the PKCS10 request.
76 $req->get_pem_req();
78 write_pem_req($filename)
80 Writes the PEM encoding of the PKCS10 request to a given file.
81 $req->write_pem_req('request.pem');
83 get_pem_pk()
85 Returns the PEM encoding of the private key.
86 $req->get_pem_pk();
88 write_pem_pk($filename)
90 Writes the PEM encoding of the private key to a given file.
91 $req->write_pem_pk('request.pem');
93 EXPORT
95 None by default.
96 On request:
98 NID_key_usage NID_subject_alt_name NID_netscape_cert_type NID_netscape_comment
100 NID_ext_key_usage
101
103 If you destroy $req object that is linked to a Crypt::OpenSSL::RSA
104 object, the RSA private key is also freed, thus you can't use latter
105 object anymore. Avoid this:
106 my $rsa = Crypt::OpenSSL::RSA->generate_key(512);
108 my $req = Crypt::OpenSSL::PKCS10->new_from_rsa($rsa);
109 undef $req;
110 print $rsa->get_private_key_string();
111
113 "Crypt::OpenSSL::RSA", "Crypt::OpenSSL::X509".
114
116 JoNO, <jonozzz@yahoo.com>
117
119 Copyright (C) 2006 by JoNO
120 This library is free software; you can redistribute it and/or modify it
122 under the same terms as Perl itself, either Perl version 5.8.2 or, at
123 your option, any later version of Perl 5 you may have available.
124perl v5.12.0 2006-02-24 PKCS10(3)