Module X509.PKCS12

PKCS12 archive files

type t

A PKCS12 encoded archive file,

val decode_der : string -> (t, [> `Msg of string ]) Stdlib.result

decode_der buffer is t, the PKCS12 archive of buffer.

val encode_der : t -> string

encode_der t is buf, the PKCS12 encoded archive of t.

val verify : string -> t -> ([ `Certificate of Certificate.t | `Crl of CRL.t | `Private_key of Private_key.t | `Decrypted_private_key of Private_key.t ] list, [> `Msg of string ]) Stdlib.result

verify password t verifies and decrypts the PKCS12 archive t. The result is the contents of the archive.

val create : ?mac:[ `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] -> ?algorithm:[ `AES128_CBC | `AES192_CBC | `AES256_CBC ] -> ?iterations:int -> string -> Certificate.t list -> Private_key.t -> t

create ~mac ~algorithm ~iterations password certificates private_key constructs a PKCS12 archive with certificates and private_key. They are encrypted with algorithm (using PBES2, PKCS5v2) and integrity protected using mac. A local key id is always embedded in the private key and matching certificate.