PKCS12 (x509.X509.PKCS12)

type t

A PKCS12 encoded archive file,

val decode_der : Cstruct.t -> (t, [> `Msg of string ]) Stdlib.result

decode_der buffer is t, the PKCS12 archive of buffer.

val encode_der : t -> Cstruct.t

encode_der t is buf, the PKCS12 encoded archive of t.

val verify : 
  string ->
  t ->
  ([ `Certificate of Certificate.t
   | `Crl of CRL.t
   | `Private_key of Private_key.t
   | `Decrypted_private_key of Private_key.t ]
     list,
    [> `Msg of string ])
    Stdlib.result

verify password t verifies and decrypts the PKCS12 archive t. The result is the contents of the archive.

val create : 
  ?mac:[ `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] ->
  ?algorithm:[ `AES128_CBC | `AES192_CBC | `AES256_CBC ] ->
  ?iterations:int ->
  string ->
  Certificate.t list ->
  Private_key.t ->
  t

create ~mac ~algorithm ~iterations password certificates private_key constructs a PKCS12 archive with certificates and private_key. They are encrypted with algorithm (using PBES2, PKCS5v2) and integrity protected using mac. A local key id is always embedded in the private key and matching certificate.