Module X509.Public_key

Public keys

Public keys as specified in PKCS 8 are supported in this module.

The type for public keys

type t = [
| `RSA of
| `ED25519 of
| `P224 of
| `P256 of
| `P384 of
| `P521 of

The polymorphic variant of public keys, with PKCS 8 encoding and decoding to PEM.

Operations on public keys

val pp : t Fmt.t

pp ppf pub pretty-prints the public key pub on ppf.

val id : t -> Cstruct.t

id public_key is digest, the 160-bit `SHA1 hash of the BIT STRING subjectPublicKey (excluding tag, length, and number of unused bits) for publicKeyInfo of public_key.

RFC 5280,, variant (1)

val fingerprint : ?hash:Mirage_crypto.Hash.hash -> t -> Cstruct.t

fingerprint ?hash public_key is digest, the hash (by default SHA256) of the DER encoded public key (equivalent to openssl x509 -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -HASH).

val key_type : t -> Key_type.t

key_type public_key is its key_type.

Cryptographic verify operation

val verify : Mirage_crypto.Hash.hash -> ?scheme:Key_type.signature_scheme -> signature:Cstruct.t -> t -> [ `Message of Cstruct.t | `Digest of Cstruct.t ] -> ( unit, [> `Msg of string ] ) Stdlib.result

verify hash ~scheme ~signature key data verifies whether the signature on data is valid using the key, or not. The signature must be in ASN.1 DER encoding. The scheme defaults to `RSA_PSS for RSA, `ED25519 for ED25519, and `ECDSA for other EC keys.

Decoding and encoding in ASN.1 DER and PEM format

val encode_der : t -> Cstruct.t

encode_der pk is buffer, the ASN.1 encoding of the given public key.

val decode_der : Cstruct.t -> ( t, [> `Msg of string ] ) Stdlib.result

decode_der buffer is pubkey, the public key of the ASN.1 encoded buffer.

val decode_pem : Cstruct.t -> ( t, [> `Msg of string ] ) Stdlib.result

decode_pem pem is t, where the public key of pem is extracted

val encode_pem : t -> Cstruct.t

encode_pem public_key is pem, the pem encoded public key.