aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/pubkey/pk_keys.cpp13
-rw-r--r--src/pubkey/pk_keys.h2
-rw-r--r--src/pubkey/pkcs8.cpp63
-rw-r--r--src/pubkey/pkcs8.h89
-rw-r--r--src/pubkey/x509_key.cpp28
-rw-r--r--src/pubkey/x509_key.h35
6 files changed, 122 insertions, 108 deletions
diff --git a/src/pubkey/pk_keys.cpp b/src/pubkey/pk_keys.cpp
index c7ca9673e..c19c676ab 100644
--- a/src/pubkey/pk_keys.cpp
+++ b/src/pubkey/pk_keys.cpp
@@ -25,19 +25,6 @@ OID Public_Key::get_oid() const
}
}
-SecureVector<byte> Private_Key::PKCS8_BER_encode() const
- {
- const u32bit PKCS8_VERSION = 0;
-
- return DER_Encoder()
- .start_cons(SEQUENCE)
- .encode(PKCS8_VERSION)
- .encode(this->pkcs8_algorithm_identifier())
- .encode(this->pkcs8_private_key(), OCTET_STRING)
- .end_cons()
- .get_contents();
- }
-
/*
* Run checks on a loaded public key
*/
diff --git a/src/pubkey/pk_keys.h b/src/pubkey/pk_keys.h
index fab8e99ae..da73db0ee 100644
--- a/src/pubkey/pk_keys.h
+++ b/src/pubkey/pk_keys.h
@@ -94,8 +94,6 @@ class BOTAN_DLL Private_Key : public virtual Public_Key
virtual AlgorithmIdentifier pkcs8_algorithm_identifier() const
{ return algorithm_identifier(); }
- SecureVector<byte> PKCS8_BER_encode() const;
-
protected:
void load_check(RandomNumberGenerator&) const;
void gen_check(RandomNumberGenerator&) const;
diff --git a/src/pubkey/pkcs8.cpp b/src/pubkey/pkcs8.cpp
index 243d3a6b3..3c767959f 100644
--- a/src/pubkey/pkcs8.cpp
+++ b/src/pubkey/pkcs8.cpp
@@ -129,26 +129,36 @@ SecureVector<byte> PKCS8_decode(DataSource& source, const User_Interface& ui,
}
/*
-* DER or PEM encode a PKCS #8 private key
+* BER encode a PKCS #8 private key, unencrypted
*/
-void encode(const Private_Key& key, Pipe& pipe, X509_Encoding encoding)
+SecureVector<byte> BER_encode(const Private_Key& key)
{
- SecureVector<byte> contents = key.PKCS8_BER_encode();
+ const u32bit PKCS8_VERSION = 0;
- if(encoding == PEM)
- pipe.write(PEM_Code::encode(contents, "PRIVATE KEY"));
- else
- pipe.write(contents);
+ return DER_Encoder()
+ .start_cons(SEQUENCE)
+ .encode(PKCS8_VERSION)
+ .encode(key.pkcs8_algorithm_identifier())
+ .encode(key.pkcs8_private_key(), OCTET_STRING)
+ .end_cons()
+ .get_contents();
+ }
+
+/*
+* PEM encode a PKCS #8 private key, unencrypted
+*/
+std::string PEM_encode(const Private_Key& key)
+ {
+ return PEM_Code::encode(PKCS8::BER_encode(key), "PRIVATE KEY");
}
/*
-* Encode and encrypt a PKCS #8 private key
+* BER encode a PKCS #8 private key, encrypted
*/
-void encrypt_key(const Private_Key& key,
- Pipe& pipe,
- RandomNumberGenerator& rng,
- const std::string& pass, const std::string& pbe_algo,
- X509_Encoding encoding)
+SecureVector<byte> BER_encode(const Private_Key& key,
+ RandomNumberGenerator& rng,
+ const std::string& pass,
+ const std::string& pbe_algo)
{
const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-128/CBC)";
@@ -160,32 +170,18 @@ void encrypt_key(const Private_Key& key,
AlgorithmIdentifier pbe_algid(pbe->get_oid(), pbe->encode_params());
Pipe key_encrytor(pbe.release());
- key_encrytor.process_msg(key.PKCS8_BER_encode());
+ key_encrytor.process_msg(PKCS8::BER_encode(key));
- SecureVector<byte> enc_key =
- DER_Encoder()
+ return DER_Encoder()
.start_cons(SEQUENCE)
.encode(pbe_algid)
.encode(key_encrytor.read_all(), OCTET_STRING)
.end_cons()
.get_contents();
-
- if(encoding == PEM)
- pipe.write(PEM_Code::encode(enc_key, "ENCRYPTED PRIVATE KEY"));
- else
- pipe.write(enc_key);
- }
-
-/*
-* PEM encode a PKCS #8 private key
-*/
-std::string PEM_encode(const Private_Key& key)
- {
- return PEM_Code::encode(key.PKCS8_BER_encode(), "PRIVATE KEY");
}
/*
-* Encrypt and PEM encode a PKCS #8 private key
+* PEM encode a PKCS #8 private key, encrypted
*/
std::string PEM_encode(const Private_Key& key,
RandomNumberGenerator& rng,
@@ -195,11 +191,8 @@ std::string PEM_encode(const Private_Key& key,
if(pass == "")
return PEM_encode(key);
- Pipe pem;
- pem.start_msg();
- encrypt_key(key, pem, rng, pass, pbe_algo, PEM);
- pem.end_msg();
- return pem.read_all_as_string();
+ return PEM_Code::encode(PKCS8::BER_encode(key, rng, pass, pbe_algo),
+ "ENCRYPTED PRIVATE KEY");
}
/*
diff --git a/src/pubkey/pkcs8.h b/src/pubkey/pkcs8.h
index 920f8c24a..24f28086b 100644
--- a/src/pubkey/pkcs8.h
+++ b/src/pubkey/pkcs8.h
@@ -25,31 +25,11 @@ struct BOTAN_DLL PKCS8_Exception : public Decoding_Error
namespace PKCS8 {
/**
-* Encode a private key into a pipe.
+* BER encode a private key
* @param key the private key to encode
-* @param pipe the pipe to feed the encoded key into
-* @param enc the encoding type to use
+* @return BER encoded key
*/
-BOTAN_DLL void encode(const Private_Key& key, Pipe& pipe,
- X509_Encoding enc = PEM);
-
-/**
-* Encode and encrypt a private key into a pipe.
-* @param key the private key to encode
-* @param pipe the pipe to feed the encoded key into
-* @param pass the password to use for encryption
-* @param rng the rng to use
-* @param pbe_algo the name of the desired password-based encryption algorithm;
- if empty ("") a reasonable (portable/secure) default will be chosen.
-* @param enc the encoding type to use
-*/
-BOTAN_DLL void encrypt_key(const Private_Key& key,
- Pipe& pipe,
- RandomNumberGenerator& rng,
- const std::string& pass,
- const std::string& pbe_algo = "",
- X509_Encoding enc = PEM);
-
+BOTAN_DLL SecureVector<byte> BER_encode(const Private_Key& key);
/**
* Get a string containing a PEM encoded private key.
@@ -59,19 +39,78 @@ BOTAN_DLL void encrypt_key(const Private_Key& key,
BOTAN_DLL std::string PEM_encode(const Private_Key& key);
/**
+* Encrypt a key using PKCS #8 encryption
+* @param key the key to encode
+* @param rng the rng to use
+* @param pass the password to use for encryption
+* @param pbe_algo the name of the desired password-based encryption
+ algorithm; if empty ("") a reasonable (portable/secure)
+ default will be chosen.
+* @return the encrypted key in binary BER form
+*/
+BOTAN_DLL SecureVector<byte> BER_encode(const Private_Key& key,
+ RandomNumberGenerator& rng,
+ const std::string& pass,
+ const std::string& pbe_algo = "");
+
+/**
* Get a string containing a PEM encoded private key, encrypting it with a
* password.
* @param key the key to encode
* @param rng the rng to use
* @param pass the password to use for encryption
-* @param pbe_algo the name of the desired password-based encryption algorithm;
- if empty ("") a reasonable (portable/secure) default will be chosen.
+* @param pbe_algo the name of the desired password-based encryption
+ algorithm; if empty ("") a reasonable (portable/secure)
+ default will be chosen.
+* @return the encrypted key in PEM form
*/
BOTAN_DLL std::string PEM_encode(const Private_Key& key,
RandomNumberGenerator& rng,
const std::string& pass,
const std::string& pbe_algo = "");
+
+/**
+* Encode a private key into a pipe. This function is deprecated.
+* @param key the private key to encode
+* @param pipe the pipe to feed the encoded key into
+* @param encoding the encoding type to use
+*/
+inline void encode(const Private_Key& key,
+ Pipe& pipe,
+ X509_Encoding encoding = PEM)
+ {
+ if(encoding == PEM)
+ pipe.write(PKCS8::PEM_encode(key));
+ else
+ pipe.write(PKCS8::BER_encode(key));
+ }
+
+/**
+* Encode and encrypt a private key into a pipe. This function is
+* deprecated.
+* @param key the private key to encode
+* @param pipe the pipe to feed the encoded key into
+* @param pass the password to use for encryption
+* @param rng the rng to use
+* @param pbe_algo the name of the desired password-based encryption
+ algorithm; if empty ("") a reasonable (portable/secure)
+ default will be chosen.
+* @param encoding the encoding type to use
+*/
+inline void encrypt_key(const Private_Key& key,
+ Pipe& pipe,
+ RandomNumberGenerator& rng,
+ const std::string& pass,
+ const std::string& pbe_algo = "",
+ X509_Encoding encoding = PEM)
+ {
+ if(encoding == PEM)
+ pipe.write(PKCS8::PEM_encode(key, rng, pass, pbe_algo));
+ else
+ pipe.write(PKCS8::BER_encode(key, rng, pass, pbe_algo));
+ }
+
/**
* Load a key from a data source.
* @param source the data source providing the encoded key
diff --git a/src/pubkey/x509_key.cpp b/src/pubkey/x509_key.cpp
index babeb517f..d321ce338 100644
--- a/src/pubkey/x509_key.cpp
+++ b/src/pubkey/x509_key.cpp
@@ -1,6 +1,6 @@
/*
* X.509 Public Key
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -18,23 +18,14 @@ namespace Botan {
namespace X509 {
-/*
-* DER or PEM encode a X.509 public key
-*/
-void encode(const Public_Key& key, Pipe& pipe, X509_Encoding encoding)
+MemoryVector<byte> BER_encode(const Public_Key& key)
{
- MemoryVector<byte> der =
- DER_Encoder()
+ return DER_Encoder()
.start_cons(SEQUENCE)
.encode(key.algorithm_identifier())
.encode(key.x509_subject_public_key(), BIT_STRING)
.end_cons()
.get_contents();
-
- if(encoding == PEM)
- pipe.write(PEM_Code::encode(der, "PUBLIC KEY"));
- else
- pipe.write(der);
}
/*
@@ -42,11 +33,8 @@ void encode(const Public_Key& key, Pipe& pipe, X509_Encoding encoding)
*/
std::string PEM_encode(const Public_Key& key)
{
- Pipe pem;
- pem.start_msg();
- encode(key, pem, PEM);
- pem.end_msg();
- return pem.read_all_as_string();
+ return PEM_Code::encode(X509::BER_encode(key),
+ "PUBLIC KEY");
}
/*
@@ -115,11 +103,7 @@ Public_Key* load_key(const MemoryRegion<byte>& mem)
*/
Public_Key* copy_key(const Public_Key& key)
{
- Pipe bits;
- bits.start_msg();
- X509::encode(key, bits, RAW_BER);
- bits.end_msg();
- DataSource_Memory source(bits.read_all());
+ DataSource_Memory source(PEM_encode(key));
return X509::load_key(source);
}
diff --git a/src/pubkey/x509_key.h b/src/pubkey/x509_key.h
index 13f11646e..d9e9f2d7c 100644
--- a/src/pubkey/x509_key.h
+++ b/src/pubkey/x509_key.h
@@ -1,6 +1,6 @@
/*
* X.509 Public Key
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -16,18 +16,16 @@
namespace Botan {
/**
-* This namespace contains functions for handling X509 objects.
+* This namespace contains functions for handling X.509 public keys
*/
namespace X509 {
/**
-* Encode a key into a pipe.
+* BER encode a key
* @param key the public key to encode
-* @param pipe the pipe to feed the encoded key into
-* @param enc the encoding type to use
+* @return the BER encoding of this key
*/
-BOTAN_DLL void encode(const Public_Key& key, Pipe& pipe,
- X509_Encoding enc = PEM);
+BOTAN_DLL MemoryVector<byte> BER_encode(const Public_Key& key);
/**
* PEM encode a public key into a string.
@@ -44,11 +42,11 @@ BOTAN_DLL std::string PEM_encode(const Public_Key& key);
BOTAN_DLL Public_Key* load_key(DataSource& source);
/**
-* Create a public key from a string.
-* @param enc the string containing the PEM encoded key
+* Create a public key from a file
+* @param file pathname to the file to load
* @return the new public key object
*/
-BOTAN_DLL Public_Key* load_key(const std::string& enc);
+BOTAN_DLL Public_Key* load_key(const std::string& filename);
/**
* Create a public key from a memory region.
@@ -73,10 +71,25 @@ BOTAN_DLL Public_Key* copy_key(const Public_Key& key);
* @return the combination of key type specific constraints and
* additional limits
*/
-
BOTAN_DLL Key_Constraints find_constraints(const Public_Key& pub_key,
Key_Constraints limits);
+/**
+* Encode a key into a pipe. This function is deprecated.
+* @param key the public key to encode
+* @param pipe the pipe to feed the encoded key into
+* @param encoding the encoding type to use
+*/
+inline void encode(const Public_Key& key,
+ Pipe& pipe,
+ X509_Encoding encoding = PEM)
+ {
+ if(encoding == PEM)
+ pipe.write(X509::PEM_encode(key));
+ else
+ pipe.write(X509::BER_encode(key));
+ }
+
}
}