aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/examples/GNUmakefile (renamed from examples/GNUmakefile)0
-rw-r--r--doc/examples/asn1.cpp (renamed from examples/asn1.cpp)0
-rw-r--r--doc/examples/base64.cpp (renamed from examples/base64.cpp)0
-rw-r--r--doc/examples/bcrypt.cpp (renamed from examples/bcrypt.cpp)0
-rw-r--r--doc/examples/bench.cpp (renamed from examples/bench.cpp)0
-rw-r--r--doc/examples/benchmark.cpp (renamed from examples/benchmark.cpp)0
-rw-r--r--doc/examples/bzip.cpp (renamed from examples/bzip.cpp)0
-rw-r--r--doc/examples/ca.cpp (renamed from examples/ca.cpp)0
-rw-r--r--doc/examples/cert_verify.cpp (renamed from examples/cert_verify.cpp)0
-rw-r--r--doc/examples/checksum.cpp (renamed from examples/checksum.cpp)0
-rw-r--r--doc/examples/cms_dec.cpp (renamed from examples/cms_dec.cpp)0
-rw-r--r--doc/examples/cms_enc.cpp (renamed from examples/cms_enc.cpp)0
-rw-r--r--doc/examples/cpuid.cpp (renamed from examples/cpuid.cpp)0
-rw-r--r--doc/examples/cryptobox.cpp (renamed from examples/cryptobox.cpp)0
-rw-r--r--doc/examples/decrypt.cpp (renamed from examples/decrypt.cpp)0
-rw-r--r--doc/examples/dh.cpp (renamed from examples/dh.cpp)41
-rw-r--r--doc/examples/dsa_kgen.cpp (renamed from examples/dsa_kgen.cpp)0
-rw-r--r--doc/examples/dsa_sign.cpp (renamed from examples/dsa_sign.cpp)0
-rw-r--r--doc/examples/dsa_ver.cpp (renamed from examples/dsa_ver.cpp)0
-rw-r--r--doc/examples/eax_test.cpp (renamed from examples/eax_test.cpp)0
-rw-r--r--doc/examples/eax_tv.txt (renamed from examples/eax_tv.txt)0
-rw-r--r--doc/examples/ecdsa.cpp (renamed from examples/ecdsa.cpp)0
-rw-r--r--doc/examples/encrypt.cpp (renamed from examples/encrypt.cpp)0
-rw-r--r--doc/examples/encrypt2.cpp (renamed from examples/encrypt2.cpp)0
-rw-r--r--doc/examples/factor.cpp (renamed from examples/factor.cpp)0
-rw-r--r--doc/examples/fpe.cpp (renamed from examples/fpe.cpp)0
-rw-r--r--doc/examples/gen_certs.cpp (renamed from examples/gen_certs.cpp)0
-rw-r--r--doc/examples/gtk/Makefile (renamed from examples/gtk/Makefile)0
-rw-r--r--doc/examples/gtk/dsa.cpp (renamed from examples/gtk/dsa.cpp)0
-rw-r--r--doc/examples/gtk/gtk_ui.cpp (renamed from examples/gtk/gtk_ui.cpp)0
-rw-r--r--doc/examples/gtk/gtk_ui.h (renamed from examples/gtk/gtk_ui.h)0
-rw-r--r--doc/examples/gtk/readme.txt (renamed from examples/gtk/readme.txt)0
-rw-r--r--doc/examples/hash.cpp (renamed from examples/hash.cpp)0
-rw-r--r--doc/examples/hash_fd.cpp (renamed from examples/hash_fd.cpp)0
-rw-r--r--doc/examples/hash_quickly.cpp (renamed from examples/hash_quickly.cpp)0
-rw-r--r--doc/examples/hasher.cpp (renamed from examples/hasher.cpp)0
-rw-r--r--doc/examples/hasher2.cpp (renamed from examples/hasher2.cpp)0
-rw-r--r--doc/examples/keywrap.cpp (renamed from examples/keywrap.cpp)0
-rw-r--r--doc/examples/make_prime.cpp (renamed from examples/make_prime.cpp)0
-rw-r--r--doc/examples/new_engine.cpp (renamed from examples/new_engine.cpp)0
-rw-r--r--doc/examples/package.cpp (renamed from examples/package.cpp)0
-rw-r--r--doc/examples/passhash.cpp (renamed from examples/passhash.cpp)0
-rw-r--r--doc/examples/pkcs10.cpp (renamed from examples/pkcs10.cpp)0
-rw-r--r--doc/examples/pqg_gen.cpp (renamed from examples/pqg_gen.cpp)0
-rwxr-xr-xdoc/examples/python/cipher.py (renamed from examples/python/cipher.py)0
-rwxr-xr-xdoc/examples/python/cryptobox.py (renamed from examples/python/cryptobox.py)0
-rwxr-xr-xdoc/examples/python/nisttest.py (renamed from examples/python/nisttest.py)0
-rw-r--r--doc/examples/python/results.txt (renamed from examples/python/results.txt)0
-rwxr-xr-xdoc/examples/python/rng_test.py (renamed from examples/python/rng_test.py)0
-rwxr-xr-xdoc/examples/python/rsa.py (renamed from examples/python/rsa.py)0
-rw-r--r--doc/examples/read_ssh.cpp (renamed from examples/read_ssh.cpp)0
-rw-r--r--doc/examples/readme.txt (renamed from examples/readme.txt)0
-rw-r--r--doc/examples/rng_test.cpp (renamed from examples/rng_test.cpp)0
-rw-r--r--doc/examples/row_encryptor.cpp (renamed from examples/row_encryptor.cpp)0
-rw-r--r--doc/examples/rsa_dec.cpp (renamed from examples/rsa_dec.cpp)0
-rw-r--r--doc/examples/rsa_enc.cpp (renamed from examples/rsa_enc.cpp)0
-rw-r--r--doc/examples/rsa_kgen.cpp (renamed from examples/rsa_kgen.cpp)0
-rw-r--r--doc/examples/rsa_manykey.cpp (renamed from examples/rsa_manykey.cpp)0
-rw-r--r--doc/examples/self_sig.cpp (renamed from examples/self_sig.cpp)0
-rw-r--r--doc/examples/sig_gen.cpp (renamed from examples/sig_gen.cpp)0
-rw-r--r--doc/examples/socket.h (renamed from examples/socket.h)0
-rw-r--r--doc/examples/stack.cpp (renamed from examples/stack.cpp)0
-rw-r--r--doc/examples/tls_client.cpp (renamed from examples/tls_client.cpp)0
-rw-r--r--doc/examples/tls_server.cpp (renamed from examples/tls_server.cpp)0
-rw-r--r--doc/examples/toolbox.cpp (renamed from examples/toolbox.cpp)0
-rw-r--r--doc/examples/tss.cpp (renamed from examples/tss.cpp)0
-rw-r--r--doc/examples/x509info.cpp (renamed from examples/x509info.cpp)0
-rw-r--r--doc/pubkey.txt135
68 files changed, 79 insertions, 97 deletions
diff --git a/examples/GNUmakefile b/doc/examples/GNUmakefile
index c386f4390..c386f4390 100644
--- a/examples/GNUmakefile
+++ b/doc/examples/GNUmakefile
diff --git a/examples/asn1.cpp b/doc/examples/asn1.cpp
index b0a6aa104..b0a6aa104 100644
--- a/examples/asn1.cpp
+++ b/doc/examples/asn1.cpp
diff --git a/examples/base64.cpp b/doc/examples/base64.cpp
index dbe8d19e3..dbe8d19e3 100644
--- a/examples/base64.cpp
+++ b/doc/examples/base64.cpp
diff --git a/examples/bcrypt.cpp b/doc/examples/bcrypt.cpp
index 27a98cf33..27a98cf33 100644
--- a/examples/bcrypt.cpp
+++ b/doc/examples/bcrypt.cpp
diff --git a/examples/bench.cpp b/doc/examples/bench.cpp
index 20e6ec40b..20e6ec40b 100644
--- a/examples/bench.cpp
+++ b/doc/examples/bench.cpp
diff --git a/examples/benchmark.cpp b/doc/examples/benchmark.cpp
index 7ad1775e2..7ad1775e2 100644
--- a/examples/benchmark.cpp
+++ b/doc/examples/benchmark.cpp
diff --git a/examples/bzip.cpp b/doc/examples/bzip.cpp
index 6137bb6af..6137bb6af 100644
--- a/examples/bzip.cpp
+++ b/doc/examples/bzip.cpp
diff --git a/examples/ca.cpp b/doc/examples/ca.cpp
index 8dd3e981f..8dd3e981f 100644
--- a/examples/ca.cpp
+++ b/doc/examples/ca.cpp
diff --git a/examples/cert_verify.cpp b/doc/examples/cert_verify.cpp
index 04bcbecad..04bcbecad 100644
--- a/examples/cert_verify.cpp
+++ b/doc/examples/cert_verify.cpp
diff --git a/examples/checksum.cpp b/doc/examples/checksum.cpp
index dba7a7d70..dba7a7d70 100644
--- a/examples/checksum.cpp
+++ b/doc/examples/checksum.cpp
diff --git a/examples/cms_dec.cpp b/doc/examples/cms_dec.cpp
index 84355fb4a..84355fb4a 100644
--- a/examples/cms_dec.cpp
+++ b/doc/examples/cms_dec.cpp
diff --git a/examples/cms_enc.cpp b/doc/examples/cms_enc.cpp
index 2cf813987..2cf813987 100644
--- a/examples/cms_enc.cpp
+++ b/doc/examples/cms_enc.cpp
diff --git a/examples/cpuid.cpp b/doc/examples/cpuid.cpp
index 6d4cc7593..6d4cc7593 100644
--- a/examples/cpuid.cpp
+++ b/doc/examples/cpuid.cpp
diff --git a/examples/cryptobox.cpp b/doc/examples/cryptobox.cpp
index 38d750d17..38d750d17 100644
--- a/examples/cryptobox.cpp
+++ b/doc/examples/cryptobox.cpp
diff --git a/examples/decrypt.cpp b/doc/examples/decrypt.cpp
index ea510c5e9..ea510c5e9 100644
--- a/examples/decrypt.cpp
+++ b/doc/examples/decrypt.cpp
diff --git a/examples/dh.cpp b/doc/examples/dh.cpp
index 652c7b136..8489df8fe 100644
--- a/examples/dh.cpp
+++ b/doc/examples/dh.cpp
@@ -1,9 +1,3 @@
-/*
-* (C) 2009-2010 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
#include <botan/botan.h>
#include <botan/dh.h>
#include <botan/pubkey.h>
@@ -14,41 +8,36 @@ using namespace Botan;
int main()
{
- Botan::LibraryInitializer init;
-
try
{
+ LibraryInitializer init;
+
AutoSeeded_RNG rng;
// Alice and Bob agree on a DH domain to use
- DL_Group shared_domain("modp/ietf/1024");
+ DL_Group shared_domain("modp/ietf/2048");
- // Alice creates a DH key and sends (the public part) to Bob
+ // Alice creates a DH key
DH_PrivateKey private_a(rng, shared_domain);
- // Alice sends to Bob her public key:
- MemoryVector<byte> public_a = private_a.public_value();
-
// Bob creates a key with a matching group
DH_PrivateKey private_b(rng, shared_domain);
+ // Alice sends to Bob her public key and a session parameter
+ MemoryVector<byte> public_a = private_a.public_value();
+ const std::string session_param =
+ "Alice and Bob's shared session parameter";
+
// Bob sends his public key to Alice
MemoryVector<byte> public_b = private_b.public_value();
- PK_Key_Agreement ka1(private_a, "KDF2(SHA-1)");
- PK_Key_Agreement ka2(private_b, "KDF2(SHA-1)");
-
- /*
- * Preferably, include some salt or parameter that binds this key
- * generation to the current session (for instance a session
- * identifier, if guaranteed unique, would be a good choice). Or
- * anything else that both sides can agree on that will never
- * repeat.
- */
- const std::string ka_salt = "alice and bob agree on a key";
+ // Now Alice performs the key agreement operation
+ PK_Key_Agreement ka_alice(private_a, "KDF2(SHA-256)");
+ SymmetricKey alice_key = ka1.derive_key(32, public_b, session_param);
- SymmetricKey alice_key = ka1.derive_key(32, public_b, ka_salt);
- SymmetricKey bob_key = ka2.derive_key(32, public_a, ka_salt);
+ // Bob does the same:
+ PK_Key_Agreement ka_bob(private_b, "KDF2(SHA-256)");
+ SymmetricKey bob_key = ka2.derive_key(32, public_a, session_param);
if(alice_key == bob_key)
{
diff --git a/examples/dsa_kgen.cpp b/doc/examples/dsa_kgen.cpp
index fe3157370..fe3157370 100644
--- a/examples/dsa_kgen.cpp
+++ b/doc/examples/dsa_kgen.cpp
diff --git a/examples/dsa_sign.cpp b/doc/examples/dsa_sign.cpp
index 5f02c0dc1..5f02c0dc1 100644
--- a/examples/dsa_sign.cpp
+++ b/doc/examples/dsa_sign.cpp
diff --git a/examples/dsa_ver.cpp b/doc/examples/dsa_ver.cpp
index a666259c1..a666259c1 100644
--- a/examples/dsa_ver.cpp
+++ b/doc/examples/dsa_ver.cpp
diff --git a/examples/eax_test.cpp b/doc/examples/eax_test.cpp
index 32311800d..32311800d 100644
--- a/examples/eax_test.cpp
+++ b/doc/examples/eax_test.cpp
diff --git a/examples/eax_tv.txt b/doc/examples/eax_tv.txt
index 95cd7c1ab..95cd7c1ab 100644
--- a/examples/eax_tv.txt
+++ b/doc/examples/eax_tv.txt
diff --git a/examples/ecdsa.cpp b/doc/examples/ecdsa.cpp
index df1e1b93a..df1e1b93a 100644
--- a/examples/ecdsa.cpp
+++ b/doc/examples/ecdsa.cpp
diff --git a/examples/encrypt.cpp b/doc/examples/encrypt.cpp
index 28017d875..28017d875 100644
--- a/examples/encrypt.cpp
+++ b/doc/examples/encrypt.cpp
diff --git a/examples/encrypt2.cpp b/doc/examples/encrypt2.cpp
index 41f4fb478..41f4fb478 100644
--- a/examples/encrypt2.cpp
+++ b/doc/examples/encrypt2.cpp
diff --git a/examples/factor.cpp b/doc/examples/factor.cpp
index 58b12d9a5..58b12d9a5 100644
--- a/examples/factor.cpp
+++ b/doc/examples/factor.cpp
diff --git a/examples/fpe.cpp b/doc/examples/fpe.cpp
index 9b18d4879..9b18d4879 100644
--- a/examples/fpe.cpp
+++ b/doc/examples/fpe.cpp
diff --git a/examples/gen_certs.cpp b/doc/examples/gen_certs.cpp
index f8c9fe124..f8c9fe124 100644
--- a/examples/gen_certs.cpp
+++ b/doc/examples/gen_certs.cpp
diff --git a/examples/gtk/Makefile b/doc/examples/gtk/Makefile
index 10e069bb3..10e069bb3 100644
--- a/examples/gtk/Makefile
+++ b/doc/examples/gtk/Makefile
diff --git a/examples/gtk/dsa.cpp b/doc/examples/gtk/dsa.cpp
index 2cd91b0e8..2cd91b0e8 100644
--- a/examples/gtk/dsa.cpp
+++ b/doc/examples/gtk/dsa.cpp
diff --git a/examples/gtk/gtk_ui.cpp b/doc/examples/gtk/gtk_ui.cpp
index d4e9cd238..d4e9cd238 100644
--- a/examples/gtk/gtk_ui.cpp
+++ b/doc/examples/gtk/gtk_ui.cpp
diff --git a/examples/gtk/gtk_ui.h b/doc/examples/gtk/gtk_ui.h
index 065a4f76b..065a4f76b 100644
--- a/examples/gtk/gtk_ui.h
+++ b/doc/examples/gtk/gtk_ui.h
diff --git a/examples/gtk/readme.txt b/doc/examples/gtk/readme.txt
index 4f3691166..4f3691166 100644
--- a/examples/gtk/readme.txt
+++ b/doc/examples/gtk/readme.txt
diff --git a/examples/hash.cpp b/doc/examples/hash.cpp
index 1a4ca1b64..1a4ca1b64 100644
--- a/examples/hash.cpp
+++ b/doc/examples/hash.cpp
diff --git a/examples/hash_fd.cpp b/doc/examples/hash_fd.cpp
index 32acdbec3..32acdbec3 100644
--- a/examples/hash_fd.cpp
+++ b/doc/examples/hash_fd.cpp
diff --git a/examples/hash_quickly.cpp b/doc/examples/hash_quickly.cpp
index 005a6d719..005a6d719 100644
--- a/examples/hash_quickly.cpp
+++ b/doc/examples/hash_quickly.cpp
diff --git a/examples/hasher.cpp b/doc/examples/hasher.cpp
index e5c52ba55..e5c52ba55 100644
--- a/examples/hasher.cpp
+++ b/doc/examples/hasher.cpp
diff --git a/examples/hasher2.cpp b/doc/examples/hasher2.cpp
index b6303b644..b6303b644 100644
--- a/examples/hasher2.cpp
+++ b/doc/examples/hasher2.cpp
diff --git a/examples/keywrap.cpp b/doc/examples/keywrap.cpp
index 730bcb6c9..730bcb6c9 100644
--- a/examples/keywrap.cpp
+++ b/doc/examples/keywrap.cpp
diff --git a/examples/make_prime.cpp b/doc/examples/make_prime.cpp
index acaaac698..acaaac698 100644
--- a/examples/make_prime.cpp
+++ b/doc/examples/make_prime.cpp
diff --git a/examples/new_engine.cpp b/doc/examples/new_engine.cpp
index 42e5dbe33..42e5dbe33 100644
--- a/examples/new_engine.cpp
+++ b/doc/examples/new_engine.cpp
diff --git a/examples/package.cpp b/doc/examples/package.cpp
index 02cf52816..02cf52816 100644
--- a/examples/package.cpp
+++ b/doc/examples/package.cpp
diff --git a/examples/passhash.cpp b/doc/examples/passhash.cpp
index 586c28c3f..586c28c3f 100644
--- a/examples/passhash.cpp
+++ b/doc/examples/passhash.cpp
diff --git a/examples/pkcs10.cpp b/doc/examples/pkcs10.cpp
index 3f5ec8e05..3f5ec8e05 100644
--- a/examples/pkcs10.cpp
+++ b/doc/examples/pkcs10.cpp
diff --git a/examples/pqg_gen.cpp b/doc/examples/pqg_gen.cpp
index c033dac3b..c033dac3b 100644
--- a/examples/pqg_gen.cpp
+++ b/doc/examples/pqg_gen.cpp
diff --git a/examples/python/cipher.py b/doc/examples/python/cipher.py
index 1be2759ae..1be2759ae 100755
--- a/examples/python/cipher.py
+++ b/doc/examples/python/cipher.py
diff --git a/examples/python/cryptobox.py b/doc/examples/python/cryptobox.py
index f76ed6bc3..f76ed6bc3 100755
--- a/examples/python/cryptobox.py
+++ b/doc/examples/python/cryptobox.py
diff --git a/examples/python/nisttest.py b/doc/examples/python/nisttest.py
index 3ea8fda0f..3ea8fda0f 100755
--- a/examples/python/nisttest.py
+++ b/doc/examples/python/nisttest.py
diff --git a/examples/python/results.txt b/doc/examples/python/results.txt
index 7a3824001..7a3824001 100644
--- a/examples/python/results.txt
+++ b/doc/examples/python/results.txt
diff --git a/examples/python/rng_test.py b/doc/examples/python/rng_test.py
index 06c79b84e..06c79b84e 100755
--- a/examples/python/rng_test.py
+++ b/doc/examples/python/rng_test.py
diff --git a/examples/python/rsa.py b/doc/examples/python/rsa.py
index 8ca95ff8b..8ca95ff8b 100755
--- a/examples/python/rsa.py
+++ b/doc/examples/python/rsa.py
diff --git a/examples/read_ssh.cpp b/doc/examples/read_ssh.cpp
index f6299a29d..f6299a29d 100644
--- a/examples/read_ssh.cpp
+++ b/doc/examples/read_ssh.cpp
diff --git a/examples/readme.txt b/doc/examples/readme.txt
index fb6a03ddf..fb6a03ddf 100644
--- a/examples/readme.txt
+++ b/doc/examples/readme.txt
diff --git a/examples/rng_test.cpp b/doc/examples/rng_test.cpp
index c0d24fd80..c0d24fd80 100644
--- a/examples/rng_test.cpp
+++ b/doc/examples/rng_test.cpp
diff --git a/examples/row_encryptor.cpp b/doc/examples/row_encryptor.cpp
index 685850945..685850945 100644
--- a/examples/row_encryptor.cpp
+++ b/doc/examples/row_encryptor.cpp
diff --git a/examples/rsa_dec.cpp b/doc/examples/rsa_dec.cpp
index 81592328c..81592328c 100644
--- a/examples/rsa_dec.cpp
+++ b/doc/examples/rsa_dec.cpp
diff --git a/examples/rsa_enc.cpp b/doc/examples/rsa_enc.cpp
index ac609c4b3..ac609c4b3 100644
--- a/examples/rsa_enc.cpp
+++ b/doc/examples/rsa_enc.cpp
diff --git a/examples/rsa_kgen.cpp b/doc/examples/rsa_kgen.cpp
index f4566263b..f4566263b 100644
--- a/examples/rsa_kgen.cpp
+++ b/doc/examples/rsa_kgen.cpp
diff --git a/examples/rsa_manykey.cpp b/doc/examples/rsa_manykey.cpp
index e6a511753..e6a511753 100644
--- a/examples/rsa_manykey.cpp
+++ b/doc/examples/rsa_manykey.cpp
diff --git a/examples/self_sig.cpp b/doc/examples/self_sig.cpp
index 6710cfb51..6710cfb51 100644
--- a/examples/self_sig.cpp
+++ b/doc/examples/self_sig.cpp
diff --git a/examples/sig_gen.cpp b/doc/examples/sig_gen.cpp
index cf273216a..cf273216a 100644
--- a/examples/sig_gen.cpp
+++ b/doc/examples/sig_gen.cpp
diff --git a/examples/socket.h b/doc/examples/socket.h
index c4fa46600..c4fa46600 100644
--- a/examples/socket.h
+++ b/doc/examples/socket.h
diff --git a/examples/stack.cpp b/doc/examples/stack.cpp
index 0c00ed183..0c00ed183 100644
--- a/examples/stack.cpp
+++ b/doc/examples/stack.cpp
diff --git a/examples/tls_client.cpp b/doc/examples/tls_client.cpp
index 9f6f6229a..9f6f6229a 100644
--- a/examples/tls_client.cpp
+++ b/doc/examples/tls_client.cpp
diff --git a/examples/tls_server.cpp b/doc/examples/tls_server.cpp
index 087ba86fa..087ba86fa 100644
--- a/examples/tls_server.cpp
+++ b/doc/examples/tls_server.cpp
diff --git a/examples/toolbox.cpp b/doc/examples/toolbox.cpp
index 622a1f56f..622a1f56f 100644
--- a/examples/toolbox.cpp
+++ b/doc/examples/toolbox.cpp
diff --git a/examples/tss.cpp b/doc/examples/tss.cpp
index 03d7699bf..03d7699bf 100644
--- a/examples/tss.cpp
+++ b/doc/examples/tss.cpp
diff --git a/examples/x509info.cpp b/doc/examples/x509info.cpp
index b22b4ebd8..b22b4ebd8 100644
--- a/examples/x509info.cpp
+++ b/doc/examples/x509info.cpp
diff --git a/doc/pubkey.txt b/doc/pubkey.txt
index 1be471e1b..254880f65 100644
--- a/doc/pubkey.txt
+++ b/doc/pubkey.txt
@@ -99,8 +99,9 @@ predefined ``BigInt`` private key value is different:
constructors described above, to match the integer modulo prime
versions. Only use them if you really need them.
+.. _serializing_private_keys:
-Serializing Private Keys
+Serializing Private Keys Using PKCS #8
----------------------------------------
The standard format for serializing a private key is PKCS #8, the
@@ -157,7 +158,16 @@ decrypt, if necessary) a PKCS #8 private key:
.. cpp:function:: Private_Key* PKCS8::load_key(const std::string& filename, RandomNumberGenerator& rng, const std::string& passphrase = "")
-The result is an object allocated using ``new``.
+These functions will return an object allocated key object based on
+the data from whatever source it is using (assuming, of course, the
+source is in fact storing a representation of a private key, and the
+decryption was sucessful). The encoding used (PEM or BER) need not be
+specified; the format will be detected automatically. The key is
+allocated with ``new``, and should be released with ``delete`` when
+you are done with it. The first takes a generic ``DataSource`` that
+you have to create - the other is a simple wrapper functions that take
+either a filename or a memory buffer and create the appropriate
+``DataSource``.
The versions that pass the passphrase as a ``std::string`` are
primarily for compatibility, but they are useful in limited
@@ -179,6 +189,25 @@ passphrase passed in first, and then it cancels.
In a future version, it is likely that ``User_Interface`` will be
replaced by a simple callback using ``std::function``.
+Serializing Public Keys
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+To import and export public keys, use:
+
+.. cpp:function:: MemoryVector<byte> X509::BER_encode(const Public_Key& key)
+
+.. cpp:function:: std::string X509::PEM_encode(const Public_Key& key)
+
+.. cpp:function:: Public_Key* X509::load_key(DataSource& in)
+
+.. cpp:function:: Public_Key* X509::load_key(const SecureVector<byte>& buffer)
+
+.. cpp:function:: Public_Key* X509::load_key(const std::string& filename)
+
+ These functions operate in the same way as the ones described in
+ :ref:`serializing_private_keys`, except that no encryption option is
+ availabe.
+
.. _dl_group:
DL_Group
@@ -224,7 +253,7 @@ You can generate a new random group using
bits. If the *type* is ``Prime_Subgroup`` or ``DSA_Kosherizer``,
then *qbits* specifies the size of the subgroup.
-You can export a ``DL_Group`` using
+You can serialize a ``DL_Group`` using
.. cpp:function:: SecureVector<byte> DL_Group::DER_Encode(Format format)
@@ -232,13 +261,28 @@ or
.. cpp:function:: std::string DL_Group::PEM_encode(Format format)
-where *format* is any of
+where *format* is any of
+
+* ``ANSI_X9_42`` (or ``DH_PARAMETERS``) for modp groups
+* ``ANSI_X9_57`` (or ``DSA_PARAMETERS``) for DSA-style groups
+* ``PKCS_3`` is an older format for modp groups; it should only
+ be used for backwards compatability.
+
+You can reload a serialized group using
+
+.. cpp:function:: void DL_Group::BER_decode(DataSource& source, Format format)
+
+.. cpp:function:: void DL_Group::PEM_decode(DataSource& source)
.. _ec_dompar:
EC_Domain_Params
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+An ``EC_Domain_Params`` is initialized by passing the name of the
+group to be used to the constructor. These groups have
+semi-standardized names like "secp256r1" and "brainpool512r1".
+
Key Checking
---------------------------------
@@ -246,22 +290,20 @@ Most public key algorithms have limitations or restrictions on their
parameters. For example RSA requires an odd exponent, and algorithms
based on the discrete logarithm problem need a generator $> 1$.
-Each low-level public key type has a function named ``check_key`` that
-takes a ``bool``. This function returns a Boolean value that declares
-whether or not the key is valid (from an algorithmic standpoint). For
-example, it will check to make sure that the prime parameters of a DSA
-key are, in fact, prime. It does not have anything to do with the
-validity of the key for any particular use, nor does it have anything
-to do with certificates that link a key (which, after all, is just
-some numbers) with a user or other entity. If ``check_key``'s argument
-is ``true``, then it does "strong" checking, which includes expensive
-operations like primality checking.
-
-Keys are always checked when they are loaded or generated, so typically there
-is no reason to use this function directly. However, you can disable or reduce
-the checks for particular cases (public keys, loaded private keys, generated
-private keys) by setting the right config toggle (see the section on the
-configuration subsystem for details).
+Each public key type has a function
+
+.. cpp:function:: bool Public_Key::check_key(RandomNumberGenerator& rng, bool strong)
+
+ This function performs a number of algorithm-specific tests that the
+ key seems to be mathematically valid and consistent, and returns
+ true if all of the tests pass.
+
+ It does not have anything to do with the validity of the key for any
+ particular use, nor does it have anything to do with certificates
+ that link a key (which, after all, is just some numbers) with a user
+ or other entity. If *strong* is ``true``, then it does "strong"
+ checking, which includes expensive operations like primality
+ checking.
Getting a PK algorithm object
---------------------------------
@@ -423,55 +465,6 @@ in new applications. The X9.42 algorithm may be useful in some
circumstances, but unless you need X9.42 compatibility, KDF2 is easier
to use.
-There is a Diffie-Hellman example included in the distribution, which you may
-want to examine.
-
-.. _pk_import_export:
-
-Importing and Exporting Keys
----------------------------------
-
-There are many, many different (often conflicting) standards
-surrounding public key cryptography. There is, thankfully, only two
-major standards surrounding the representation of a public or private
-key: the X.509 subject public key info format (for public keys), and
-PKCS #8 (for private keys). Other crypto libraries, such as Crypto++
-and OpenSSL, also support these formats, so you can easily exchange
-keys with software that doesn't use Botan.
-
-In addition to "plain" public keys, Botan also supports X.509
-certificates. These are documented in :ref:`x509_certificates`.
-
-.. _import_export_public_keys:
-
-Importing/Exporting Public Keys
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-To import and export public keys, use:
-
-.. cpp:function:: MemoryVector<byte> X509::BER_encode(const Public_Key& key)
-
-
-.. cpp:function:: std::string X509::PEM_encode(const Public_Key& key)
-
-
-.. cpp:function:: Public_Key* X509::load_key(DataSource& in)
-
-.. cpp:function:: Public_Key* X509::load_key(const SecureVector<byte>& buffer)
-
-.. cpp:function:: Public_Key* X509::load_key(const std::string& filename)
-
- For loading a public key, use one of the variants of ``load_key``.
- This function will return a newly allocated key based on the data
- from whatever source it is using (assuming, of course, the source is
- in fact storing a representation of a public key). The encoding used
- (PEM or BER) need not be specified; the format will be detected
- automatically. The key is allocated with ``new``, and should be
- released with ``delete`` when you are done with it. The first takes
- a generic ``DataSource`` that you have to create - the other is a
- simple wrapper functions that take either a filename or a memory
- buffer and create the appropriate ``DataSource``.
-
-Importing/Exporting Private Keys
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+An example of using Diffie-Hellman:
+.. literalinclude:: examples/dh.cpp