Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PKCS12 #114

Draft
wants to merge 11 commits into
base: master
from

Conversation

@hannesm
Copy link
Member

commented Jun 4, 2019

this works for me, but should get some tests and also a way to construct PKCS12 files (enc/dec should be factored out into PKCS8 / Private_key module to get all the benefits in there)... the plan here is to only support "good" (i.e. not known weak ciphers) for encryption, such as AES-128/192/256-CBC (that's also the reason the RC2 encryption is not in rc2.ml)
what is supported?

  • parts of PKCS7 (data, encryptedData), nothing else
  • parts of PKCS5 (v2, PBES2, PBKDF2), no PBES1/PBKDF1
  • parts of PKCS12 (only password-based privacy and integrity, the custom PBES and KDF as written in PKCS12 -- also rc2 (40/128), rc4 (40/128), 3des (no 2des))

this is based on #113 and gmap-extension (only most recent commit is relevant here)

the asn is a bit ugly to work around the lack of ANY defined BY in asn1-combinators (I manually merged the grammars in question to avoid ambiguous grammar exceptions)

e5e5c66

hannesm added 11 commits Apr 21, 2019
big rename:
- drop x509 prefix for files, enable dune wrapping
- extract Public_key, Private_key, Distinguished_name from x509_certificate
- extract Validation from X509_certificate.Validation
- split Asn_grammars submodules into separate files (or the corresponding one)
 - no more *types.ml to avoid circular dependencies
- remove Encoding module, provide decode_der, decode_pem, encode_der, encode_der
  in the corresponding modules instead
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
1 participant
You can’t perform that action at this time.