<HTML>
<HEAD>
<TITLE>OpenCA::OpenSSL - Perl Crypto Extention to OpenSSL</TITLE>
<LINK REV="made" HREF="mailto:root@porky.devel.redhat.com">
</HEAD>
<BODY>
<!-- INDEX BEGIN -->
<UL>
<LI><A HREF="#NAME">NAME</A>
<LI><A HREF="#SYNOPSIS">SYNOPSIS</A>
<LI><A HREF="#DESCRIPTION">DESCRIPTION</A>
<LI><A HREF="#FUNCTIONS">FUNCTIONS</A>
<UL>
<LI><A HREF="#sub_new_Creates_a_new_Class">sub new () - Creates a new Class instance.</A>
<LI><A HREF="#sub_setParams_Set_internal_">sub setParams () - Set internal module variables.</A>
<LI><A HREF="#sub_genKey_Generate_a_priva">sub genKey () - Generate a private Key.</A>
<LI><A HREF="#sub_genReq_Generate_a_new_R">sub genReq () - Generate a new Request.</A>
<LI><A HREF="#sub_genCert_Generate_a_cert">sub genCert () - Generate a certificate from a request.</A>
<LI><A HREF="#sub_dataConvert_Convert_dat">sub dataConvert () - Convert data to different format.</A>
<LI><A HREF="#sub_issueCert_Issue_a_certi">sub issueCert () - Issue a certificate.</A>
<LI><A HREF="#sub_issueCrl_Issue_a_CRL_">sub issueCrl () - Issue a CRL.</A>
<LI><A HREF="#sub_SPKAC_Get_SPKAC_infos_">sub SPKAC () - Get SPKAC infos.</A>
</UL>
<LI><A HREF="#AUTHOR">AUTHOR</A>
<LI><A HREF="#SEE_ALSO">SEE ALSO</A>
</UL>
<!-- INDEX END -->
<HR>
<P>
<H1><A NAME="NAME">NAME</A></H1>
<P>
OpenCA::OpenSSL - Perl Crypto Extention to OpenSSL
<P>
<HR>
<H1><A NAME="SYNOPSIS">SYNOPSIS</A></H1>
<P>
<PRE> use OpenCA::OpenSSL;
</PRE>
<P>
<HR>
<H1><A NAME="DESCRIPTION">DESCRIPTION</A></H1>
<P>
This Perl Module implements an interface to the openssl backend program. It
actually uses the openssl command and it is not fully integrated as PERL/C
mixture.
<P>
Passing parameters to functions should be very simple as them have no
particular order and have, often, self-explaining name. Each parameter
should be passed to the function like this:
<P>
<PRE> ... ( NAME=>VALUE, NAME=>VALUE, ... );
</PRE>
<P>
<HR>
<H1><A NAME="FUNCTIONS">FUNCTIONS</A></H1>
<P>
<HR>
<H2><A NAME="sub_new_Creates_a_new_Class">sub new () - Creates a new Class instance.</A></H2>
<P>
<PRE> This functions creates a new instance of the class. It accepts
only one parameter: the path to the backend command (openssl).
</PRE>
<P>
<PRE> EXAMPLE:
</PRE>
<P>
<PRE> my $openssl->new OpenCA::OpenSSL( $path );
</PRE>
<P>
<HR>
<H2><A NAME="sub_setParams_Set_internal_">sub setParams () - Set internal module variables.</A></H2>
<P>
<PRE> This function can handle the internal module data such as the
backend path or the tmp dir. Accepted parameters are:
</PRE>
<P>
<PRE> SHELL - Path to the openssl command.
CONFIG - Path to the openssl config file.
TMPDIR - Temporary files directory.
STDERR - Where to redirect the STDERR file.
</PRE>
<P>
<PRE> (*) - Optional parameters;
</PRE>
<P>
<PRE> EXAMPLE:
</PRE>
<P>
<PRE> $openssl->setParams( SHELL=>'/usr/local/ssl/bin/openssl',
CONFIG=>$ca/stuff/openssl.cnf,
TMPDIR=>'/tmp',
STDERR=>'/dev/null' );
</PRE>
<P>
<HR>
<H2><A NAME="sub_genKey_Generate_a_priva">sub genKey () - Generate a private Key.</A></H2>
<P>
<PRE> This functions let you generate a new private key. Accepted
parameters are:
</PRE>
<P>
<PRE> BITS - key lengh in bits(*);
OUTFILE - Output file name(*);
ALGORITHM - Encryption Algorithm to be used(*);
PASSWD - Password to be used when encrypting(*);
</PRE>
<P>
<PRE> (*) - Optional parameters;
</PRE>
<P>
<PRE> EXAMPLE:
</PRE>
<P>
<PRE> my $key = $openssl->genKey( BITS=>1024 );
</PRE>
<P>
<HR>
<H2><A NAME="sub_genReq_Generate_a_new_R">sub genReq () - Generate a new Request.</A></H2>
<P>
<PRE> This function generate a new certificate request. Accepted
parameters are:
</PRE>
<P>
<PRE> OUTFILE - Output file(*);
KEYFILE - File containing the key;
PASSWD - Password to decript key (if needed) (*);
DN - Subject list (as required by openssl, see
the openssl.cnf doc on policy);
</PRE>
<P>
<PRE> (*) - Optional parameters;
</PRE>
<P>
<PRE> EXAMPLE:
</PRE>
<P>
<PRE> my $req = $openssl->genReq( KEYFILE=>"00_key.pem",
DN => [ "madwolf@openca.org","Max","","","" ] );
</PRE>
<P>
<HR>
<H2><A NAME="sub_genCert_Generate_a_cert">sub genCert () - Generate a certificate from a request.</A></H2>
<P>
<PRE> This function let you generate a new certificate starting
from the request file. It is used for self-signed certificate
as it simply converts the request into a x509 structure.
Accepted parameters are:
</PRE>
<P>
<PRE> OUTFILE - Output file(*);
KEYFILE - File containing the private key;
REQFILE - Request File;
PASSWD - Password to decrypt private key(*);
DAYS - Validity days(*);
</PRE>
<P>
<PRE> (*) - Optional parameters;
</PRE>
<P>
<PRE> EXAMPLE:
</PRE>
<P>
<PRE> $cert = $openssl->genCert( KEYFILE=>"priv_key.pem",
REQFILE=>"req.pem",
DAYS=>"720" );
</PRE>
<P>
<HR>
<H2><A NAME="sub_dataConvert_Convert_dat">sub dataConvert () - Convert data to different format.</A></H2>
<P>
<PRE> This functions will convert data you pass to another format. Ir
requires you to provide with the data's type and IN/OUT format.
Accepted parameters are:
</PRE>
<P>
<PRE> DATA - Data to be processed;
INFILE - Data file to be processed (one of DATA and
INFILE are required and exclusive);
DATATYPE - Data type ( CRL | CERTIFICATE | REQUEST );
OUTFORM - Output format (PEM|DER|NET|TXT)(*);
INFORM - Input format (PEM|DER|NET|TXT)(*);
OUTFILE - Output file(*);
</PRE>
<P>
<PRE> (*) - Optional parameters;
</PRE>
<P>
<PRE> EXAMPLE:
</PRE>
<P>
<PRE> print $openssl->dataConvert( INFILE=>"crl.pem",
OUTFORM=>"TXT" );
</PRE>
<P>
<HR>
<H2><A NAME="sub_issueCert_Issue_a_certi">sub issueCert () - Issue a certificate.</A></H2>
<P>
<PRE> This function should be used when you have a CA certificate and
a request (either DER|PEM|SPKAC) and want to issue the certificate.
Parameters used will override the configuration values (remember
to set to appropriate value the CONFIG with the setParams func).
Accepted parameters are:
</PRE>
<P>
<PRE> REQDATA - Request;
REQFILE - File containing the request (one of
REQDATA and REQFILE are required);
INFORM - Input format (PEM|DER|NET|SPKAC)(*);
PRESERVE_DN - Preserve DN order (Y|N)(*);
CAKEY - CA key file;
CACERT - CA certificate file;
DAYS - Days the certificate will be valid(*);
PASSWD - Password to decrypt priv. CA key(*);
EXTS - Extentions to be used (configuration
section of the openssl.cnf file)(*);
REQTYPE - Request type (NETSCAPE|MSIE)(*);
</PRE>
<P>
<PRE> (*) - Optional parameters;
</PRE>
<P>
<PRE> EXAMPLE:
</PRE>
<P>
<PRE> $openssl->issueCert( REQFILE=>"myreq",
INFORM=>SPKAC,
PRESERVE_DN=>Y,
CAKEY=>$ca/private/cakey.pem,
CACERT=>$ca/cacert.pem,
PASSWD=>$passwd,
REQTYPE=>NETSCAPE );
</PRE>
<P>
<HR>
<H2><A NAME="sub_issueCrl_Issue_a_CRL_">sub issueCrl () - Issue a CRL.</A></H2>
<P>
<PRE> This function is used to issue a CRL. Accepted parameters
are:
</PRE>
<P>
<PRE> CAKEY - CA private key file;
CACERT - CA certificate file;
PASSWD - Password to decrypt priv. CA key(*);
DAYS - Days the CRL will be valid for(*);
EXTS - Extentions to be added ( see the openssl.cnf
pages for more help on this )(*);
OUTFILE - Output file(*);
OUTFORM - Output format (PEM|DER|NET|TXT)(*);
</PRE>
<P>
<PRE> (*) - Optional parameters;
</PRE>
<P>
<PRE> EXAMPLE:
</PRE>
<P>
<PRE> print $openssl->issueCrl( CAKEY=>"$ca/private/cakey.pem",
CACERT=>"$ca/cacert.pem",
DAYS=>7,
OUTFORM=>TXT );
</PRE>
<P>
<HR>
<H2><A NAME="sub_SPKAC_Get_SPKAC_infos_">sub SPKAC () - Get SPKAC infos.</A></H2>
<P>
<PRE> This function returns a text containing all major info
about an spkac structure. Accepted parameters are:
</PRE>
<P>
<PRE> SPKAC - spkac data ( SPKAC = .... ) (*);
INFILE - An spkac request file (*);
OUTFILE - Output file (*);
(*) - Optional parameters;
</PRE>
<P>
<PRE> EXAMPLE:
</PRE>
<P>
<PRE> print $openssl->SPKAC( SPKAC=>$data, OUTFILE=>$target );
</PRE>
<P>
<HR>
<H1><A NAME="AUTHOR">AUTHOR</A></H1>
<P>
Massimiliano Pala <<A
HREF="mailto:madwolf@openca.org">madwolf@openca.org</A>>
<P>
<HR>
<H1><A NAME="SEE_ALSO">SEE ALSO</A></H1>
<P>
OpenCA::X509, OpenCA::CRL, OpenCA::REQ, OpenCA::TRIStateCGI,
OpenCA::Configuration
</BODY>
</HTML>