Crypt-Perl
view release on metacpan - search on metacpan
view release on metacpan or search on metacpan
lib/Crypt/Perl/PKCS10.pm view on Meta::CPAN
package Crypt::Perl::PKCS10;
use strict;
use warnings;
=encoding utf-8
=head1 NAME
Crypt::Perl::PKCS10 - Certificate Signing Request (CSR) creation
=head1 SYNOPSIS
my $pkcs10 = Crypt::Perl::PKCS10->new(
key => $private_key_obj,
subject => [
commonName => 'foo.com',
localityName => 'somewhere',
#...
],
attributes => [
[ 'extensionRequest',
[ 'subjectAltName',
[ dNSName => 'foo.com' ],
[ dNSName => 'bar.com' ],
],
],
],
);
my $der = $pkcs10->to_der();
my $pem = $pkcs10->to_pem();
=head1 DESCRIPTION
This module is for creation of (PKCS #10) certificate signing requests (CSRs).
Right now it supports only a
subset of what L<OpenSSL|http://openssl.org> can create; however, itâs
useful enough for use with many certificate authorities, including
L<ACME|https://ietf-wg-acme.github.io/acme/> services like
L<Letâs Encrypt|http://letsencrypt.org>.
Itâs also a good deal easier to use!
I believe this is the only L<CPAN|http://search.cpan.org> module that
can create CSRs for RSA, ECDSA, and Ed25519 keys. Other encryption schemes
would not be difficult to integrateâbut do any CAs accept them?
=head1 ECDSA KEY FORMAT
After a brief flirtation (cf. v0.13) with producing ECDSA-signed CSRs using
explicit curve parameters, this module produces CSRs using B<named> curves.
Certificate authorities seem to prefer this formatâwhich makes sense since
they only allow certain curves in the first place.
=head1 SIGNATURE DIGEST ALGORITHMS
The signature digest algorithm is
determined based on the passed-in key: for RSA itâs always SHA-512, and for
ECDSA itâs the strongest SHA digest algorithm that the key allows
(e.g., SHA-224 for a 239-bit key, etc.)
If you need additional flexibility, let me know.
(Note that Ed25519 signs an entire document rather than a digest.)
=head1 CLASS METHODS
=head2 new( NAME => VALUE, ... );
Create an instance of this class. Parameters are:
=over 4
view all matches for this distributionview release on metacpan - search on metacpan
( run in 0.717 second using v1.00-cache-2.02-grep-82fe00e-cpan-2cc899e4a130 )