|
NAMECrypt::Perl::PKCS10 - Certificate Signing Request (CSR) creationSYNOPSISmy $pkcs10 = Crypt::Perl::PKCS10->new( key => $private_key_obj, subject => [ commonName => 'foo.com', localityName => 'somewhere', #... ], attributes => [ [ 'extensionRequest', [ 'subjectAltName', [ dNSName => 'foo.com' ], [ dNSName => 'bar.com' ], ], ], ], ); my $der = $pkcs10->to_der(); my $pem = $pkcs10->to_pem(); DESCRIPTIONThis module is for creation of (PKCS #10) certificate signing requests (CSRs). Right now it supports only a subset of what OpenSSL <http://openssl.org> can create; however, it’s useful enough for use with many certificate authorities, including ACME <https://ietf-wg-acme.github.io/acme/> services like Let’s Encrypt <http://letsencrypt.org>.It’s also a good deal easier to use! I believe this is the only CPAN <http://search.cpan.org> module that can create CSRs for RSA, ECDSA, and Ed25519 keys. Other encryption schemes would not be difficult to integrate—but do any CAs accept them? ECDSA KEY FORMATAfter a brief flirtation (cf. v0.13) with producing ECDSA-signed CSRs using explicit curve parameters, this module produces CSRs using named curves. Certificate authorities seem to prefer this format—which makes sense since they only allow certain curves in the first place.SIGNATURE DIGEST ALGORITHMSThe signature digest algorithm is determined based on the passed-in key: for RSA it’s always SHA-512, and for ECDSA it’s the strongest SHA digest algorithm that the key allows (e.g., SHA-224 for a 239-bit key, etc.)If you need additional flexibility, let me know. (Note that Ed25519 signs an entire document rather than a digest.) CLASS METHODSnew( NAME => VALUE, ... );Create an instance of this class. Parameters are:
TODOLet me know what features you would find useful, ideally with a representative sample CSR that demonstrates the requested feature. (Or, better yet, send me a pull request!)SEE ALSO
Visit the GSP FreeBSD Man Page Interface. |