HsOpenSSL-0.11.4.12: Partial OpenSSL binding for Haskell

OpenSSL.PKCS7

Description

An interface to PKCS#7 structure and S/MIME message.

Synopsis

# Types

data Pkcs7 Source #

Pkcs7 represents an abstract PKCS#7 structure. The concrete type of structure is hidden in the object: such polymorphism isn't very haskellish but please get it out of your mind since OpenSSL is written in C.

data Pkcs7Flag Source #

Pkcs7Flag is a set of flags that are used in many operations related to PKCS#7.

Instances

 Source # Methods Source # MethodsshowList :: [Pkcs7Flag] -> ShowS #

Pkcs7VerifyStatus represents a result of PKCS#7 verification. See pkcs7Verify.

Constructors

 Pkcs7VerifySuccess (Maybe String) Nothing if the PKCS#7 signature was a detached signature, and Just content if it wasn't. Pkcs7VerifyFailure

Instances

 Source # Methods Source # MethodsshowList :: [Pkcs7VerifyStatus] -> ShowS #

# Encryption and Signing

Arguments

 :: KeyPair key => X509 certificate to sign with -> key corresponding private key -> [X509] optional additional set of certificates to include in the PKCS#7 structure (for example any intermediate CAs in the chain) -> String data to be signed -> [Pkcs7Flag] An optional set of flags:Pkcs7TextMany S/MIME clients expect the signed content to include valid MIME headers. If the Pkcs7Text flag is set MIME headers for type "text/plain" are prepended to the data.Pkcs7NoCertsIf Pkcs7NoCerts is set the signer's certificate will not be included in the PKCS#7 structure, the signer's certificate must still be supplied in the parameter though. This can reduce the size of the signature if the signer's certificate can be obtained by other means: for example a previously signed message.Pkcs7DetachedThe data being signed is included in the PKCS#7 structure, unless Pkcs7Detached is set in which case it is ommited. This is used for PKCS#7 detached signatures which are used in S/MIME plaintext signed message for example.Pkcs7BinaryNormally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) but if Pkcs7Binary is set no translation occurs. This option should be uesd if the supplied data is in binary format otherwise the translation will corrupt it.Pkcs7NoAttrPkcs7NoSmimeCapThe signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If Pkcs7NoAttr is set then no authenticatedAttributes will be used. If Pkcs7NoSmimeCap is set then just the SMIMECapabilities are omitted. -> IO Pkcs7

pkcs7Sign creates a PKCS#7 signedData structure.

Arguments

 :: Pkcs7 A PKCS#7 structure to verify. -> [X509] Set of certificates in which to search for the signer's certificate. -> X509Store Trusted certificate store (used for chain verification). -> Maybe String Signed data if the content is not present in the PKCS#7 structure (that is it is detached). -> [Pkcs7Flag] An optional set of flags:Pkcs7NoInternIf Pkcs7NoIntern is set the certificates in the message itself are not searched when locating the signer's certificate. This means that all the signers certificates must be in the second argument ([X509]).Pkcs7TextIf the Pkcs7Text flag is set MIME headers for type "text/plain" are deleted from the content. If the content is not of type "text/plain" then an error is returned.Pkcs7NoVerifyIf Pkcs7NoVerify is set the signer's certificates are not chain verified.Pkcs7NoChainIf Pkcs7NoChain is set then the certificates contained in the message are not used as untrusted CAs. This means that the whole verify chain (apart from the signer's certificate) must be contained in the trusted store.Pkcs7NoSigsIf Pkcs7NoSigs is set then the signatures on the data are not checked. -> IO Pkcs7VerifyStatus

pkcs7Verify verifies a PKCS#7 signedData structure.

Arguments

 :: [X509] A list of recipient certificates. -> String The content to be encrypted. -> Cipher The symmetric cipher to use. -> [Pkcs7Flag] An optional set of flags:Pkcs7TextIf the Pkcs7Text flag is set MIME headers for type "text/plain" are prepended to the data.Pkcs7BinaryNormally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if Pkcs7Binary is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If Pkcs7Binary is set then Pkcs7Text is ignored. -> IO Pkcs7

pkcs7Encrypt creates a PKCS#7 envelopedData structure.

Arguments

 :: KeyPair key => Pkcs7 The PKCS#7 structure to decrypt. -> key The private key of the recipient. -> X509 The recipient's certificate. -> [Pkcs7Flag] An optional set of flags:Pkcs7TextIf the Pkcs7Text flag is set MIME headers for type "text/plain" are deleted from the content. If the content is not of type "text/plain" then an error is thrown. -> IO String The decrypted content.

pkcs7Decrypt decrypts content from PKCS#7 envelopedData structure.

# S/MIME

Arguments

 :: Pkcs7 A PKCS#7 structure to be written. -> Maybe String If cleartext signing (multipart/signed) is being used then the signed data must be supplied here. -> [Pkcs7Flag] An optional set of flags:Pkcs7DetachedIf Pkcs7Detached is set then cleartext signing will be used, this option only makes sense for signedData where Pkcs7Detached is also set when pkcs7Sign is also called.Pkcs7TextIf the Pkcs7Text flag is set MIME headers for type "text/plain" are added to the content, this only makes sense if Pkcs7Detached is also set. -> IO String The result S/MIME message.

writeSmime writes PKCS#7 structure to S/MIME message.

Arguments

 :: String The message to be read. -> IO (Pkcs7, Maybe String) (The result PKCS#7 structure, Just content if the PKCS#7 structure was a cleartext signature and Nothing if it wasn't.)

readSmime parses S/MIME message.