License | BSD-style |
---|---|
Maintainer | Olivier Chéron <olivier.cheron@gmail.com> |
Stability | experimental |
Portability | unknown |
Safe Haskell | None |
Language | Haskell2010 |
Cryptographic Message Syntax
- RFC 5652: Cryptographic Message Syntax (CMS)
- RFC 3370: Cryptographic Message Syntax (CMS) Algorithms
- RFC 3560: Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
- RFC 4056: Use of the RSASSA-PSS Signature Algorithm in Cryptographic Message Syntax (CMS)
- RFC 3565: Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax (CMS)
- RFC 5753: Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)
- RFC 5754: Using SHA2 Algorithms with Cryptographic Message Syntax
- RFC 3211: Password-based Encryption for CMS
- RFC 5083: Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type
- RFC 5084: Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)
- RFC 6476: Using Message Authentication Code (MAC) Encryption in the Cryptographic Message Syntax (CMS)
- RFC 8103: Using ChaCha20-Poly1305 Authenticated Encryption in the Cryptographic Message Syntax (CMS)
Synopsis
- data ContentType
- data ContentInfo
- getContentType :: ContentInfo -> ContentType
- readCMSFile :: FilePath -> IO [ContentInfo]
- readCMSFileFromMemory :: ByteString -> [ContentInfo]
- pemToContentInfo :: [Maybe ContentInfo] -> PEM -> [Maybe ContentInfo]
- writeCMSFile :: FilePath -> [ContentInfo] -> IO ()
- writeCMSFileToMemory :: [ContentInfo] -> ByteString
- contentInfoToPEM :: ContentInfo -> PEM
- type SignatureValue = ByteString
- data SignatureAlg
- data SignedData = SignedData {}
- type ProducerOfSI m = ContentType -> ByteString -> m (Either StoreError (SignerInfo, [CertificateChoice], [RevocationInfoChoice]))
- type ConsumerOfSI m = ContentType -> ByteString -> SignerInfo -> [CertificateChoice] -> [RevocationInfoChoice] -> m Bool
- signData :: Applicative f => [ProducerOfSI f] -> ContentInfo -> f (Either StoreError ContentInfo)
- verifySignedData :: Monad m => ConsumerOfSI m -> SignedData -> m (Maybe ContentInfo)
- data SignerInfo = SignerInfo {}
- data SignerIdentifier
- data IssuerAndSerialNumber = IssuerAndSerialNumber {}
- certSigner :: MonadRandom m => SignatureAlg -> PrivKey -> CertificateChain -> Maybe [Attribute] -> [Attribute] -> ProducerOfSI m
- withPublicKey :: Applicative f => PubKey -> ConsumerOfSI f
- withSignerKey :: Applicative f => ConsumerOfSI f
- withSignerCertificate :: Applicative f => (CertificateChain -> f Bool) -> ConsumerOfSI f
- type EncryptedKey = ByteString
- data KeyEncryptionParams
- data KeyTransportParams
- data KeyAgreementParams
- data RecipientInfo
- data EnvelopedData = EnvelopedData {}
- type ProducerOfRI m = ContentEncryptionKey -> m (Either StoreError RecipientInfo)
- type ConsumerOfRI m = RecipientInfo -> m (Either StoreError ContentEncryptionKey)
- envelopData :: Applicative f => OriginatorInfo -> ContentEncryptionKey -> ContentEncryptionParams -> [ProducerOfRI f] -> [Attribute] -> ContentInfo -> f (Either StoreError ContentInfo)
- openEnvelopedData :: Monad m => ConsumerOfRI m -> EnvelopedData -> m (Either StoreError ContentInfo)
- data KTRecipientInfo = KTRecipientInfo {}
- data RecipientIdentifier
- forKeyTransRecipient :: MonadRandom m => SignedCertificate -> KeyTransportParams -> ProducerOfRI m
- withRecipientKeyTrans :: MonadRandom m => PrivKey -> ConsumerOfRI m
- data KARecipientInfo = KARecipientInfo {}
- data OriginatorIdentifierOrKey
- data OriginatorPublicKey
- data RecipientEncryptedKey = RecipientEncryptedKey {}
- data KeyAgreeRecipientIdentifier
- type UserKeyingMaterial = ByteString
- forKeyAgreeRecipient :: MonadRandom m => SignedCertificate -> KeyAgreementParams -> ProducerOfRI m
- withRecipientKeyAgree :: MonadRandom m => PrivKey -> SignedCertificate -> ConsumerOfRI m
- data KEKRecipientInfo = KEKRecipientInfo {}
- data KeyIdentifier = KeyIdentifier {}
- data OtherKeyAttribute = OtherKeyAttribute {}
- type KeyEncryptionKey = ByteString
- forKeyRecipient :: MonadRandom m => KeyEncryptionKey -> KeyIdentifier -> KeyEncryptionParams -> ProducerOfRI m
- withRecipientKey :: Applicative f => KeyEncryptionKey -> ConsumerOfRI f
- data PasswordRecipientInfo = PasswordRecipientInfo {}
- forPasswordRecipient :: MonadRandom m => Password -> KeyDerivationFunc -> KeyEncryptionParams -> ProducerOfRI m
- withRecipientPassword :: Applicative f => Password -> ConsumerOfRI f
- data DigestProxy hashAlg where
- data DigestAlgorithm = HashAlgorithm hashAlg => DigestAlgorithm (DigestProxy hashAlg)
- data DigestedData = HashAlgorithm hashAlg => DigestedData {
- ddDigestAlgorithm :: DigestProxy hashAlg
- ddContentInfo :: ContentInfo
- ddDigest :: Digest hashAlg
- digestData :: DigestAlgorithm -> ContentInfo -> ContentInfo
- digestVerify :: DigestedData -> Maybe ContentInfo
- type ContentEncryptionKey = ByteString
- data ContentEncryptionCipher cipher where
- DES :: ContentEncryptionCipher DES
- DES_EDE2 :: ContentEncryptionCipher DES_EDE2
- DES_EDE3 :: ContentEncryptionCipher DES_EDE3
- AES128 :: ContentEncryptionCipher AES128
- AES192 :: ContentEncryptionCipher AES192
- AES256 :: ContentEncryptionCipher AES256
- CAST5 :: ContentEncryptionCipher CAST5
- Camellia128 :: ContentEncryptionCipher Camellia128
- data ContentEncryptionAlg
- = BlockCipher c => ECB (ContentEncryptionCipher c)
- | BlockCipher c => CBC (ContentEncryptionCipher c)
- | CBC_RC2
- | BlockCipher c => CFB (ContentEncryptionCipher c)
- | BlockCipher c => CTR (ContentEncryptionCipher c)
- data ContentEncryptionParams
- type EncryptedContent = ByteString
- data EncryptedData = EncryptedData {}
- generateEncryptionParams :: MonadRandom m => ContentEncryptionAlg -> m ContentEncryptionParams
- generateRC2EncryptionParams :: MonadRandom m => Int -> m ContentEncryptionParams
- getContentEncryptionAlg :: ContentEncryptionParams -> ContentEncryptionAlg
- encryptData :: ContentEncryptionKey -> ContentEncryptionParams -> [Attribute] -> ContentInfo -> Either StoreError ContentInfo
- decryptData :: ContentEncryptionKey -> EncryptedData -> Either StoreError ContentInfo
- type AuthenticationKey = ContentEncryptionKey
- data MACAlgorithm = HashAlgorithm hashAlg => HMAC (DigestProxy hashAlg)
- type MessageAuthenticationCode = AuthTag
- data AuthenticatedData = AuthenticatedData {}
- generateAuthenticatedData :: Applicative f => OriginatorInfo -> AuthenticationKey -> MACAlgorithm -> Maybe DigestAlgorithm -> [ProducerOfRI f] -> [Attribute] -> [Attribute] -> ContentInfo -> f (Either StoreError ContentInfo)
- verifyAuthenticatedData :: Monad m => ConsumerOfRI m -> AuthenticatedData -> m (Either StoreError ContentInfo)
- data AuthContentEncryptionAlg
- = AUTH_ENC_128
- | AUTH_ENC_256
- | CHACHA20_POLY1305
- | BlockCipher c => CCM (ContentEncryptionCipher c)
- | BlockCipher c => GCM (ContentEncryptionCipher c)
- data AuthContentEncryptionParams
- data AuthEnvelopedData = AuthEnvelopedData {}
- generateAuthEnc128Params :: MonadRandom m => PBKDF2_PRF -> ContentEncryptionAlg -> MACAlgorithm -> m AuthContentEncryptionParams
- generateAuthEnc256Params :: MonadRandom m => PBKDF2_PRF -> ContentEncryptionAlg -> MACAlgorithm -> m AuthContentEncryptionParams
- generateChaChaPoly1305Params :: MonadRandom m => m AuthContentEncryptionParams
- generateCCMParams :: (MonadRandom m, BlockCipher c) => ContentEncryptionCipher c -> CCM_M -> CCM_L -> m AuthContentEncryptionParams
- generateGCMParams :: (MonadRandom m, BlockCipher c) => ContentEncryptionCipher c -> Int -> m AuthContentEncryptionParams
- authEnvelopData :: Applicative f => OriginatorInfo -> ContentEncryptionKey -> AuthContentEncryptionParams -> [ProducerOfRI f] -> [Attribute] -> [Attribute] -> ContentInfo -> f (Either StoreError ContentInfo)
- openAuthEnvelopedData :: Monad m => ConsumerOfRI m -> AuthEnvelopedData -> m (Either StoreError ContentInfo)
- type Salt = ByteString
- generateSalt :: MonadRandom m => Int -> m Salt
- data KeyDerivationFunc
- data PBKDF2_PRF
- class HasKeySize params where
- generateKey :: (HasKeySize params, MonadRandom m, ByteArray key) => params -> m key
- newtype MaskGenerationFunc = MGF1 DigestAlgorithm
- data OAEPParams = OAEPParams {}
- data PSSParams = PSSParams {}
- data Attribute = Attribute {
- attrType :: OID
- attrValues :: [ASN1]
- findAttribute :: OID -> [Attribute] -> Maybe [ASN1]
- setAttribute :: OID -> [ASN1] -> [Attribute] -> [Attribute]
- filterAttributes :: (OID -> Bool) -> [Attribute] -> [Attribute]
- data OriginatorInfo = OriginatorInfo {}
- data CertificateChoice
- data OtherCertificateFormat = OtherCertificateFormat {
- otherCertFormat :: OID
- otherCertValues :: [ASN1]
- data RevocationInfoChoice
- data OtherRevocationInfoFormat = OtherRevocationInfoFormat {}
- data ASN1ObjectExact a
Documentation
data ContentType Source #
CMS content information type.
DataType | Arbitrary octet string |
SignedDataType | Signed content info |
EnvelopedDataType | Enveloped content info |
DigestedDataType | Content info with associated digest |
EncryptedDataType | Encrypted content info |
AuthenticatedDataType | Authenticated content info |
AuthEnvelopedDataType | Authenticated-enveloped content info |
Instances
Eq ContentType Source # | |
Defined in Crypto.Store.CMS.Type (==) :: ContentType -> ContentType -> Bool # (/=) :: ContentType -> ContentType -> Bool # | |
Show ContentType Source # | |
Defined in Crypto.Store.CMS.Type showsPrec :: Int -> ContentType -> ShowS # show :: ContentType -> String # showList :: [ContentType] -> ShowS # | |
OIDable ContentType Source # | |
Defined in Crypto.Store.CMS.Type getObjectID :: ContentType -> OID # | |
OIDNameable ContentType Source # | |
Defined in Crypto.Store.CMS.Type fromObjectID :: OID -> Maybe ContentType # |
data ContentInfo Source #
CMS content information.
DataCI ByteString | Arbitrary octet string |
SignedDataCI SignedData | Signed content info |
EnvelopedDataCI EnvelopedData | Enveloped content info |
DigestedDataCI DigestedData | Content info with associated digest |
EncryptedDataCI EncryptedData | Encrypted content info |
AuthenticatedDataCI AuthenticatedData | Authenticatedcontent info |
AuthEnvelopedDataCI AuthEnvelopedData | Authenticated-enveloped content info |
Instances
Eq ContentInfo Source # | |
Defined in Crypto.Store.CMS.Info (==) :: ContentInfo -> ContentInfo -> Bool # (/=) :: ContentInfo -> ContentInfo -> Bool # | |
Show ContentInfo Source # | |
Defined in Crypto.Store.CMS.Info showsPrec :: Int -> ContentInfo -> ShowS # show :: ContentInfo -> String # showList :: [ContentInfo] -> ShowS # |
getContentType :: ContentInfo -> ContentType Source #
Get the type of a content info.
Reading and writing PEM files
readCMSFile :: FilePath -> IO [ContentInfo] Source #
Read content info elements from a PEM file.
readCMSFileFromMemory :: ByteString -> [ContentInfo] Source #
Read content info elements from a bytearray in PEM format.
pemToContentInfo :: [Maybe ContentInfo] -> PEM -> [Maybe ContentInfo] Source #
Read a content info from a PEM
element and add it to the accumulator
list.
writeCMSFile :: FilePath -> [ContentInfo] -> IO () Source #
Write content info elements to a PEM file.
writeCMSFileToMemory :: [ContentInfo] -> ByteString Source #
Write content info elements to a bytearray in PEM format.
contentInfoToPEM :: ContentInfo -> PEM Source #
Generate PEM for a content info.
Signed data
type SignatureValue = ByteString Source #
Signature value.
data SignatureAlg Source #
CMS signature algorithms and associated parameters.
Instances
Eq SignatureAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms (==) :: SignatureAlg -> SignatureAlg -> Bool # (/=) :: SignatureAlg -> SignatureAlg -> Bool # | |
Show SignatureAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> SignatureAlg -> ShowS # show :: SignatureAlg -> String # showList :: [SignatureAlg] -> ShowS # |
data SignedData Source #
Signed content information.
SignedData | |
|
Instances
Eq SignedData Source # | |
Defined in Crypto.Store.CMS.Info (==) :: SignedData -> SignedData -> Bool # (/=) :: SignedData -> SignedData -> Bool # | |
Show SignedData Source # | |
Defined in Crypto.Store.CMS.Info showsPrec :: Int -> SignedData -> ShowS # show :: SignedData -> String # showList :: [SignedData] -> ShowS # |
type ProducerOfSI m = ContentType -> ByteString -> m (Either StoreError (SignerInfo, [CertificateChoice], [RevocationInfoChoice])) Source #
Function able to produce a SignerInfo
.
type ConsumerOfSI m = ContentType -> ByteString -> SignerInfo -> [CertificateChoice] -> [RevocationInfoChoice] -> m Bool Source #
Function able to consume a SignerInfo
.
signData :: Applicative f => [ProducerOfSI f] -> ContentInfo -> f (Either StoreError ContentInfo) Source #
Add a signed-data layer on the specified content info. The content is
processed by one or several ProducerOfSI
functions to create signer info
elements.
verifySignedData :: Monad m => ConsumerOfSI m -> SignedData -> m (Maybe ContentInfo) Source #
Verify a signed content info using the specified ConsumerOfSI
function.
Verification of at least one signer info must be successful in order to
return the inner content info.
Signer information
data SignerInfo Source #
Information related to a signer of a SignedData
. An
element contains the signature material that was produced.
SignerInfo | |
|
Instances
Eq SignerInfo Source # | |
Defined in Crypto.Store.CMS.Signed (==) :: SignerInfo -> SignerInfo -> Bool # (/=) :: SignerInfo -> SignerInfo -> Bool # | |
Show SignerInfo Source # | |
Defined in Crypto.Store.CMS.Signed showsPrec :: Int -> SignerInfo -> ShowS # show :: SignerInfo -> String # showList :: [SignerInfo] -> ShowS # |
data SignerIdentifier Source #
Union type related to identification of the signer certificate.
SignerIASN IssuerAndSerialNumber | Issuer and Serial Number |
SignerSKI ByteString | Subject Key Identifier |
Instances
Eq SignerIdentifier Source # | |
Defined in Crypto.Store.CMS.Signed (==) :: SignerIdentifier -> SignerIdentifier -> Bool # (/=) :: SignerIdentifier -> SignerIdentifier -> Bool # | |
Show SignerIdentifier Source # | |
Defined in Crypto.Store.CMS.Signed showsPrec :: Int -> SignerIdentifier -> ShowS # show :: SignerIdentifier -> String # showList :: [SignerIdentifier] -> ShowS # |
data IssuerAndSerialNumber Source #
Identification of a certificate using the issuer DN and serial number.
IssuerAndSerialNumber | |
|
Instances
Eq IssuerAndSerialNumber Source # | |
Defined in Crypto.Store.CMS.Enveloped (==) :: IssuerAndSerialNumber -> IssuerAndSerialNumber -> Bool # (/=) :: IssuerAndSerialNumber -> IssuerAndSerialNumber -> Bool # | |
Show IssuerAndSerialNumber Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> IssuerAndSerialNumber -> ShowS # show :: IssuerAndSerialNumber -> String # showList :: [IssuerAndSerialNumber] -> ShowS # |
certSigner :: MonadRandom m => SignatureAlg -> PrivKey -> CertificateChain -> Maybe [Attribute] -> [Attribute] -> ProducerOfSI m Source #
Create a signer info with the specified signature algorithm and credentials.
Two lists of optional attributes can be provided. The attributes will be part of message signature when provided in the first list.
When the first list of attributes is provided, even empty list, signature is
computed from a digest of the content. When the list of attributes is
Nothing
, no intermediate digest is used and the signature is computed from
the full message.
withPublicKey :: Applicative f => PubKey -> ConsumerOfSI f Source #
Verify that the signature was produced from the specified public key. Ignores all certificates and CRLs contained in the signed data.
withSignerKey :: Applicative f => ConsumerOfSI f Source #
Verify that the signature is valid with one of the X.509 certificates contained in the signed data, but does not validate that the certificates are valid. All transmitted certificates are implicitely trusted and all CRLs are ignored.
withSignerCertificate :: Applicative f => (CertificateChain -> f Bool) -> ConsumerOfSI f Source #
Verify that the signature is valid with one of the X.509 certificates contained in the signed data, and verify that the signer certificate is valid using the validation function supplied. All CRLs are ignored.
Enveloped data
type EncryptedKey = ByteString Source #
Encrypted key.
data KeyEncryptionParams Source #
Key encryption algorithm with associated parameters (i.e. the underlying encryption algorithm).
PWRIKEK ContentEncryptionParams | PWRI-KEK key wrap algorithm |
AES128_WRAP | AES-128 key wrap |
AES192_WRAP | AES-192 key wrap |
AES256_WRAP | AES-256 key wrap |
AES128_WRAP_PAD | AES-128 extended key wrap |
AES192_WRAP_PAD | AES-192 extended key wrap |
AES256_WRAP_PAD | AES-256 extended key wrap |
DES_EDE3_WRAP | Triple-DES key wrap |
RC2_WRAP Int | RC2 key wrap with effective key length |
Instances
Eq KeyEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms (==) :: KeyEncryptionParams -> KeyEncryptionParams -> Bool # (/=) :: KeyEncryptionParams -> KeyEncryptionParams -> Bool # | |
Show KeyEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> KeyEncryptionParams -> ShowS # show :: KeyEncryptionParams -> String # showList :: [KeyEncryptionParams] -> ShowS # | |
HasKeySize KeyEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms |
data KeyTransportParams Source #
Key transport algorithm with associated parameters.
RSAES | RSAES-PKCS1 |
RSAESOAEP OAEPParams | RSAES-OAEP |
Instances
Eq KeyTransportParams Source # | |
Defined in Crypto.Store.CMS.Algorithms (==) :: KeyTransportParams -> KeyTransportParams -> Bool # (/=) :: KeyTransportParams -> KeyTransportParams -> Bool # | |
Show KeyTransportParams Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> KeyTransportParams -> ShowS # show :: KeyTransportParams -> String # showList :: [KeyTransportParams] -> ShowS # |
data KeyAgreementParams Source #
Key agreement algorithm with associated parameters.
StdDH DigestAlgorithm KeyEncryptionParams | 1-Pass D-H with Stardard ECDH |
CofactorDH DigestAlgorithm KeyEncryptionParams | 1-Pass D-H with Cofactor ECDH |
Instances
Eq KeyAgreementParams Source # | |
Defined in Crypto.Store.CMS.Algorithms (==) :: KeyAgreementParams -> KeyAgreementParams -> Bool # (/=) :: KeyAgreementParams -> KeyAgreementParams -> Bool # | |
Show KeyAgreementParams Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> KeyAgreementParams -> ShowS # show :: KeyAgreementParams -> String # showList :: [KeyAgreementParams] -> ShowS # |
data RecipientInfo Source #
Information for a recipient of an EnvelopedData
. An element contains
the content-encryption key in encrypted form.
KTRI KTRecipientInfo | Recipient using key transport |
KARI KARecipientInfo | Recipient using key agreement |
KEKRI KEKRecipientInfo | Recipient using key encryption |
PasswordRI PasswordRecipientInfo | Recipient using password-based protection |
Instances
Eq RecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped (==) :: RecipientInfo -> RecipientInfo -> Bool # (/=) :: RecipientInfo -> RecipientInfo -> Bool # | |
Show RecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> RecipientInfo -> ShowS # show :: RecipientInfo -> String # showList :: [RecipientInfo] -> ShowS # |
data EnvelopedData Source #
Enveloped content information.
EnvelopedData | |
|
Instances
Eq EnvelopedData Source # | |
Defined in Crypto.Store.CMS.Enveloped (==) :: EnvelopedData -> EnvelopedData -> Bool # (/=) :: EnvelopedData -> EnvelopedData -> Bool # | |
Show EnvelopedData Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> EnvelopedData -> ShowS # show :: EnvelopedData -> String # showList :: [EnvelopedData] -> ShowS # |
type ProducerOfRI m = ContentEncryptionKey -> m (Either StoreError RecipientInfo) Source #
Function able to produce a RecipientInfo
.
type ConsumerOfRI m = RecipientInfo -> m (Either StoreError ContentEncryptionKey) Source #
Function able to consume a RecipientInfo
.
envelopData :: Applicative f => OriginatorInfo -> ContentEncryptionKey -> ContentEncryptionParams -> [ProducerOfRI f] -> [Attribute] -> ContentInfo -> f (Either StoreError ContentInfo) Source #
Add an enveloped-data layer on the specified content info. The content is
encrypted with specified key and algorithm. The key is then processed by
one or several ProducerOfRI
functions to create recipient info elements.
Some optional attributes can be added but will not be encrypted.
openEnvelopedData :: Monad m => ConsumerOfRI m -> EnvelopedData -> m (Either StoreError ContentInfo) Source #
Recover an enveloped content info using the specified ConsumerOfRI
function.
Key Transport recipients
data KTRecipientInfo Source #
Recipient using key transport.
KTRecipientInfo | |
|
Instances
Eq KTRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped (==) :: KTRecipientInfo -> KTRecipientInfo -> Bool # (/=) :: KTRecipientInfo -> KTRecipientInfo -> Bool # | |
Show KTRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> KTRecipientInfo -> ShowS # show :: KTRecipientInfo -> String # showList :: [KTRecipientInfo] -> ShowS # |
data RecipientIdentifier Source #
Union type related to identification of the recipient.
RecipientIASN IssuerAndSerialNumber | Issuer and Serial Number |
RecipientSKI ByteString | Subject Key Identifier |
Instances
Eq RecipientIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped (==) :: RecipientIdentifier -> RecipientIdentifier -> Bool # (/=) :: RecipientIdentifier -> RecipientIdentifier -> Bool # | |
Show RecipientIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> RecipientIdentifier -> ShowS # show :: RecipientIdentifier -> String # showList :: [RecipientIdentifier] -> ShowS # |
forKeyTransRecipient :: MonadRandom m => SignedCertificate -> KeyTransportParams -> ProducerOfRI m Source #
Generate a Key Transport recipient from a certificate and desired algorithm. The recipient will contain certificate identifier.
This function can be used as parameter to envelopData
.
withRecipientKeyTrans :: MonadRandom m => PrivKey -> ConsumerOfRI m Source #
Use a Key Transport recipient, knowing the private key.
This function can be used as parameter to
openEnvelopedData
.
Key Agreement recipients
data KARecipientInfo Source #
Recipient using key agreement.
KARecipientInfo | |
|
Instances
Eq KARecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped (==) :: KARecipientInfo -> KARecipientInfo -> Bool # (/=) :: KARecipientInfo -> KARecipientInfo -> Bool # | |
Show KARecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> KARecipientInfo -> ShowS # show :: KARecipientInfo -> String # showList :: [KARecipientInfo] -> ShowS # |
data OriginatorIdentifierOrKey Source #
Union type related to identification of the originator.
OriginatorIASN IssuerAndSerialNumber | Issuer and Serial Number |
OriginatorSKI ByteString | Subject Key Identifier |
OriginatorPublic OriginatorPublicKey | Anonymous public key |
Instances
Eq OriginatorIdentifierOrKey Source # | |
Defined in Crypto.Store.CMS.Enveloped | |
Show OriginatorIdentifierOrKey Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> OriginatorIdentifierOrKey -> ShowS # show :: OriginatorIdentifierOrKey -> String # showList :: [OriginatorIdentifierOrKey] -> ShowS # |
data OriginatorPublicKey Source #
Originator public key used for key-agreement. Contrary to PubKey
the
domain parameters are not used and may be left empty.
Instances
Eq OriginatorPublicKey Source # | |
Defined in Crypto.Store.CMS.Enveloped (==) :: OriginatorPublicKey -> OriginatorPublicKey -> Bool # (/=) :: OriginatorPublicKey -> OriginatorPublicKey -> Bool # | |
Show OriginatorPublicKey Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> OriginatorPublicKey -> ShowS # show :: OriginatorPublicKey -> String # showList :: [OriginatorPublicKey] -> ShowS # |
data RecipientEncryptedKey Source #
Encrypted key for a recipient in a key-agreement RI.
RecipientEncryptedKey | |
|
Instances
Eq RecipientEncryptedKey Source # | |
Defined in Crypto.Store.CMS.Enveloped (==) :: RecipientEncryptedKey -> RecipientEncryptedKey -> Bool # (/=) :: RecipientEncryptedKey -> RecipientEncryptedKey -> Bool # | |
Show RecipientEncryptedKey Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> RecipientEncryptedKey -> ShowS # show :: RecipientEncryptedKey -> String # showList :: [RecipientEncryptedKey] -> ShowS # |
data KeyAgreeRecipientIdentifier Source #
Union type related to identification of a key-agreement recipient.
KeyAgreeRecipientIASN IssuerAndSerialNumber | Issuer and Serial Number |
KeyAgreeRecipientKI KeyIdentifier | Key identifier |
Instances
Eq KeyAgreeRecipientIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped | |
Show KeyAgreeRecipientIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> KeyAgreeRecipientIdentifier -> ShowS # show :: KeyAgreeRecipientIdentifier -> String # showList :: [KeyAgreeRecipientIdentifier] -> ShowS # |
type UserKeyingMaterial = ByteString Source #
User keying material.
forKeyAgreeRecipient :: MonadRandom m => SignedCertificate -> KeyAgreementParams -> ProducerOfRI m Source #
Generate a Key Agreement recipient from a certificate and desired algorithm. The recipient info will contain an ephemeral public key.
This function can be used as parameter to envelopData
.
To avoid decreasing the security strength, Key Encryption parameters should use a key size equal or greater than the content encryption key.
withRecipientKeyAgree :: MonadRandom m => PrivKey -> SignedCertificate -> ConsumerOfRI m Source #
Use a Key Agreement recipient, knowing the recipient private key. The recipient certificate is also required to locate which encrypted key to use.
This function can be used as parameter to
openEnvelopedData
.
Key Encryption Key recipients
data KEKRecipientInfo Source #
Recipient using key encryption.
KEKRecipientInfo | |
|
Instances
Eq KEKRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped (==) :: KEKRecipientInfo -> KEKRecipientInfo -> Bool # (/=) :: KEKRecipientInfo -> KEKRecipientInfo -> Bool # | |
Show KEKRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> KEKRecipientInfo -> ShowS # show :: KEKRecipientInfo -> String # showList :: [KEKRecipientInfo] -> ShowS # |
data KeyIdentifier Source #
Key identifier and optional attributes.
KeyIdentifier | |
|
Instances
Eq KeyIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped (==) :: KeyIdentifier -> KeyIdentifier -> Bool # (/=) :: KeyIdentifier -> KeyIdentifier -> Bool # | |
Show KeyIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> KeyIdentifier -> ShowS # show :: KeyIdentifier -> String # showList :: [KeyIdentifier] -> ShowS # |
data OtherKeyAttribute Source #
Additional information in a KeyIdentifier
.
Instances
Eq OtherKeyAttribute Source # | |
Defined in Crypto.Store.CMS.Enveloped (==) :: OtherKeyAttribute -> OtherKeyAttribute -> Bool # (/=) :: OtherKeyAttribute -> OtherKeyAttribute -> Bool # | |
Show OtherKeyAttribute Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> OtherKeyAttribute -> ShowS # show :: OtherKeyAttribute -> String # showList :: [OtherKeyAttribute] -> ShowS # |
type KeyEncryptionKey = ByteString Source #
Key used for key encryption.
forKeyRecipient :: MonadRandom m => KeyEncryptionKey -> KeyIdentifier -> KeyEncryptionParams -> ProducerOfRI m Source #
Generate a Key Encryption Key recipient from a key encryption key and desired algorithm. The recipient may identify the KEK that was used with the supplied identifier.
This function can be used as parameter to envelopData
.
To avoid decreasing the security strength, Key Encryption parameters should use a key size equal or greater than the content encryption key.
withRecipientKey :: Applicative f => KeyEncryptionKey -> ConsumerOfRI f Source #
Use a Key Encryption Key recipient, knowing the key encryption key.
This function can be used as parameter to
openEnvelopedData
.
Password recipients
data PasswordRecipientInfo Source #
Recipient using password-based protection.
PasswordRecipientInfo | |
|
Instances
Eq PasswordRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped (==) :: PasswordRecipientInfo -> PasswordRecipientInfo -> Bool # (/=) :: PasswordRecipientInfo -> PasswordRecipientInfo -> Bool # | |
Show PasswordRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped showsPrec :: Int -> PasswordRecipientInfo -> ShowS # show :: PasswordRecipientInfo -> String # showList :: [PasswordRecipientInfo] -> ShowS # |
forPasswordRecipient :: MonadRandom m => Password -> KeyDerivationFunc -> KeyEncryptionParams -> ProducerOfRI m Source #
Generate a password recipient from a password.
This function can be used as parameter to envelopData
.
withRecipientPassword :: Applicative f => Password -> ConsumerOfRI f Source #
Use a password recipient, knowing the password.
This function can be used as parameter to
openEnvelopedData
.
Digested data
data DigestProxy hashAlg where Source #
CMS digest proxy. Acts like Proxy
, i.e. provides a hash
algorithm as type parameter. The GADT constructors map to known algorithms.
MD2 :: DigestProxy MD2 | MD2 |
MD4 :: DigestProxy MD4 | MD4 |
MD5 :: DigestProxy MD5 | MD5 |
SHA1 :: DigestProxy SHA1 | SHA-1 |
SHA224 :: DigestProxy SHA224 | SHA-224 |
SHA256 :: DigestProxy SHA256 | SHA-256 |
SHA384 :: DigestProxy SHA384 | SHA-384 |
SHA512 :: DigestProxy SHA512 | SHA-512 |
Instances
Eq (DigestProxy hashAlg) Source # | |
Defined in Crypto.Store.CMS.Algorithms (==) :: DigestProxy hashAlg -> DigestProxy hashAlg -> Bool # (/=) :: DigestProxy hashAlg -> DigestProxy hashAlg -> Bool # | |
Show (DigestProxy hashAlg) Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> DigestProxy hashAlg -> ShowS # show :: DigestProxy hashAlg -> String # showList :: [DigestProxy hashAlg] -> ShowS # |
data DigestAlgorithm Source #
CMS digest algorithm.
HashAlgorithm hashAlg => DigestAlgorithm (DigestProxy hashAlg) |
Instances
Eq DigestAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms (==) :: DigestAlgorithm -> DigestAlgorithm -> Bool # (/=) :: DigestAlgorithm -> DigestAlgorithm -> Bool # | |
Show DigestAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> DigestAlgorithm -> ShowS # show :: DigestAlgorithm -> String # showList :: [DigestAlgorithm] -> ShowS # | |
OIDable DigestAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms getObjectID :: DigestAlgorithm -> OID # | |
OIDNameable DigestAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms fromObjectID :: OID -> Maybe DigestAlgorithm # |
data DigestedData Source #
Digested content information.
HashAlgorithm hashAlg => DigestedData | |
|
Instances
Eq DigestedData Source # | |
Defined in Crypto.Store.CMS.Info (==) :: DigestedData -> DigestedData -> Bool # (/=) :: DigestedData -> DigestedData -> Bool # | |
Show DigestedData Source # | |
Defined in Crypto.Store.CMS.Info showsPrec :: Int -> DigestedData -> ShowS # show :: DigestedData -> String # showList :: [DigestedData] -> ShowS # |
digestData :: DigestAlgorithm -> ContentInfo -> ContentInfo Source #
Add a digested-data layer on the specified content info.
digestVerify :: DigestedData -> Maybe ContentInfo Source #
Return the inner content info but only if the digest is valid.
Encrypted data
type ContentEncryptionKey = ByteString Source #
Key used for content encryption.
data ContentEncryptionCipher cipher where Source #
CMS content encryption cipher.
DES :: ContentEncryptionCipher DES | DES |
DES_EDE2 :: ContentEncryptionCipher DES_EDE2 | Triple-DES with 2 keys used in alternative direction |
DES_EDE3 :: ContentEncryptionCipher DES_EDE3 | Triple-DES with 3 keys used in alternative direction |
AES128 :: ContentEncryptionCipher AES128 | AES with 128-bit key |
AES192 :: ContentEncryptionCipher AES192 | AES with 192-bit key |
AES256 :: ContentEncryptionCipher AES256 | AES with 256-bit key |
CAST5 :: ContentEncryptionCipher CAST5 | CAST5 (aka CAST-128) with key between 40 and 128 bits |
Camellia128 :: ContentEncryptionCipher Camellia128 | Camellia with 128-bit key |
Instances
Eq (ContentEncryptionCipher cipher) Source # | |
Defined in Crypto.Store.CMS.Algorithms (==) :: ContentEncryptionCipher cipher -> ContentEncryptionCipher cipher -> Bool # (/=) :: ContentEncryptionCipher cipher -> ContentEncryptionCipher cipher -> Bool # | |
Show (ContentEncryptionCipher cipher) Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> ContentEncryptionCipher cipher -> ShowS # show :: ContentEncryptionCipher cipher -> String # showList :: [ContentEncryptionCipher cipher] -> ShowS # |
data ContentEncryptionAlg Source #
Cipher and mode of operation for content encryption.
BlockCipher c => ECB (ContentEncryptionCipher c) | Electronic Codebook |
BlockCipher c => CBC (ContentEncryptionCipher c) | Cipher Block Chaining |
CBC_RC2 | RC2 in CBC mode |
BlockCipher c => CFB (ContentEncryptionCipher c) | Cipher Feedback |
BlockCipher c => CTR (ContentEncryptionCipher c) | Counter |
Instances
Show ContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> ContentEncryptionAlg -> ShowS # show :: ContentEncryptionAlg -> String # showList :: [ContentEncryptionAlg] -> ShowS # | |
OIDable ContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms getObjectID :: ContentEncryptionAlg -> OID # | |
OIDNameable ContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms |
data ContentEncryptionParams Source #
Content encryption algorithm with associated parameters (i.e. the initialization vector).
A value can be generated with generateEncryptionParams
.
Instances
Eq ContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms | |
Show ContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> ContentEncryptionParams -> ShowS # show :: ContentEncryptionParams -> String # showList :: [ContentEncryptionParams] -> ShowS # | |
HasKeySize ContentEncryptionParams Source # | |
type EncryptedContent = ByteString Source #
Encrypted content.
data EncryptedData Source #
Encrypted content information.
EncryptedData | |
|
Instances
Eq EncryptedData Source # | |
Defined in Crypto.Store.CMS.Encrypted (==) :: EncryptedData -> EncryptedData -> Bool # (/=) :: EncryptedData -> EncryptedData -> Bool # | |
Show EncryptedData Source # | |
Defined in Crypto.Store.CMS.Encrypted showsPrec :: Int -> EncryptedData -> ShowS # show :: EncryptedData -> String # showList :: [EncryptedData] -> ShowS # |
generateEncryptionParams :: MonadRandom m => ContentEncryptionAlg -> m ContentEncryptionParams Source #
Generate random parameters for the specified content encryption algorithm.
generateRC2EncryptionParams :: MonadRandom m => Int -> m ContentEncryptionParams Source #
Generate random RC2 parameters with the specified effective key length (in bits).
getContentEncryptionAlg :: ContentEncryptionParams -> ContentEncryptionAlg Source #
Get the content encryption algorithm.
encryptData :: ContentEncryptionKey -> ContentEncryptionParams -> [Attribute] -> ContentInfo -> Either StoreError ContentInfo Source #
Add an encrypted-data layer on the specified content info. The content is encrypted with specified key and algorithm.
Some optional attributes can be added but will not be encrypted.
decryptData :: ContentEncryptionKey -> EncryptedData -> Either StoreError ContentInfo Source #
Decrypt an encrypted content info using the specified key.
Authenticated data
type AuthenticationKey = ContentEncryptionKey Source #
Key used for authentication.
data MACAlgorithm Source #
Message Authentication Code (MAC) Algorithm.
HashAlgorithm hashAlg => HMAC (DigestProxy hashAlg) |
Instances
Eq MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms (==) :: MACAlgorithm -> MACAlgorithm -> Bool # (/=) :: MACAlgorithm -> MACAlgorithm -> Bool # | |
Show MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> MACAlgorithm -> ShowS # show :: MACAlgorithm -> String # showList :: [MACAlgorithm] -> ShowS # | |
OIDable MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms getObjectID :: MACAlgorithm -> OID # | |
OIDNameable MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms fromObjectID :: OID -> Maybe MACAlgorithm # | |
HasKeySize MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms |
type MessageAuthenticationCode = AuthTag Source #
Message authentication code. Equality is time constant.
data AuthenticatedData Source #
Authenticated content information.
AuthenticatedData | |
|
Instances
Eq AuthenticatedData Source # | |
Defined in Crypto.Store.CMS.Info (==) :: AuthenticatedData -> AuthenticatedData -> Bool # (/=) :: AuthenticatedData -> AuthenticatedData -> Bool # | |
Show AuthenticatedData Source # | |
Defined in Crypto.Store.CMS.Info showsPrec :: Int -> AuthenticatedData -> ShowS # show :: AuthenticatedData -> String # showList :: [AuthenticatedData] -> ShowS # |
generateAuthenticatedData :: Applicative f => OriginatorInfo -> AuthenticationKey -> MACAlgorithm -> Maybe DigestAlgorithm -> [ProducerOfRI f] -> [Attribute] -> [Attribute] -> ContentInfo -> f (Either StoreError ContentInfo) Source #
Add an authenticated-data layer on the specified content info. The content
is MACed with the specified key and algorithms. The key is then processed by
one or several ProducerOfRI
functions to create recipient info elements.
Two lists of optional attributes can be provided. The attributes will be part of message authentication when provided in the first list.
verifyAuthenticatedData :: Monad m => ConsumerOfRI m -> AuthenticatedData -> m (Either StoreError ContentInfo) Source #
Verify the integrity of an authenticated content info using the specified
ConsumerOfRI
function. The inner content info is returned only if the MAC
could be verified.
Authenticated-enveloped data
data AuthContentEncryptionAlg Source #
Cipher and mode of operation for authenticated-content encryption.
AUTH_ENC_128 | authEnc with 128-bit key |
AUTH_ENC_256 | authEnc with 256-bit key |
CHACHA20_POLY1305 | ChaCha20-Poly1305 Authenticated Encryption |
BlockCipher c => CCM (ContentEncryptionCipher c) | Counter with CBC-MAC |
BlockCipher c => GCM (ContentEncryptionCipher c) | Galois Counter Mode |
Instances
Show AuthContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> AuthContentEncryptionAlg -> ShowS # show :: AuthContentEncryptionAlg -> String # showList :: [AuthContentEncryptionAlg] -> ShowS # | |
OIDable AuthContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms | |
OIDNameable AuthContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms |
data AuthContentEncryptionParams Source #
Authenticated-content encryption algorithm with associated parameters (i.e. the nonce).
A value can be generated with functions generateAuthEnc128Params
,
generateAuthEnc256Params
, generateChaChaPoly1305Params
,
generateCCMParams
and generateGCMParams
.
Instances
data AuthEnvelopedData Source #
Authenticated-enveloped content information.
AuthEnvelopedData | |
|
Instances
Eq AuthEnvelopedData Source # | |
Defined in Crypto.Store.CMS.AuthEnveloped (==) :: AuthEnvelopedData -> AuthEnvelopedData -> Bool # (/=) :: AuthEnvelopedData -> AuthEnvelopedData -> Bool # | |
Show AuthEnvelopedData Source # | |
Defined in Crypto.Store.CMS.AuthEnveloped showsPrec :: Int -> AuthEnvelopedData -> ShowS # show :: AuthEnvelopedData -> String # showList :: [AuthEnvelopedData] -> ShowS # |
generateAuthEnc128Params :: MonadRandom m => PBKDF2_PRF -> ContentEncryptionAlg -> MACAlgorithm -> m AuthContentEncryptionParams Source #
Generate random AUTH_ENC_128
parameters with the specified algorithms.
generateAuthEnc256Params :: MonadRandom m => PBKDF2_PRF -> ContentEncryptionAlg -> MACAlgorithm -> m AuthContentEncryptionParams Source #
Generate random AUTH_ENC_256
parameters with the specified algorithms.
generateChaChaPoly1305Params :: MonadRandom m => m AuthContentEncryptionParams Source #
Generate random CHACHA20_POLY1305
parameters.
generateCCMParams :: (MonadRandom m, BlockCipher c) => ContentEncryptionCipher c -> CCM_M -> CCM_L -> m AuthContentEncryptionParams Source #
Generate random CCM
parameters for the specified cipher.
generateGCMParams :: (MonadRandom m, BlockCipher c) => ContentEncryptionCipher c -> Int -> m AuthContentEncryptionParams Source #
Generate random GCM
parameters for the specified cipher.
authEnvelopData :: Applicative f => OriginatorInfo -> ContentEncryptionKey -> AuthContentEncryptionParams -> [ProducerOfRI f] -> [Attribute] -> [Attribute] -> ContentInfo -> f (Either StoreError ContentInfo) Source #
Add an authenticated-enveloped-data layer on the specified content info.
The content is encrypted with specified key and algorithm. The key is then
processed by one or several ProducerOfRI
functions to create recipient info
elements.
Some attributes can be added but will not be encrypted. The attributes will be part of message authentication when provided in the first list.
openAuthEnvelopedData :: Monad m => ConsumerOfRI m -> AuthEnvelopedData -> m (Either StoreError ContentInfo) Source #
Recover an authenticated-enveloped content info using the specified
ConsumerOfRI
function.
Key derivation
type Salt = ByteString Source #
Salt value used for key derivation.
generateSalt :: MonadRandom m => Int -> m Salt Source #
Generate a random salt with the specified length in bytes. To be most effective, the length should be at least 8 bytes.
data KeyDerivationFunc Source #
Key derivation algorithm and associated parameters.
PBKDF2 | Key derivation with PBKDF2 |
| |
Scrypt | Key derivation with Scrypt |
Instances
Eq KeyDerivationFunc Source # | |
Defined in Crypto.Store.CMS.Algorithms (==) :: KeyDerivationFunc -> KeyDerivationFunc -> Bool # (/=) :: KeyDerivationFunc -> KeyDerivationFunc -> Bool # | |
Show KeyDerivationFunc Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> KeyDerivationFunc -> ShowS # show :: KeyDerivationFunc -> String # showList :: [KeyDerivationFunc] -> ShowS # |
data PBKDF2_PRF Source #
Pseudorandom function used for PBKDF2.
PBKDF2_SHA1 | hmacWithSHA1 |
PBKDF2_SHA256 | hmacWithSHA256 |
PBKDF2_SHA512 | hmacWithSHA512 |
Instances
Eq PBKDF2_PRF Source # | |
Defined in Crypto.Store.CMS.Algorithms (==) :: PBKDF2_PRF -> PBKDF2_PRF -> Bool # (/=) :: PBKDF2_PRF -> PBKDF2_PRF -> Bool # | |
Show PBKDF2_PRF Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> PBKDF2_PRF -> ShowS # show :: PBKDF2_PRF -> String # showList :: [PBKDF2_PRF] -> ShowS # | |
OIDable PBKDF2_PRF Source # | |
Defined in Crypto.Store.CMS.Algorithms getObjectID :: PBKDF2_PRF -> OID # | |
OIDNameable PBKDF2_PRF Source # | |
Defined in Crypto.Store.CMS.Algorithms fromObjectID :: OID -> Maybe PBKDF2_PRF # |
Secret-key algorithms
class HasKeySize params where Source #
Algorithms that are based on a secret key. This includes ciphers but also MAC algorithms.
getKeySizeSpecifier :: params -> KeySizeSpecifier Source #
Get a specification of the key sizes allowed by the algorithm.
generateKey :: (HasKeySize params, MonadRandom m, ByteArray key) => params -> m key Source #
Generate a random key suitable for the specified algorithm. This uses the maximum size allowed by the parameters.
RSA padding modes
newtype MaskGenerationFunc Source #
Mask Generation Functions (MGF) and associated parameters.
Instances
Eq MaskGenerationFunc Source # | |
Defined in Crypto.Store.CMS.Algorithms (==) :: MaskGenerationFunc -> MaskGenerationFunc -> Bool # (/=) :: MaskGenerationFunc -> MaskGenerationFunc -> Bool # | |
Show MaskGenerationFunc Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> MaskGenerationFunc -> ShowS # show :: MaskGenerationFunc -> String # showList :: [MaskGenerationFunc] -> ShowS # |
data OAEPParams Source #
Encryption parameters for RSAES-OAEP.
OAEPParams | |
|
Instances
Eq OAEPParams Source # | |
Defined in Crypto.Store.CMS.Algorithms (==) :: OAEPParams -> OAEPParams -> Bool # (/=) :: OAEPParams -> OAEPParams -> Bool # | |
Show OAEPParams Source # | |
Defined in Crypto.Store.CMS.Algorithms showsPrec :: Int -> OAEPParams -> ShowS # show :: OAEPParams -> String # showList :: [OAEPParams] -> ShowS # |
Signature parameters for RSASSA-PSS.
PSSParams | |
|
CMS attributes
An attribute extending the parent structure with arbitrary data.
Attribute | |
|
findAttribute :: OID -> [Attribute] -> Maybe [ASN1] Source #
Return the values for the first attribute with the specified type.
setAttribute :: OID -> [ASN1] -> [Attribute] -> [Attribute] Source #
Add or replace an attribute in a list of attributes.
filterAttributes :: (OID -> Bool) -> [Attribute] -> [Attribute] Source #
Filter a list of attributes based on a predicate applied to attribute type.
Originator information
data OriginatorInfo Source #
Information about the originator of the content info, to be used when a key management algorithm requires this information.
OriginatorInfo | |
|
Instances
Eq OriginatorInfo Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo (==) :: OriginatorInfo -> OriginatorInfo -> Bool # (/=) :: OriginatorInfo -> OriginatorInfo -> Bool # | |
Show OriginatorInfo Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo showsPrec :: Int -> OriginatorInfo -> ShowS # show :: OriginatorInfo -> String # showList :: [OriginatorInfo] -> ShowS # | |
Semigroup OriginatorInfo Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo (<>) :: OriginatorInfo -> OriginatorInfo -> OriginatorInfo # sconcat :: NonEmpty OriginatorInfo -> OriginatorInfo # stimes :: Integral b => b -> OriginatorInfo -> OriginatorInfo # | |
Monoid OriginatorInfo Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo mappend :: OriginatorInfo -> OriginatorInfo -> OriginatorInfo # mconcat :: [OriginatorInfo] -> OriginatorInfo # |
data CertificateChoice Source #
Union type related to certificate formats.
CertificateCertificate SignedCertificate | X.509 certificate |
CertificateOther OtherCertificateFormat | Other format |
Instances
Eq CertificateChoice Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo (==) :: CertificateChoice -> CertificateChoice -> Bool # (/=) :: CertificateChoice -> CertificateChoice -> Bool # | |
Show CertificateChoice Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo showsPrec :: Int -> CertificateChoice -> ShowS # show :: CertificateChoice -> String # showList :: [CertificateChoice] -> ShowS # |
data OtherCertificateFormat Source #
Certificate information in a format not supported natively.
OtherCertificateFormat | |
|
Instances
Eq OtherCertificateFormat Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo | |
Show OtherCertificateFormat Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo showsPrec :: Int -> OtherCertificateFormat -> ShowS # show :: OtherCertificateFormat -> String # showList :: [OtherCertificateFormat] -> ShowS # |
data RevocationInfoChoice Source #
Union type related to revocation info formats.
RevocationInfoCRL SignedCRL | A CRL, ARL, Delta CRL, or an ACRL |
RevocationInfoOther OtherRevocationInfoFormat | Other format |
Instances
Eq RevocationInfoChoice Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo (==) :: RevocationInfoChoice -> RevocationInfoChoice -> Bool # (/=) :: RevocationInfoChoice -> RevocationInfoChoice -> Bool # | |
Show RevocationInfoChoice Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo showsPrec :: Int -> RevocationInfoChoice -> ShowS # show :: RevocationInfoChoice -> String # showList :: [RevocationInfoChoice] -> ShowS # |
data OtherRevocationInfoFormat Source #
Revocation information in a format not supported natively.
OtherRevocationInfoFormat | |
|
Instances
Eq OtherRevocationInfoFormat Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo | |
Show OtherRevocationInfoFormat Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo showsPrec :: Int -> OtherRevocationInfoFormat -> ShowS # show :: OtherRevocationInfoFormat -> String # showList :: [OtherRevocationInfoFormat] -> ShowS # |
ASN.1 representation
data ASN1ObjectExact a Source #
An ASN.1 object associated with the raw data it was parsed from.
Instances
Eq a => Eq (ASN1ObjectExact a) Source # | |
Defined in Crypto.Store.CMS.Util (==) :: ASN1ObjectExact a -> ASN1ObjectExact a -> Bool # (/=) :: ASN1ObjectExact a -> ASN1ObjectExact a -> Bool # | |
Show a => Show (ASN1ObjectExact a) Source # | |
Defined in Crypto.Store.CMS.Util showsPrec :: Int -> ASN1ObjectExact a -> ShowS # show :: ASN1ObjectExact a -> String # showList :: [ASN1ObjectExact a] -> ShowS # |