| License | BSD-style |
|---|---|
| Maintainer | Olivier Chéron <olivier.cheron@gmail.com> |
| Stability | experimental |
| Portability | unknown |
| Safe Haskell | None |
| Language | Haskell2010 |
Crypto.Store.CMS
Contents
Description
Cryptographic Message Syntax
- RFC 5652: Cryptographic Message Syntax (CMS)
- RFC 3370: Cryptographic Message Syntax (CMS) Algorithms
- RFC 3560: Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
- RFC 4056: Use of the RSASSA-PSS Signature Algorithm in Cryptographic Message Syntax (CMS)
- RFC 3565: Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax (CMS)
- RFC 5753: Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)
- RFC 5754: Using SHA2 Algorithms with Cryptographic Message Syntax
- RFC 3211: Password-based Encryption for CMS
- RFC 5083: Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type
- RFC 5084: Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)
- RFC 6476: Using Message Authentication Code (MAC) Encryption in the Cryptographic Message Syntax (CMS)
- RFC 8103: Using ChaCha20-Poly1305 Authenticated Encryption in the Cryptographic Message Syntax (CMS)
Synopsis
- data ContentType
- data ContentInfo
- getContentType :: ContentInfo -> ContentType
- readCMSFile :: FilePath -> IO [ContentInfo]
- readCMSFileFromMemory :: ByteString -> [ContentInfo]
- pemToContentInfo :: [Maybe ContentInfo] -> PEM -> [Maybe ContentInfo]
- writeCMSFile :: FilePath -> [ContentInfo] -> IO ()
- writeCMSFileToMemory :: [ContentInfo] -> ByteString
- contentInfoToPEM :: ContentInfo -> PEM
- type SignatureValue = ByteString
- data SignatureAlg
- data SignedData = SignedData {}
- type ProducerOfSI m = ContentType -> ByteString -> m (Either StoreError (SignerInfo, [CertificateChoice], [RevocationInfoChoice]))
- type ConsumerOfSI m = ContentType -> ByteString -> SignerInfo -> [CertificateChoice] -> [RevocationInfoChoice] -> m Bool
- signData :: Applicative f => [ProducerOfSI f] -> ContentInfo -> f (Either StoreError ContentInfo)
- verifySignedData :: Monad m => ConsumerOfSI m -> SignedData -> m (Maybe ContentInfo)
- data SignerInfo = SignerInfo {}
- data SignerIdentifier
- data IssuerAndSerialNumber = IssuerAndSerialNumber {}
- certSigner :: MonadRandom m => SignatureAlg -> PrivKey -> CertificateChain -> Maybe [Attribute] -> [Attribute] -> ProducerOfSI m
- withPublicKey :: Applicative f => PubKey -> ConsumerOfSI f
- withSignerKey :: Applicative f => ConsumerOfSI f
- withSignerCertificate :: Applicative f => (CertificateChain -> f Bool) -> ConsumerOfSI f
- type EncryptedKey = ByteString
- data KeyEncryptionParams
- data KeyTransportParams
- data KeyAgreementParams
- data RecipientInfo
- data EnvelopedData = EnvelopedData {}
- type ProducerOfRI m = ContentEncryptionKey -> m (Either StoreError RecipientInfo)
- type ConsumerOfRI m = RecipientInfo -> m (Either StoreError ContentEncryptionKey)
- envelopData :: Applicative f => OriginatorInfo -> ContentEncryptionKey -> ContentEncryptionParams -> [ProducerOfRI f] -> [Attribute] -> ContentInfo -> f (Either StoreError ContentInfo)
- openEnvelopedData :: Monad m => ConsumerOfRI m -> EnvelopedData -> m (Either StoreError ContentInfo)
- data KTRecipientInfo = KTRecipientInfo {}
- data RecipientIdentifier
- forKeyTransRecipient :: MonadRandom m => SignedCertificate -> KeyTransportParams -> ProducerOfRI m
- withRecipientKeyTrans :: MonadRandom m => PrivKey -> ConsumerOfRI m
- data KARecipientInfo = KARecipientInfo {}
- data OriginatorIdentifierOrKey
- data OriginatorPublicKey
- data RecipientEncryptedKey = RecipientEncryptedKey {}
- data KeyAgreeRecipientIdentifier
- type UserKeyingMaterial = ByteString
- forKeyAgreeRecipient :: MonadRandom m => SignedCertificate -> KeyAgreementParams -> ProducerOfRI m
- withRecipientKeyAgree :: MonadRandom m => PrivKey -> SignedCertificate -> ConsumerOfRI m
- data KEKRecipientInfo = KEKRecipientInfo {}
- data KeyIdentifier = KeyIdentifier {}
- data OtherKeyAttribute = OtherKeyAttribute {}
- type KeyEncryptionKey = ByteString
- forKeyRecipient :: MonadRandom m => KeyEncryptionKey -> KeyIdentifier -> KeyEncryptionParams -> ProducerOfRI m
- withRecipientKey :: Applicative f => KeyEncryptionKey -> ConsumerOfRI f
- data PasswordRecipientInfo = PasswordRecipientInfo {}
- forPasswordRecipient :: MonadRandom m => Password -> KeyDerivationFunc -> KeyEncryptionParams -> ProducerOfRI m
- withRecipientPassword :: Applicative f => Password -> ConsumerOfRI f
- data DigestProxy hashAlg where
- data DigestAlgorithm = HashAlgorithm hashAlg => DigestAlgorithm (DigestProxy hashAlg)
- data DigestedData = HashAlgorithm hashAlg => DigestedData {
- ddDigestAlgorithm :: DigestProxy hashAlg
- ddContentInfo :: ContentInfo
- ddDigest :: Digest hashAlg
- digestData :: DigestAlgorithm -> ContentInfo -> ContentInfo
- digestVerify :: DigestedData -> Maybe ContentInfo
- type ContentEncryptionKey = ByteString
- data ContentEncryptionCipher cipher where
- DES :: ContentEncryptionCipher DES
- DES_EDE2 :: ContentEncryptionCipher DES_EDE2
- DES_EDE3 :: ContentEncryptionCipher DES_EDE3
- AES128 :: ContentEncryptionCipher AES128
- AES192 :: ContentEncryptionCipher AES192
- AES256 :: ContentEncryptionCipher AES256
- CAST5 :: ContentEncryptionCipher CAST5
- Camellia128 :: ContentEncryptionCipher Camellia128
- data ContentEncryptionAlg
- = BlockCipher c => ECB (ContentEncryptionCipher c)
- | BlockCipher c => CBC (ContentEncryptionCipher c)
- | CBC_RC2
- | BlockCipher c => CFB (ContentEncryptionCipher c)
- | BlockCipher c => CTR (ContentEncryptionCipher c)
- data ContentEncryptionParams
- type EncryptedContent = ByteString
- data EncryptedData = EncryptedData {}
- generateEncryptionParams :: MonadRandom m => ContentEncryptionAlg -> m ContentEncryptionParams
- generateRC2EncryptionParams :: MonadRandom m => Int -> m ContentEncryptionParams
- getContentEncryptionAlg :: ContentEncryptionParams -> ContentEncryptionAlg
- encryptData :: ContentEncryptionKey -> ContentEncryptionParams -> [Attribute] -> ContentInfo -> Either StoreError ContentInfo
- decryptData :: ContentEncryptionKey -> EncryptedData -> Either StoreError ContentInfo
- type AuthenticationKey = ContentEncryptionKey
- data MACAlgorithm = HashAlgorithm hashAlg => HMAC (DigestProxy hashAlg)
- type MessageAuthenticationCode = AuthTag
- data AuthenticatedData = AuthenticatedData {}
- generateAuthenticatedData :: Applicative f => OriginatorInfo -> AuthenticationKey -> MACAlgorithm -> Maybe DigestAlgorithm -> [ProducerOfRI f] -> [Attribute] -> [Attribute] -> ContentInfo -> f (Either StoreError ContentInfo)
- verifyAuthenticatedData :: Monad m => ConsumerOfRI m -> AuthenticatedData -> m (Either StoreError ContentInfo)
- data AuthContentEncryptionAlg
- = AUTH_ENC_128
- | AUTH_ENC_256
- | CHACHA20_POLY1305
- | BlockCipher c => CCM (ContentEncryptionCipher c)
- | BlockCipher c => GCM (ContentEncryptionCipher c)
- data AuthContentEncryptionParams
- data AuthEnvelopedData = AuthEnvelopedData {}
- generateAuthEnc128Params :: MonadRandom m => PBKDF2_PRF -> ContentEncryptionAlg -> MACAlgorithm -> m AuthContentEncryptionParams
- generateAuthEnc256Params :: MonadRandom m => PBKDF2_PRF -> ContentEncryptionAlg -> MACAlgorithm -> m AuthContentEncryptionParams
- generateChaChaPoly1305Params :: MonadRandom m => m AuthContentEncryptionParams
- generateCCMParams :: (MonadRandom m, BlockCipher c) => ContentEncryptionCipher c -> CCM_M -> CCM_L -> m AuthContentEncryptionParams
- generateGCMParams :: (MonadRandom m, BlockCipher c) => ContentEncryptionCipher c -> Int -> m AuthContentEncryptionParams
- authEnvelopData :: Applicative f => OriginatorInfo -> ContentEncryptionKey -> AuthContentEncryptionParams -> [ProducerOfRI f] -> [Attribute] -> [Attribute] -> ContentInfo -> f (Either StoreError ContentInfo)
- openAuthEnvelopedData :: Monad m => ConsumerOfRI m -> AuthEnvelopedData -> m (Either StoreError ContentInfo)
- type Salt = ByteString
- generateSalt :: MonadRandom m => Int -> m Salt
- data KeyDerivationFunc
- data PBKDF2_PRF
- class HasKeySize params where
- generateKey :: (HasKeySize params, MonadRandom m, ByteArray key) => params -> m key
- newtype MaskGenerationFunc = MGF1 DigestAlgorithm
- data OAEPParams = OAEPParams {}
- data PSSParams = PSSParams {}
- data Attribute = Attribute {
- attrType :: OID
- attrValues :: [ASN1]
- findAttribute :: OID -> [Attribute] -> Maybe [ASN1]
- setAttribute :: OID -> [ASN1] -> [Attribute] -> [Attribute]
- filterAttributes :: (OID -> Bool) -> [Attribute] -> [Attribute]
- data OriginatorInfo = OriginatorInfo {}
- data CertificateChoice
- data OtherCertificateFormat = OtherCertificateFormat {
- otherCertFormat :: OID
- otherCertValues :: [ASN1]
- data RevocationInfoChoice
- data OtherRevocationInfoFormat = OtherRevocationInfoFormat {}
- data ASN1ObjectExact a
Documentation
data ContentType Source #
CMS content information type.
Constructors
| DataType | Arbitrary octet string |
| SignedDataType | Signed content info |
| EnvelopedDataType | Enveloped content info |
| DigestedDataType | Content info with associated digest |
| EncryptedDataType | Encrypted content info |
| AuthenticatedDataType | Authenticated content info |
| AuthEnvelopedDataType | Authenticated-enveloped content info |
Instances
| Eq ContentType Source # | |
Defined in Crypto.Store.CMS.Type | |
| Show ContentType Source # | |
Defined in Crypto.Store.CMS.Type Methods showsPrec :: Int -> ContentType -> ShowS # show :: ContentType -> String # showList :: [ContentType] -> ShowS # | |
| OIDable ContentType Source # | |
Defined in Crypto.Store.CMS.Type Methods getObjectID :: ContentType -> OID # | |
| OIDNameable ContentType Source # | |
Defined in Crypto.Store.CMS.Type Methods fromObjectID :: OID -> Maybe ContentType # | |
data ContentInfo Source #
CMS content information.
Constructors
| DataCI ByteString | Arbitrary octet string |
| SignedDataCI SignedData | Signed content info |
| EnvelopedDataCI EnvelopedData | Enveloped content info |
| DigestedDataCI DigestedData | Content info with associated digest |
| EncryptedDataCI EncryptedData | Encrypted content info |
| AuthenticatedDataCI AuthenticatedData | Authenticatedcontent info |
| AuthEnvelopedDataCI AuthEnvelopedData | Authenticated-enveloped content info |
Instances
| Eq ContentInfo Source # | |
Defined in Crypto.Store.CMS.Info | |
| Show ContentInfo Source # | |
Defined in Crypto.Store.CMS.Info Methods showsPrec :: Int -> ContentInfo -> ShowS # show :: ContentInfo -> String # showList :: [ContentInfo] -> ShowS # | |
getContentType :: ContentInfo -> ContentType Source #
Get the type of a content info.
Reading and writing PEM files
readCMSFile :: FilePath -> IO [ContentInfo] Source #
Read content info elements from a PEM file.
readCMSFileFromMemory :: ByteString -> [ContentInfo] Source #
Read content info elements from a bytearray in PEM format.
pemToContentInfo :: [Maybe ContentInfo] -> PEM -> [Maybe ContentInfo] Source #
Read a content info from a PEM element and add it to the accumulator
list.
writeCMSFile :: FilePath -> [ContentInfo] -> IO () Source #
Write content info elements to a PEM file.
writeCMSFileToMemory :: [ContentInfo] -> ByteString Source #
Write content info elements to a bytearray in PEM format.
contentInfoToPEM :: ContentInfo -> PEM Source #
Generate PEM for a content info.
Signed data
type SignatureValue = ByteString Source #
Signature value.
data SignatureAlg Source #
CMS signature algorithms and associated parameters.
Constructors
| RSAAnyHash | |
| RSA DigestAlgorithm | |
| RSAPSS PSSParams | |
| DSA DigestAlgorithm | |
| ECDSA DigestAlgorithm |
Instances
| Eq SignatureAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms | |
| Show SignatureAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> SignatureAlg -> ShowS # show :: SignatureAlg -> String # showList :: [SignatureAlg] -> ShowS # | |
data SignedData Source #
Signed content information.
Constructors
| SignedData | |
Fields
| |
Instances
| Eq SignedData Source # | |
Defined in Crypto.Store.CMS.Info | |
| Show SignedData Source # | |
Defined in Crypto.Store.CMS.Info Methods showsPrec :: Int -> SignedData -> ShowS # show :: SignedData -> String # showList :: [SignedData] -> ShowS # | |
type ProducerOfSI m = ContentType -> ByteString -> m (Either StoreError (SignerInfo, [CertificateChoice], [RevocationInfoChoice])) Source #
Function able to produce a SignerInfo.
type ConsumerOfSI m = ContentType -> ByteString -> SignerInfo -> [CertificateChoice] -> [RevocationInfoChoice] -> m Bool Source #
Function able to consume a SignerInfo.
signData :: Applicative f => [ProducerOfSI f] -> ContentInfo -> f (Either StoreError ContentInfo) Source #
Add a signed-data layer on the specified content info. The content is
processed by one or several ProducerOfSI functions to create signer info
elements.
verifySignedData :: Monad m => ConsumerOfSI m -> SignedData -> m (Maybe ContentInfo) Source #
Verify a signed content info using the specified ConsumerOfSI function.
Verification of at least one signer info must be successful in order to
return the inner content info.
Signer information
data SignerInfo Source #
Information related to a signer of a SignedData. An
element contains the signature material that was produced.
Constructors
| SignerInfo | |
Fields
| |
Instances
| Eq SignerInfo Source # | |
Defined in Crypto.Store.CMS.Signed | |
| Show SignerInfo Source # | |
Defined in Crypto.Store.CMS.Signed Methods showsPrec :: Int -> SignerInfo -> ShowS # show :: SignerInfo -> String # showList :: [SignerInfo] -> ShowS # | |
data SignerIdentifier Source #
Union type related to identification of the signer certificate.
Constructors
| SignerIASN IssuerAndSerialNumber | Issuer and Serial Number |
| SignerSKI ByteString | Subject Key Identifier |
Instances
| Eq SignerIdentifier Source # | |
Defined in Crypto.Store.CMS.Signed Methods (==) :: SignerIdentifier -> SignerIdentifier -> Bool # (/=) :: SignerIdentifier -> SignerIdentifier -> Bool # | |
| Show SignerIdentifier Source # | |
Defined in Crypto.Store.CMS.Signed Methods showsPrec :: Int -> SignerIdentifier -> ShowS # show :: SignerIdentifier -> String # showList :: [SignerIdentifier] -> ShowS # | |
data IssuerAndSerialNumber Source #
Identification of a certificate using the issuer DN and serial number.
Constructors
| IssuerAndSerialNumber | |
Fields
| |
Instances
| Eq IssuerAndSerialNumber Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: IssuerAndSerialNumber -> IssuerAndSerialNumber -> Bool # (/=) :: IssuerAndSerialNumber -> IssuerAndSerialNumber -> Bool # | |
| Show IssuerAndSerialNumber Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> IssuerAndSerialNumber -> ShowS # show :: IssuerAndSerialNumber -> String # showList :: [IssuerAndSerialNumber] -> ShowS # | |
certSigner :: MonadRandom m => SignatureAlg -> PrivKey -> CertificateChain -> Maybe [Attribute] -> [Attribute] -> ProducerOfSI m Source #
Create a signer info with the specified signature algorithm and credentials.
Two lists of optional attributes can be provided. The attributes will be part of message signature when provided in the first list.
When the first list of attributes is provided, even empty list, signature is
computed from a digest of the content. When the list of attributes is
Nothing, no intermediate digest is used and the signature is computed from
the full message.
withPublicKey :: Applicative f => PubKey -> ConsumerOfSI f Source #
Verify that the signature was produced from the specified public key. Ignores all certificates and CRLs contained in the signed data.
withSignerKey :: Applicative f => ConsumerOfSI f Source #
Verify that the signature is valid with one of the X.509 certificates contained in the signed data, but does not validate that the certificates are valid. All transmitted certificates are implicitely trusted and all CRLs are ignored.
withSignerCertificate :: Applicative f => (CertificateChain -> f Bool) -> ConsumerOfSI f Source #
Verify that the signature is valid with one of the X.509 certificates contained in the signed data, and verify that the signer certificate is valid using the validation function supplied. All CRLs are ignored.
Enveloped data
type EncryptedKey = ByteString Source #
Encrypted key.
data KeyEncryptionParams Source #
Key encryption algorithm with associated parameters (i.e. the underlying encryption algorithm).
Constructors
| PWRIKEK ContentEncryptionParams | PWRI-KEK key wrap algorithm |
| AES128_WRAP | AES-128 key wrap |
| AES192_WRAP | AES-192 key wrap |
| AES256_WRAP | AES-256 key wrap |
| AES128_WRAP_PAD | AES-128 extended key wrap |
| AES192_WRAP_PAD | AES-192 extended key wrap |
| AES256_WRAP_PAD | AES-256 extended key wrap |
| DES_EDE3_WRAP | Triple-DES key wrap |
| RC2_WRAP Int | RC2 key wrap with effective key length |
Instances
| Eq KeyEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: KeyEncryptionParams -> KeyEncryptionParams -> Bool # (/=) :: KeyEncryptionParams -> KeyEncryptionParams -> Bool # | |
| Show KeyEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> KeyEncryptionParams -> ShowS # show :: KeyEncryptionParams -> String # showList :: [KeyEncryptionParams] -> ShowS # | |
| HasKeySize KeyEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: KeyEncryptionParams -> KeySizeSpecifier Source # | |
data KeyTransportParams Source #
Key transport algorithm with associated parameters.
Constructors
| RSAES | RSAES-PKCS1 |
| RSAESOAEP OAEPParams | RSAES-OAEP |
Instances
| Eq KeyTransportParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: KeyTransportParams -> KeyTransportParams -> Bool # (/=) :: KeyTransportParams -> KeyTransportParams -> Bool # | |
| Show KeyTransportParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> KeyTransportParams -> ShowS # show :: KeyTransportParams -> String # showList :: [KeyTransportParams] -> ShowS # | |
data KeyAgreementParams Source #
Key agreement algorithm with associated parameters.
Constructors
| StdDH DigestAlgorithm KeyEncryptionParams | 1-Pass D-H with Stardard ECDH |
| CofactorDH DigestAlgorithm KeyEncryptionParams | 1-Pass D-H with Cofactor ECDH |
Instances
| Eq KeyAgreementParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: KeyAgreementParams -> KeyAgreementParams -> Bool # (/=) :: KeyAgreementParams -> KeyAgreementParams -> Bool # | |
| Show KeyAgreementParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> KeyAgreementParams -> ShowS # show :: KeyAgreementParams -> String # showList :: [KeyAgreementParams] -> ShowS # | |
data RecipientInfo Source #
Information for a recipient of an EnvelopedData. An element contains
the content-encryption key in encrypted form.
Constructors
| KTRI KTRecipientInfo | Recipient using key transport |
| KARI KARecipientInfo | Recipient using key agreement |
| KEKRI KEKRecipientInfo | Recipient using key encryption |
| PasswordRI PasswordRecipientInfo | Recipient using password-based protection |
Instances
| Eq RecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: RecipientInfo -> RecipientInfo -> Bool # (/=) :: RecipientInfo -> RecipientInfo -> Bool # | |
| Show RecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> RecipientInfo -> ShowS # show :: RecipientInfo -> String # showList :: [RecipientInfo] -> ShowS # | |
data EnvelopedData Source #
Enveloped content information.
Constructors
| EnvelopedData | |
Fields
| |
Instances
| Eq EnvelopedData Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: EnvelopedData -> EnvelopedData -> Bool # (/=) :: EnvelopedData -> EnvelopedData -> Bool # | |
| Show EnvelopedData Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> EnvelopedData -> ShowS # show :: EnvelopedData -> String # showList :: [EnvelopedData] -> ShowS # | |
type ProducerOfRI m = ContentEncryptionKey -> m (Either StoreError RecipientInfo) Source #
Function able to produce a RecipientInfo.
type ConsumerOfRI m = RecipientInfo -> m (Either StoreError ContentEncryptionKey) Source #
Function able to consume a RecipientInfo.
envelopData :: Applicative f => OriginatorInfo -> ContentEncryptionKey -> ContentEncryptionParams -> [ProducerOfRI f] -> [Attribute] -> ContentInfo -> f (Either StoreError ContentInfo) Source #
Add an enveloped-data layer on the specified content info. The content is
encrypted with specified key and algorithm. The key is then processed by
one or several ProducerOfRI functions to create recipient info elements.
Some optional attributes can be added but will not be encrypted.
openEnvelopedData :: Monad m => ConsumerOfRI m -> EnvelopedData -> m (Either StoreError ContentInfo) Source #
Recover an enveloped content info using the specified ConsumerOfRI
function.
Key Transport recipients
data KTRecipientInfo Source #
Recipient using key transport.
Constructors
| KTRecipientInfo | |
Fields
| |
Instances
| Eq KTRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: KTRecipientInfo -> KTRecipientInfo -> Bool # (/=) :: KTRecipientInfo -> KTRecipientInfo -> Bool # | |
| Show KTRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> KTRecipientInfo -> ShowS # show :: KTRecipientInfo -> String # showList :: [KTRecipientInfo] -> ShowS # | |
data RecipientIdentifier Source #
Union type related to identification of the recipient.
Constructors
| RecipientIASN IssuerAndSerialNumber | Issuer and Serial Number |
| RecipientSKI ByteString | Subject Key Identifier |
Instances
| Eq RecipientIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: RecipientIdentifier -> RecipientIdentifier -> Bool # (/=) :: RecipientIdentifier -> RecipientIdentifier -> Bool # | |
| Show RecipientIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> RecipientIdentifier -> ShowS # show :: RecipientIdentifier -> String # showList :: [RecipientIdentifier] -> ShowS # | |
forKeyTransRecipient :: MonadRandom m => SignedCertificate -> KeyTransportParams -> ProducerOfRI m Source #
Generate a Key Transport recipient from a certificate and desired algorithm. The recipient will contain certificate identifier.
This function can be used as parameter to envelopData.
withRecipientKeyTrans :: MonadRandom m => PrivKey -> ConsumerOfRI m Source #
Use a Key Transport recipient, knowing the private key.
This function can be used as parameter to
openEnvelopedData.
Key Agreement recipients
data KARecipientInfo Source #
Recipient using key agreement.
Constructors
| KARecipientInfo | |
Fields
| |
Instances
| Eq KARecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: KARecipientInfo -> KARecipientInfo -> Bool # (/=) :: KARecipientInfo -> KARecipientInfo -> Bool # | |
| Show KARecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> KARecipientInfo -> ShowS # show :: KARecipientInfo -> String # showList :: [KARecipientInfo] -> ShowS # | |
data OriginatorIdentifierOrKey Source #
Union type related to identification of the originator.
Constructors
| OriginatorIASN IssuerAndSerialNumber | Issuer and Serial Number |
| OriginatorSKI ByteString | Subject Key Identifier |
| OriginatorPublic OriginatorPublicKey | Anonymous public key |
Instances
| Eq OriginatorIdentifierOrKey Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: OriginatorIdentifierOrKey -> OriginatorIdentifierOrKey -> Bool # (/=) :: OriginatorIdentifierOrKey -> OriginatorIdentifierOrKey -> Bool # | |
| Show OriginatorIdentifierOrKey Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> OriginatorIdentifierOrKey -> ShowS # show :: OriginatorIdentifierOrKey -> String # showList :: [OriginatorIdentifierOrKey] -> ShowS # | |
data OriginatorPublicKey Source #
Originator public key used for key-agreement. Contrary to PubKey the
domain parameters are not used and may be left empty.
Instances
| Eq OriginatorPublicKey Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: OriginatorPublicKey -> OriginatorPublicKey -> Bool # (/=) :: OriginatorPublicKey -> OriginatorPublicKey -> Bool # | |
| Show OriginatorPublicKey Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> OriginatorPublicKey -> ShowS # show :: OriginatorPublicKey -> String # showList :: [OriginatorPublicKey] -> ShowS # | |
data RecipientEncryptedKey Source #
Encrypted key for a recipient in a key-agreement RI.
Constructors
| RecipientEncryptedKey | |
Fields
| |
Instances
| Eq RecipientEncryptedKey Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: RecipientEncryptedKey -> RecipientEncryptedKey -> Bool # (/=) :: RecipientEncryptedKey -> RecipientEncryptedKey -> Bool # | |
| Show RecipientEncryptedKey Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> RecipientEncryptedKey -> ShowS # show :: RecipientEncryptedKey -> String # showList :: [RecipientEncryptedKey] -> ShowS # | |
data KeyAgreeRecipientIdentifier Source #
Union type related to identification of a key-agreement recipient.
Constructors
| KeyAgreeRecipientIASN IssuerAndSerialNumber | Issuer and Serial Number |
| KeyAgreeRecipientKI KeyIdentifier | Key identifier |
Instances
| Eq KeyAgreeRecipientIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: KeyAgreeRecipientIdentifier -> KeyAgreeRecipientIdentifier -> Bool # (/=) :: KeyAgreeRecipientIdentifier -> KeyAgreeRecipientIdentifier -> Bool # | |
| Show KeyAgreeRecipientIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> KeyAgreeRecipientIdentifier -> ShowS # show :: KeyAgreeRecipientIdentifier -> String # showList :: [KeyAgreeRecipientIdentifier] -> ShowS # | |
type UserKeyingMaterial = ByteString Source #
User keying material.
forKeyAgreeRecipient :: MonadRandom m => SignedCertificate -> KeyAgreementParams -> ProducerOfRI m Source #
Generate a Key Agreement recipient from a certificate and desired algorithm. The recipient info will contain an ephemeral public key.
This function can be used as parameter to envelopData.
To avoid decreasing the security strength, Key Encryption parameters should use a key size equal or greater than the content encryption key.
withRecipientKeyAgree :: MonadRandom m => PrivKey -> SignedCertificate -> ConsumerOfRI m Source #
Use a Key Agreement recipient, knowing the recipient private key. The recipient certificate is also required to locate which encrypted key to use.
This function can be used as parameter to
openEnvelopedData.
Key Encryption Key recipients
data KEKRecipientInfo Source #
Recipient using key encryption.
Constructors
| KEKRecipientInfo | |
Fields
| |
Instances
| Eq KEKRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: KEKRecipientInfo -> KEKRecipientInfo -> Bool # (/=) :: KEKRecipientInfo -> KEKRecipientInfo -> Bool # | |
| Show KEKRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> KEKRecipientInfo -> ShowS # show :: KEKRecipientInfo -> String # showList :: [KEKRecipientInfo] -> ShowS # | |
data KeyIdentifier Source #
Key identifier and optional attributes.
Constructors
| KeyIdentifier | |
Fields
| |
Instances
| Eq KeyIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: KeyIdentifier -> KeyIdentifier -> Bool # (/=) :: KeyIdentifier -> KeyIdentifier -> Bool # | |
| Show KeyIdentifier Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> KeyIdentifier -> ShowS # show :: KeyIdentifier -> String # showList :: [KeyIdentifier] -> ShowS # | |
data OtherKeyAttribute Source #
Additional information in a KeyIdentifier.
Constructors
| OtherKeyAttribute | |
Instances
| Eq OtherKeyAttribute Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: OtherKeyAttribute -> OtherKeyAttribute -> Bool # (/=) :: OtherKeyAttribute -> OtherKeyAttribute -> Bool # | |
| Show OtherKeyAttribute Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> OtherKeyAttribute -> ShowS # show :: OtherKeyAttribute -> String # showList :: [OtherKeyAttribute] -> ShowS # | |
type KeyEncryptionKey = ByteString Source #
Key used for key encryption.
forKeyRecipient :: MonadRandom m => KeyEncryptionKey -> KeyIdentifier -> KeyEncryptionParams -> ProducerOfRI m Source #
Generate a Key Encryption Key recipient from a key encryption key and desired algorithm. The recipient may identify the KEK that was used with the supplied identifier.
This function can be used as parameter to envelopData.
To avoid decreasing the security strength, Key Encryption parameters should use a key size equal or greater than the content encryption key.
withRecipientKey :: Applicative f => KeyEncryptionKey -> ConsumerOfRI f Source #
Use a Key Encryption Key recipient, knowing the key encryption key.
This function can be used as parameter to
openEnvelopedData.
Password recipients
data PasswordRecipientInfo Source #
Recipient using password-based protection.
Constructors
| PasswordRecipientInfo | |
Fields
| |
Instances
| Eq PasswordRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods (==) :: PasswordRecipientInfo -> PasswordRecipientInfo -> Bool # (/=) :: PasswordRecipientInfo -> PasswordRecipientInfo -> Bool # | |
| Show PasswordRecipientInfo Source # | |
Defined in Crypto.Store.CMS.Enveloped Methods showsPrec :: Int -> PasswordRecipientInfo -> ShowS # show :: PasswordRecipientInfo -> String # showList :: [PasswordRecipientInfo] -> ShowS # | |
forPasswordRecipient :: MonadRandom m => Password -> KeyDerivationFunc -> KeyEncryptionParams -> ProducerOfRI m Source #
Generate a password recipient from a password.
This function can be used as parameter to envelopData.
withRecipientPassword :: Applicative f => Password -> ConsumerOfRI f Source #
Use a password recipient, knowing the password.
This function can be used as parameter to
openEnvelopedData.
Digested data
data DigestProxy hashAlg where Source #
CMS digest proxy. Acts like Proxy, i.e. provides a hash
algorithm as type parameter. The GADT constructors map to known algorithms.
Constructors
| MD2 :: DigestProxy MD2 | MD2 |
| MD4 :: DigestProxy MD4 | MD4 |
| MD5 :: DigestProxy MD5 | MD5 |
| SHA1 :: DigestProxy SHA1 | SHA-1 |
| SHA224 :: DigestProxy SHA224 | SHA-224 |
| SHA256 :: DigestProxy SHA256 | SHA-256 |
| SHA384 :: DigestProxy SHA384 | SHA-384 |
| SHA512 :: DigestProxy SHA512 | SHA-512 |
Instances
| Eq (DigestProxy hashAlg) Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: DigestProxy hashAlg -> DigestProxy hashAlg -> Bool # (/=) :: DigestProxy hashAlg -> DigestProxy hashAlg -> Bool # | |
| Show (DigestProxy hashAlg) Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> DigestProxy hashAlg -> ShowS # show :: DigestProxy hashAlg -> String # showList :: [DigestProxy hashAlg] -> ShowS # | |
data DigestAlgorithm Source #
CMS digest algorithm.
Constructors
| HashAlgorithm hashAlg => DigestAlgorithm (DigestProxy hashAlg) |
Instances
| Eq DigestAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: DigestAlgorithm -> DigestAlgorithm -> Bool # (/=) :: DigestAlgorithm -> DigestAlgorithm -> Bool # | |
| Show DigestAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> DigestAlgorithm -> ShowS # show :: DigestAlgorithm -> String # showList :: [DigestAlgorithm] -> ShowS # | |
| OIDable DigestAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getObjectID :: DigestAlgorithm -> OID # | |
| OIDNameable DigestAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods fromObjectID :: OID -> Maybe DigestAlgorithm # | |
data DigestedData Source #
Digested content information.
Constructors
| HashAlgorithm hashAlg => DigestedData | |
Fields
| |
Instances
| Eq DigestedData Source # | |
Defined in Crypto.Store.CMS.Info | |
| Show DigestedData Source # | |
Defined in Crypto.Store.CMS.Info Methods showsPrec :: Int -> DigestedData -> ShowS # show :: DigestedData -> String # showList :: [DigestedData] -> ShowS # | |
digestData :: DigestAlgorithm -> ContentInfo -> ContentInfo Source #
Add a digested-data layer on the specified content info.
digestVerify :: DigestedData -> Maybe ContentInfo Source #
Return the inner content info but only if the digest is valid.
Encrypted data
type ContentEncryptionKey = ByteString Source #
Key used for content encryption.
data ContentEncryptionCipher cipher where Source #
CMS content encryption cipher.
Constructors
| DES :: ContentEncryptionCipher DES | DES |
| DES_EDE2 :: ContentEncryptionCipher DES_EDE2 | Triple-DES with 2 keys used in alternative direction |
| DES_EDE3 :: ContentEncryptionCipher DES_EDE3 | Triple-DES with 3 keys used in alternative direction |
| AES128 :: ContentEncryptionCipher AES128 | AES with 128-bit key |
| AES192 :: ContentEncryptionCipher AES192 | AES with 192-bit key |
| AES256 :: ContentEncryptionCipher AES256 | AES with 256-bit key |
| CAST5 :: ContentEncryptionCipher CAST5 | CAST5 (aka CAST-128) with key between 40 and 128 bits |
| Camellia128 :: ContentEncryptionCipher Camellia128 | Camellia with 128-bit key |
Instances
| Eq (ContentEncryptionCipher cipher) Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: ContentEncryptionCipher cipher -> ContentEncryptionCipher cipher -> Bool # (/=) :: ContentEncryptionCipher cipher -> ContentEncryptionCipher cipher -> Bool # | |
| Show (ContentEncryptionCipher cipher) Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> ContentEncryptionCipher cipher -> ShowS # show :: ContentEncryptionCipher cipher -> String # showList :: [ContentEncryptionCipher cipher] -> ShowS # | |
data ContentEncryptionAlg Source #
Cipher and mode of operation for content encryption.
Constructors
| BlockCipher c => ECB (ContentEncryptionCipher c) | Electronic Codebook |
| BlockCipher c => CBC (ContentEncryptionCipher c) | Cipher Block Chaining |
| CBC_RC2 | RC2 in CBC mode |
| BlockCipher c => CFB (ContentEncryptionCipher c) | Cipher Feedback |
| BlockCipher c => CTR (ContentEncryptionCipher c) | Counter |
Instances
| Show ContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> ContentEncryptionAlg -> ShowS # show :: ContentEncryptionAlg -> String # showList :: [ContentEncryptionAlg] -> ShowS # | |
| OIDable ContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getObjectID :: ContentEncryptionAlg -> OID # | |
| OIDNameable ContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods | |
data ContentEncryptionParams Source #
Content encryption algorithm with associated parameters (i.e. the initialization vector).
A value can be generated with generateEncryptionParams.
Instances
| Eq ContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: ContentEncryptionParams -> ContentEncryptionParams -> Bool # (/=) :: ContentEncryptionParams -> ContentEncryptionParams -> Bool # | |
| Show ContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> ContentEncryptionParams -> ShowS # show :: ContentEncryptionParams -> String # showList :: [ContentEncryptionParams] -> ShowS # | |
| HasKeySize ContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: ContentEncryptionParams -> KeySizeSpecifier Source # | |
type EncryptedContent = ByteString Source #
Encrypted content.
data EncryptedData Source #
Encrypted content information.
Constructors
| EncryptedData | |
Fields
| |
Instances
| Eq EncryptedData Source # | |
Defined in Crypto.Store.CMS.Encrypted Methods (==) :: EncryptedData -> EncryptedData -> Bool # (/=) :: EncryptedData -> EncryptedData -> Bool # | |
| Show EncryptedData Source # | |
Defined in Crypto.Store.CMS.Encrypted Methods showsPrec :: Int -> EncryptedData -> ShowS # show :: EncryptedData -> String # showList :: [EncryptedData] -> ShowS # | |
generateEncryptionParams :: MonadRandom m => ContentEncryptionAlg -> m ContentEncryptionParams Source #
Generate random parameters for the specified content encryption algorithm.
generateRC2EncryptionParams :: MonadRandom m => Int -> m ContentEncryptionParams Source #
Generate random RC2 parameters with the specified effective key length (in bits).
getContentEncryptionAlg :: ContentEncryptionParams -> ContentEncryptionAlg Source #
Get the content encryption algorithm.
encryptData :: ContentEncryptionKey -> ContentEncryptionParams -> [Attribute] -> ContentInfo -> Either StoreError ContentInfo Source #
Add an encrypted-data layer on the specified content info. The content is encrypted with specified key and algorithm.
Some optional attributes can be added but will not be encrypted.
decryptData :: ContentEncryptionKey -> EncryptedData -> Either StoreError ContentInfo Source #
Decrypt an encrypted content info using the specified key.
Authenticated data
type AuthenticationKey = ContentEncryptionKey Source #
Key used for authentication.
data MACAlgorithm Source #
Message Authentication Code (MAC) Algorithm.
Constructors
| HashAlgorithm hashAlg => HMAC (DigestProxy hashAlg) |
Instances
| Eq MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms | |
| Show MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> MACAlgorithm -> ShowS # show :: MACAlgorithm -> String # showList :: [MACAlgorithm] -> ShowS # | |
| OIDable MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getObjectID :: MACAlgorithm -> OID # | |
| OIDNameable MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods fromObjectID :: OID -> Maybe MACAlgorithm # | |
| HasKeySize MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: MACAlgorithm -> KeySizeSpecifier Source # | |
type MessageAuthenticationCode = AuthTag Source #
Message authentication code. Equality is time constant.
data AuthenticatedData Source #
Authenticated content information.
Constructors
| AuthenticatedData | |
Fields
| |
Instances
| Eq AuthenticatedData Source # | |
Defined in Crypto.Store.CMS.Info Methods (==) :: AuthenticatedData -> AuthenticatedData -> Bool # (/=) :: AuthenticatedData -> AuthenticatedData -> Bool # | |
| Show AuthenticatedData Source # | |
Defined in Crypto.Store.CMS.Info Methods showsPrec :: Int -> AuthenticatedData -> ShowS # show :: AuthenticatedData -> String # showList :: [AuthenticatedData] -> ShowS # | |
generateAuthenticatedData :: Applicative f => OriginatorInfo -> AuthenticationKey -> MACAlgorithm -> Maybe DigestAlgorithm -> [ProducerOfRI f] -> [Attribute] -> [Attribute] -> ContentInfo -> f (Either StoreError ContentInfo) Source #
Add an authenticated-data layer on the specified content info. The content
is MACed with the specified key and algorithms. The key is then processed by
one or several ProducerOfRI functions to create recipient info elements.
Two lists of optional attributes can be provided. The attributes will be part of message authentication when provided in the first list.
verifyAuthenticatedData :: Monad m => ConsumerOfRI m -> AuthenticatedData -> m (Either StoreError ContentInfo) Source #
Verify the integrity of an authenticated content info using the specified
ConsumerOfRI function. The inner content info is returned only if the MAC
could be verified.
Authenticated-enveloped data
data AuthContentEncryptionAlg Source #
Cipher and mode of operation for authenticated-content encryption.
Constructors
| AUTH_ENC_128 | authEnc with 128-bit key |
| AUTH_ENC_256 | authEnc with 256-bit key |
| CHACHA20_POLY1305 | ChaCha20-Poly1305 Authenticated Encryption |
| BlockCipher c => CCM (ContentEncryptionCipher c) | Counter with CBC-MAC |
| BlockCipher c => GCM (ContentEncryptionCipher c) | Galois Counter Mode |
Instances
| Show AuthContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> AuthContentEncryptionAlg -> ShowS # show :: AuthContentEncryptionAlg -> String # showList :: [AuthContentEncryptionAlg] -> ShowS # | |
| OIDable AuthContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods | |
| OIDNameable AuthContentEncryptionAlg Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods | |
data AuthContentEncryptionParams Source #
Authenticated-content encryption algorithm with associated parameters (i.e. the nonce).
A value can be generated with functions generateAuthEnc128Params,
generateAuthEnc256Params, generateChaChaPoly1305Params,
generateCCMParams and generateGCMParams.
Instances
| Eq AuthContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: AuthContentEncryptionParams -> AuthContentEncryptionParams -> Bool # (/=) :: AuthContentEncryptionParams -> AuthContentEncryptionParams -> Bool # | |
| Show AuthContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> AuthContentEncryptionParams -> ShowS # show :: AuthContentEncryptionParams -> String # showList :: [AuthContentEncryptionParams] -> ShowS # | |
| HasKeySize AuthContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms | |
data AuthEnvelopedData Source #
Authenticated-enveloped content information.
Constructors
| AuthEnvelopedData | |
Fields
| |
Instances
| Eq AuthEnvelopedData Source # | |
Defined in Crypto.Store.CMS.AuthEnveloped Methods (==) :: AuthEnvelopedData -> AuthEnvelopedData -> Bool # (/=) :: AuthEnvelopedData -> AuthEnvelopedData -> Bool # | |
| Show AuthEnvelopedData Source # | |
Defined in Crypto.Store.CMS.AuthEnveloped Methods showsPrec :: Int -> AuthEnvelopedData -> ShowS # show :: AuthEnvelopedData -> String # showList :: [AuthEnvelopedData] -> ShowS # | |
generateAuthEnc128Params :: MonadRandom m => PBKDF2_PRF -> ContentEncryptionAlg -> MACAlgorithm -> m AuthContentEncryptionParams Source #
Generate random AUTH_ENC_128 parameters with the specified algorithms.
generateAuthEnc256Params :: MonadRandom m => PBKDF2_PRF -> ContentEncryptionAlg -> MACAlgorithm -> m AuthContentEncryptionParams Source #
Generate random AUTH_ENC_256 parameters with the specified algorithms.
generateChaChaPoly1305Params :: MonadRandom m => m AuthContentEncryptionParams Source #
Generate random CHACHA20_POLY1305 parameters.
generateCCMParams :: (MonadRandom m, BlockCipher c) => ContentEncryptionCipher c -> CCM_M -> CCM_L -> m AuthContentEncryptionParams Source #
Generate random CCM parameters for the specified cipher.
generateGCMParams :: (MonadRandom m, BlockCipher c) => ContentEncryptionCipher c -> Int -> m AuthContentEncryptionParams Source #
Generate random GCM parameters for the specified cipher.
authEnvelopData :: Applicative f => OriginatorInfo -> ContentEncryptionKey -> AuthContentEncryptionParams -> [ProducerOfRI f] -> [Attribute] -> [Attribute] -> ContentInfo -> f (Either StoreError ContentInfo) Source #
Add an authenticated-enveloped-data layer on the specified content info.
The content is encrypted with specified key and algorithm. The key is then
processed by one or several ProducerOfRI functions to create recipient info
elements.
Some attributes can be added but will not be encrypted. The attributes will be part of message authentication when provided in the first list.
openAuthEnvelopedData :: Monad m => ConsumerOfRI m -> AuthEnvelopedData -> m (Either StoreError ContentInfo) Source #
Recover an authenticated-enveloped content info using the specified
ConsumerOfRI function.
Key derivation
type Salt = ByteString Source #
Salt value used for key derivation.
generateSalt :: MonadRandom m => Int -> m Salt Source #
Generate a random salt with the specified length in bytes. To be most effective, the length should be at least 8 bytes.
data KeyDerivationFunc Source #
Key derivation algorithm and associated parameters.
Constructors
| PBKDF2 | Key derivation with PBKDF2 |
Fields
| |
| Scrypt | Key derivation with Scrypt |
Instances
| Eq KeyDerivationFunc Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: KeyDerivationFunc -> KeyDerivationFunc -> Bool # (/=) :: KeyDerivationFunc -> KeyDerivationFunc -> Bool # | |
| Show KeyDerivationFunc Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> KeyDerivationFunc -> ShowS # show :: KeyDerivationFunc -> String # showList :: [KeyDerivationFunc] -> ShowS # | |
data PBKDF2_PRF Source #
Pseudorandom function used for PBKDF2.
Constructors
| PBKDF2_SHA1 | hmacWithSHA1 |
| PBKDF2_SHA256 | hmacWithSHA256 |
| PBKDF2_SHA512 | hmacWithSHA512 |
Instances
| Eq PBKDF2_PRF Source # | |
Defined in Crypto.Store.CMS.Algorithms | |
| Show PBKDF2_PRF Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> PBKDF2_PRF -> ShowS # show :: PBKDF2_PRF -> String # showList :: [PBKDF2_PRF] -> ShowS # | |
| OIDable PBKDF2_PRF Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getObjectID :: PBKDF2_PRF -> OID # | |
| OIDNameable PBKDF2_PRF Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods fromObjectID :: OID -> Maybe PBKDF2_PRF # | |
Secret-key algorithms
class HasKeySize params where Source #
Algorithms that are based on a secret key. This includes ciphers but also MAC algorithms.
Minimal complete definition
Methods
getKeySizeSpecifier :: params -> KeySizeSpecifier Source #
Get a specification of the key sizes allowed by the algorithm.
Instances
| HasKeySize KeyEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: KeyEncryptionParams -> KeySizeSpecifier Source # | |
| HasKeySize AuthContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms | |
| HasKeySize ContentEncryptionParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: ContentEncryptionParams -> KeySizeSpecifier Source # | |
| HasKeySize MACAlgorithm Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: MACAlgorithm -> KeySizeSpecifier Source # | |
generateKey :: (HasKeySize params, MonadRandom m, ByteArray key) => params -> m key Source #
Generate a random key suitable for the specified algorithm. This uses the maximum size allowed by the parameters.
RSA padding modes
newtype MaskGenerationFunc Source #
Mask Generation Functions (MGF) and associated parameters.
Constructors
| MGF1 DigestAlgorithm |
Instances
| Eq MaskGenerationFunc Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods (==) :: MaskGenerationFunc -> MaskGenerationFunc -> Bool # (/=) :: MaskGenerationFunc -> MaskGenerationFunc -> Bool # | |
| Show MaskGenerationFunc Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> MaskGenerationFunc -> ShowS # show :: MaskGenerationFunc -> String # showList :: [MaskGenerationFunc] -> ShowS # | |
data OAEPParams Source #
Encryption parameters for RSAES-OAEP.
Constructors
| OAEPParams | |
Fields
| |
Instances
| Eq OAEPParams Source # | |
Defined in Crypto.Store.CMS.Algorithms | |
| Show OAEPParams Source # | |
Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> OAEPParams -> ShowS # show :: OAEPParams -> String # showList :: [OAEPParams] -> ShowS # | |
Signature parameters for RSASSA-PSS.
Constructors
| PSSParams | |
Fields
| |
CMS attributes
An attribute extending the parent structure with arbitrary data.
Constructors
| Attribute | |
Fields
| |
findAttribute :: OID -> [Attribute] -> Maybe [ASN1] Source #
Return the values for the first attribute with the specified type.
setAttribute :: OID -> [ASN1] -> [Attribute] -> [Attribute] Source #
Add or replace an attribute in a list of attributes.
filterAttributes :: (OID -> Bool) -> [Attribute] -> [Attribute] Source #
Filter a list of attributes based on a predicate applied to attribute type.
Originator information
data OriginatorInfo Source #
Information about the originator of the content info, to be used when a key management algorithm requires this information.
Constructors
| OriginatorInfo | |
Fields
| |
Instances
| Eq OriginatorInfo Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods (==) :: OriginatorInfo -> OriginatorInfo -> Bool # (/=) :: OriginatorInfo -> OriginatorInfo -> Bool # | |
| Show OriginatorInfo Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods showsPrec :: Int -> OriginatorInfo -> ShowS # show :: OriginatorInfo -> String # showList :: [OriginatorInfo] -> ShowS # | |
| Semigroup OriginatorInfo Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods (<>) :: OriginatorInfo -> OriginatorInfo -> OriginatorInfo # sconcat :: NonEmpty OriginatorInfo -> OriginatorInfo # stimes :: Integral b => b -> OriginatorInfo -> OriginatorInfo # | |
| Monoid OriginatorInfo Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods mappend :: OriginatorInfo -> OriginatorInfo -> OriginatorInfo # mconcat :: [OriginatorInfo] -> OriginatorInfo # | |
data CertificateChoice Source #
Union type related to certificate formats.
Constructors
| CertificateCertificate SignedCertificate | X.509 certificate |
| CertificateOther OtherCertificateFormat | Other format |
Instances
| Eq CertificateChoice Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods (==) :: CertificateChoice -> CertificateChoice -> Bool # (/=) :: CertificateChoice -> CertificateChoice -> Bool # | |
| Show CertificateChoice Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods showsPrec :: Int -> CertificateChoice -> ShowS # show :: CertificateChoice -> String # showList :: [CertificateChoice] -> ShowS # | |
data OtherCertificateFormat Source #
Certificate information in a format not supported natively.
Constructors
| OtherCertificateFormat | |
Fields
| |
Instances
| Eq OtherCertificateFormat Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods (==) :: OtherCertificateFormat -> OtherCertificateFormat -> Bool # (/=) :: OtherCertificateFormat -> OtherCertificateFormat -> Bool # | |
| Show OtherCertificateFormat Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods showsPrec :: Int -> OtherCertificateFormat -> ShowS # show :: OtherCertificateFormat -> String # showList :: [OtherCertificateFormat] -> ShowS # | |
data RevocationInfoChoice Source #
Union type related to revocation info formats.
Constructors
| RevocationInfoCRL SignedCRL | A CRL, ARL, Delta CRL, or an ACRL |
| RevocationInfoOther OtherRevocationInfoFormat | Other format |
Instances
| Eq RevocationInfoChoice Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods (==) :: RevocationInfoChoice -> RevocationInfoChoice -> Bool # (/=) :: RevocationInfoChoice -> RevocationInfoChoice -> Bool # | |
| Show RevocationInfoChoice Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods showsPrec :: Int -> RevocationInfoChoice -> ShowS # show :: RevocationInfoChoice -> String # showList :: [RevocationInfoChoice] -> ShowS # | |
data OtherRevocationInfoFormat Source #
Revocation information in a format not supported natively.
Constructors
| OtherRevocationInfoFormat | |
Fields
| |
Instances
| Eq OtherRevocationInfoFormat Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods (==) :: OtherRevocationInfoFormat -> OtherRevocationInfoFormat -> Bool # (/=) :: OtherRevocationInfoFormat -> OtherRevocationInfoFormat -> Bool # | |
| Show OtherRevocationInfoFormat Source # | |
Defined in Crypto.Store.CMS.OriginatorInfo Methods showsPrec :: Int -> OtherRevocationInfoFormat -> ShowS # show :: OtherRevocationInfoFormat -> String # showList :: [OtherRevocationInfoFormat] -> ShowS # | |
ASN.1 representation
data ASN1ObjectExact a Source #
An ASN.1 object associated with the raw data it was parsed from.
Instances
| Eq a => Eq (ASN1ObjectExact a) Source # | |
Defined in Crypto.Store.CMS.Util Methods (==) :: ASN1ObjectExact a -> ASN1ObjectExact a -> Bool # (/=) :: ASN1ObjectExact a -> ASN1ObjectExact a -> Bool # | |
| Show a => Show (ASN1ObjectExact a) Source # | |
Defined in Crypto.Store.CMS.Util Methods showsPrec :: Int -> ASN1ObjectExact a -> ShowS # show :: ASN1ObjectExact a -> String # showList :: [ASN1ObjectExact a] -> ShowS # | |