OpenSSL.PKCS7

Pkcs7 represents an abstract PKCS#7 structure. The concrete type of structure is hidden in the object: such polymorphism isn't very haskellish but please get it out of your mind since OpenSSL is written in C.

data Pkcs7Flag

Pkcs7Flag is a set of flags that are used in many operations related to PKCS#7.

Constructors

Pkcs7Text
Pkcs7NoCerts
Pkcs7NoSigs
Pkcs7NoChain
Pkcs7NoIntern
Pkcs7NoVerify
Pkcs7Detached
Pkcs7Binary
Pkcs7NoAttr
Pkcs7NoSmimeCap
Pkcs7NoOldMimeType
Pkcs7CRLFEOL

Instances

Eq Pkcs7Flag

Show Pkcs7Flag

Typeable Pkcs7Flag

data Pkcs7VerifyStatus

Pkcs7VerifyStatus represents a result of PKCS#7 verification. See pkcs7Verify.

Constructors

Pkcs7VerifySuccess (Maybe String)	Nothing if the PKCS#7 signature was a detached signature, and `Just content` if it wasn't.
Pkcs7VerifyFailure

Instances

Eq Pkcs7VerifyStatus

Show Pkcs7VerifyStatus

Typeable Pkcs7VerifyStatus

Encryption and Signing

pkcs7Sign

:: X509	certificate to sign with
-> PKey	corresponding private key
-> [X509]	optional additional set of certificates to include in the PKCS#7 structure (for example any intermediate CAs in the chain)
-> String	data to be signed
-> [Pkcs7Flag]	An optional set of flags: `Pkcs7Text` Many S/MIME clients expect the signed content to include valid MIME headers. If the `Pkcs7Text` flag is set MIME headers for type "text/plain" are prepended to the data. `Pkcs7NoCerts` If `Pkcs7NoCerts` is set the signer's certificate will not be included in the PKCS#7 structure, the signer's certificate must still be supplied in the parameter though. This can reduce the size of the signature if the signer's certificate can be obtained by other means: for example a previously signed message. `Pkcs7Detached` The data being signed is included in the PKCS#7 structure, unless `Pkcs7Detached` is set in which case it is ommited. This is used for PKCS#7 detached signatures which are used in S/MIME plaintext signed message for example. `Pkcs7Binary` Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) but if `Pkcs7Binary` is set no translation occurs. This option should be uesd if the supplied data is in binary format otherwise the translation will corrupt it. `Pkcs7NoAttr` `Pkcs7NoSmimeCap` The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If `Pkcs7NoAttr` is set then no authenticatedAttributes will be used. If Pkcs7NoSmimeCap is set then just the SMIMECapabilities are omitted.
-> IO Pkcs7
`pkcs7Sign` creates a PKCS#7 signedData structure.

pkcs7Verify

:: Pkcs7	A PKCS#7 structure to verify.
-> [X509]	Set of certificates in which to search for the signer's certificate.
-> X509Store	Trusted certificate store (used for chain verification).
-> Maybe String	Signed data if the content is not present in the PKCS#7 structure (that is it is detached).
-> [Pkcs7Flag]	An optional set of flags: `Pkcs7NoIntern` If `Pkcs7NoIntern` is set the certificates in the message itself are not searched when locating the signer's certificate. This means that all the signers certificates must be in the second argument ([`X509`]). `Pkcs7Text` If the `Pkcs7Text` flag is set MIME headers for type "text/plain" are deleted from the content. If the content is not of type "text/plain" then an error is returned. `Pkcs7NoVerify` If `Pkcs7NoVerify` is set the signer's certificates are not chain verified. `Pkcs7NoChain` If `Pkcs7NoChain` is set then the certificates contained in the message are not used as untrusted CAs. This means that the whole verify chain (apart from the signer's certificate) must be contained in the trusted store. `Pkcs7NoSigs` If `Pkcs7NoSigs` is set then the signatures on the data are not checked.
-> IO Pkcs7VerifyStatus
`pkcs7Verify` verifies a PKCS#7 signedData structure.

pkcs7Encrypt

:: [X509]	A list of recipient certificates.
-> String	The content to be encrypted.
-> Cipher	The symmetric cipher to use.
-> [Pkcs7Flag]	An optional set of flags: `Pkcs7Text` If the `Pkcs7Text` flag is set MIME headers for type "text/plain" are prepended to the data. `Pkcs7Binary` Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if `Pkcs7Binary` is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If `Pkcs7Binary` is set then `Pkcs7Text` is ignored.
-> IO Pkcs7
`pkcs7Encrypt` creates a PKCS#7 envelopedData structure.

pkcs7Decrypt

:: Pkcs7	The PKCS#7 structure to decrypt.
-> PKey	The private key of the recipient.
-> X509	The recipient's certificate.
-> [Pkcs7Flag]	An optional set of flags: `Pkcs7Text` If the `Pkcs7Text` flag is set MIME headers for type "text/plain" are deleted from the content. If the content is not of type "text/plain" then an error is thrown.
-> IO String	The decrypted content.
`pkcs7Decrypt` decrypts content from PKCS#7 envelopedData structure.

S/MIME

writeSmime

:: Pkcs7	A PKCS#7 structure to be written.
-> Maybe String	If cleartext signing (multipart/signed) is being used then the signed data must be supplied here.
-> [Pkcs7Flag]	An optional set of flags: `Pkcs7Detached` If `Pkcs7Detached` is set then cleartext signing will be used, this option only makes sense for signedData where `Pkcs7Detached` is also set when `pkcs7Sign` is also called. `Pkcs7Text` If the `Pkcs7Text` flag is set MIME headers for type "text/plain" are added to the content, this only makes sense if `Pkcs7Detached` is also set.
-> IO String	The result S/MIME message.
`writeSmime` writes PKCS#7 structure to S/MIME message.

readSmime

:: String	The message to be read.
-> IO (Pkcs7, Maybe String)	(The result PKCS#7 structure, `Just content` if the PKCS#7 structure was a cleartext signature and `Nothing` if it wasn't.)
`readSmime` parses S/MIME message.

Produced by Haddock version 0.8