OpenCA::OpenSSL - Perl Crypto Extention to OpenSSL


  use OpenCA::OpenSSL;


This Perl Module implements an interface to the openssl backend program. It actually uses the openssl command and it is not fully integrated as PERL/C mixture.

Passing parameters to functions should be very simple as them have no particular order and have, often, self-explaining name. Each parameter should be passed to the function like this:

        ... ( NAME=>VALUE, NAME=>VALUE, ... );


sub new () - Creates a new Class instance.

        This functions creates a new instance of the class. It accepts
        only one parameter: the path to the backend command (openssl).


                my $openssl->new OpenCA::OpenSSL( $path );

sub setParams () - Set internal module variables.

        This function can handle the internal module data such as the
        backend path or the tmp dir. Accepted parameters are:

                SHELL   - Path to the openssl command.
                CONFIG  - Path to the openssl config file.
                TMPDIR  - Temporary files directory.
                STDERR  - Where to redirect the STDERR file.

        (*) - Optional parameters;


                $openssl->setParams( SHELL=>'/usr/local/ssl/bin/openssl',
                                     STDERR=>'/dev/null' );

sub genKey () - Generate a private Key.

        This functions let you generate a new private key. Accepted
        parameters are:

                BITS      - key lengh in bits(*);
                OUTFILE   - Output file name(*);
                ALGORITHM - Encryption Algorithm to be used(*);
                PASSWD    - Password to be used when encrypting(*);

        (*) - Optional parameters;


                my $key = $openssl->genKey( BITS=>1024 );

sub genReq () - Generate a new Request.

        This function generate a new certificate request. Accepted
        parameters are:

                OUTFILE  - Output file(*);
                KEYFILE  - File containing the key;
                PASSWD   - Password to decript key (if needed) (*);
                DN       - Subject list (as required by openssl, see
                           the openssl.cnf doc on policy);

        (*) - Optional parameters;


                my $req = $openssl->genReq( KEYFILE=>"00_key.pem",
                        DN => [ "","Max","","","" ] );

sub genCert () - Generate a certificate from a request.

        This function let you generate a new certificate starting
        from the request file. It is used for self-signed certificate
        as it simply converts the request into a x509 structure.
        Accepted parameters are:

                OUTFILE   - Output file(*);
                KEYFILE   - File containing the private key;
                REQFILE   - Request File;
                PASSWD    - Password to decrypt private key(*);
                DAYS      - Validity days(*);

        (*) - Optional parameters;


                $cert = $openssl->genCert( KEYFILE=>"priv_key.pem",
                        DAYS=>"720" );

sub dataConvert () - Convert data to different format.

        This functions will convert data you pass to another format. Ir
        requires you to provide with the data's type and IN/OUT format.
        Accepted parameters are:

                DATA    - Data to be processed;
                INFILE  - Data file to be processed (one of DATA and
                          INFILE are required and exclusive);
                DATATYPE - Data type ( CRL | CERTIFICATE | REQUEST );
                OUTFORM  - Output format (PEM|DER|NET|TXT)(*);
                INFORM   - Input format (PEM|DER|NET|TXT)(*);
                OUTFILE  - Output file(*);

        (*) - Optional parameters;


                print $openssl->dataConvert( INFILE=>"crl.pem",
                        OUTFORM=>"TXT" );

sub issueCert () - Issue a certificate.

        This function should be used when you have a CA certificate and
        a request (either DER|PEM|SPKAC) and want to issue the certificate.
        Parameters used will override the configuration values (remember
        to set to appropriate value the CONFIG with the setParams func).
        Accepted parameters are:

                REQDATA       - Request;
                REQFILE       - File containing the request (one of
                                REQDATA and REQFILE are required);
                INFORM        - Input format (PEM|DER|NET|SPKAC)(*);
                PRESERVE_DN   - Preserve DN order (Y|N)(*);
                CAKEY         - CA key file;
                CACERT        - CA certificate file;
                DAYS          - Days the certificate will be valid(*);
                PASSWD        - Password to decrypt priv. CA key(*);
                EXTS          - Extentions to be used (configuration
                                section of the openssl.cnf file)(*);
                REQTYPE       - Request type (NETSCAPE|MSIE)(*);

        (*) - Optional parameters;


                $openssl->issueCert( REQFILE=>"myreq",
                        REQTYPE=>NETSCAPE );

sub issueCrl () - Issue a CRL.

        This function is used to issue a CRL. Accepted parameters

                CAKEY   - CA private key file;
                CACERT  - CA certificate file;
                PASSWD  - Password to decrypt priv. CA key(*);
                DAYS    - Days the CRL will be valid for(*);
                EXTS    - Extentions to be added ( see the openssl.cnf
                          pages for more help on this )(*);
                OUTFILE - Output file(*);
                OUTFORM - Output format (PEM|DER|NET|TXT)(*);

        (*) - Optional parameters;


                print $openssl->issueCrl( CAKEY=>"$ca/private/cakey.pem",
                                          OUTFORM=>TXT );

sub SPKAC () - Get SPKAC infos.

        This function returns a text containing all major info
        about an spkac structure. Accepted parameters are:

                SPKAC     - spkac data ( SPKAC = .... ) (*);
                INFILE    - An spkac request file (*);
                OUTFILE   - Output file (*);
        (*) - Optional parameters;


                print $openssl->SPKAC( SPKAC=>$data, OUTFILE=>$target );


Massimiliano Pala <>


OpenCA::X509, OpenCA::CRL, OpenCA::REQ, OpenCA::TRIStateCGI, OpenCA::Configuration