- ECDSA KEY FORMAT
- SIGNATURE DIGEST ALGORITHMS
- CLASS METHODS
- SEE ALSO
Crypt::Perl::PKCS10 - Certificate Signing Request (CSR) creation
my $pkcs10 = Crypt::Perl::PKCS10->new( key => $private_key_obj, subject => [ commonName => 'foo.com', localityName => 'somewhere', #... ], attributes => [ [ 'extensionRequest', [ 'subjectAltName', [ dNSName => 'foo.com' ], [ dNSName => 'bar.com' ], ], ], ], ); my $der = $pkcs10->to_der(); my $pem = $pkcs10->to_pem();
This module is for creation of (PKCS #10) certificate signing requests (CSRs). Right now it supports only a subset of what OpenSSL can create; however, it’s useful enough for use with many certificate authorities, including ACME services like Let’s Encrypt.
It’s also a good deal easier to use!
I believe this is the only CPAN module that can create CSRs for RSA, ECDSA, and Ed25519 keys. Other encryption schemes would not be difficult to integrate—but do any CAs accept them?
After a brief flirtation (cf. v0.13) with producing ECDSA-signed CSRs using explicit curve parameters, this module produces CSRs using named curves. Certificate authorities seem to prefer this format—which makes sense since they only allow certain curves in the first place.
The signature digest algorithm is determined based on the passed-in key: for RSA it’s always SHA-512, and for ECDSA it’s the strongest SHA digest algorithm that the key allows (e.g., SHA-224 for a 239-bit key, etc.)
If you need additional flexibility, let me know.
(Note that Ed25519 signs an entire document rather than a digest.)
Create an instance of this class. Parameters are:
key- An instance of
Crypt::Perl::Ed25519::PrivateKey. If you’ve got a DER- or PEM-encoded key string, use Crypt::Perl::PK (included in this distribution) to create an appropriate object.
subject- An array reference of arguments into Crypt::Perl::X509::Name’s constructor.
attributes- An array reference of arguments into Crypt::Perl::PKCS10::Attributes’s constructor.
Let me know what features you would find useful, ideally with a representative sample CSR that demonstrates the requested feature. (Or, better yet, send me a pull request!)
Crypt::PKCS10 - Parse CSRs, in pure Perl.
Crypt::OpenSSL::PKCS10 - Create CSRs using OpenSSL via XS. Currently this only seems to support RSA.