Types

Pkcs7 represents an abstract PKCS#7 structure. The concrete type of structure is hidden in the object: such polymorphism isn't very haskellish but please get it out of your mind since OpenSSL is written in C.

data Pkcs7Flag Source

Pkcs7Flag is a set of flags that are used in many operations related to PKCS#7.

Constructors

Pkcs7Text
Pkcs7NoCerts
Pkcs7NoSigs
Pkcs7NoChain
Pkcs7NoIntern
Pkcs7NoVerify
Pkcs7Detached
Pkcs7Binary
Pkcs7NoAttr
Pkcs7NoSmimeCap
Pkcs7NoOldMimeType
Pkcs7CRLFEOL

Instances

Eq Pkcs7Flag
Show Pkcs7Flag
Typeable Pkcs7Flag

data Pkcs7VerifyStatus Source

Pkcs7VerifyStatus represents a result of PKCS#7 verification. See pkcs7Verify.

Constructors

Pkcs7VerifySuccess (Maybe String)	Nothing if the PKCS#7 signature was a detached signature, and `Just content` if it wasn't.
Pkcs7VerifyFailure

Instances

Eq Pkcs7VerifyStatus
Show Pkcs7VerifyStatus
Typeable Pkcs7VerifyStatus

Encryption and Signing

pkcs7Sign Source

Arguments

:: KeyPair key
=> X509	certificate to sign with
-> key	corresponding private key
-> [X509]	optional additional set of certificates to include in the PKCS#7 structure (for example any intermediate CAs in the chain)
-> String	data to be signed
-> [Pkcs7Flag]	An optional set of flags: `Pkcs7Text` Many S/MIME clients expect the signed content to include valid MIME headers. If the `Pkcs7Text` flag is set MIME headers for type "text/plain" are prepended to the data. `Pkcs7NoCerts` If `Pkcs7NoCerts` is set the signer's certificate will not be included in the PKCS#7 structure, the signer's certificate must still be supplied in the parameter though. This can reduce the size of the signature if the signer's certificate can be obtained by other means: for example a previously signed message. `Pkcs7Detached` The data being signed is included in the PKCS#7 structure, unless `Pkcs7Detached` is set in which case it is ommited. This is used for PKCS#7 detached signatures which are used in S/MIME plaintext signed message for example. `Pkcs7Binary` Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) but if `Pkcs7Binary` is set no translation occurs. This option should be uesd if the supplied data is in binary format otherwise the translation will corrupt it. `Pkcs7NoAttr` `Pkcs7NoSmimeCap` The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If `Pkcs7NoAttr` is set then no authenticatedAttributes will be used. If Pkcs7NoSmimeCap is set then just the SMIMECapabilities are omitted.
-> IO Pkcs7

pkcs7Sign creates a PKCS#7 signedData structure.

pkcs7Verify Source

Arguments

:: Pkcs7	A PKCS#7 structure to verify.
-> [X509]	Set of certificates in which to search for the signer's certificate.
-> X509Store	Trusted certificate store (used for chain verification).
-> Maybe String	Signed data if the content is not present in the PKCS#7 structure (that is it is detached).
-> [Pkcs7Flag]	An optional set of flags: `Pkcs7NoIntern` If `Pkcs7NoIntern` is set the certificates in the message itself are not searched when locating the signer's certificate. This means that all the signers certificates must be in the second argument ([`X509`]). `Pkcs7Text` If the `Pkcs7Text` flag is set MIME headers for type "text/plain" are deleted from the content. If the content is not of type "text/plain" then an error is returned. `Pkcs7NoVerify` If `Pkcs7NoVerify` is set the signer's certificates are not chain verified. `Pkcs7NoChain` If `Pkcs7NoChain` is set then the certificates contained in the message are not used as untrusted CAs. This means that the whole verify chain (apart from the signer's certificate) must be contained in the trusted store. `Pkcs7NoSigs` If `Pkcs7NoSigs` is set then the signatures on the data are not checked.
-> IO Pkcs7VerifyStatus

pkcs7Verify verifies a PKCS#7 signedData structure.

pkcs7Encrypt Source

Arguments

:: [X509]	A list of recipient certificates.
-> String	The content to be encrypted.
-> Cipher	The symmetric cipher to use.
-> [Pkcs7Flag]	An optional set of flags: `Pkcs7Text` If the `Pkcs7Text` flag is set MIME headers for type "text/plain" are prepended to the data. `Pkcs7Binary` Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if `Pkcs7Binary` is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If `Pkcs7Binary` is set then `Pkcs7Text` is ignored.
-> IO Pkcs7

pkcs7Encrypt creates a PKCS#7 envelopedData structure.

pkcs7Decrypt Source

Arguments

:: KeyPair key
=> Pkcs7	The PKCS#7 structure to decrypt.
-> key	The private key of the recipient.
-> X509	The recipient's certificate.
-> [Pkcs7Flag]	An optional set of flags: `Pkcs7Text` If the `Pkcs7Text` flag is set MIME headers for type "text/plain" are deleted from the content. If the content is not of type "text/plain" then an error is thrown.
-> IO String	The decrypted content.

pkcs7Decrypt decrypts content from PKCS#7 envelopedData structure.

S/MIME

writeSmime Source

Arguments

:: Pkcs7	A PKCS#7 structure to be written.
-> Maybe String	If cleartext signing (multipart/signed) is being used then the signed data must be supplied here.
-> [Pkcs7Flag]	An optional set of flags: `Pkcs7Detached` If `Pkcs7Detached` is set then cleartext signing will be used, this option only makes sense for signedData where `Pkcs7Detached` is also set when `pkcs7Sign` is also called. `Pkcs7Text` If the `Pkcs7Text` flag is set MIME headers for type "text/plain" are added to the content, this only makes sense if `Pkcs7Detached` is also set.
-> IO String	The result S/MIME message.

writeSmime writes PKCS#7 structure to S/MIME message.

readSmime Source

Arguments

:: String	The message to be read.
-> IO (Pkcs7, Maybe String)	(The result PKCS#7 structure, `Just content` if the PKCS#7 structure was a cleartext signature and `Nothing` if it wasn't.)

readSmime parses S/MIME message.