SignedCertificate (String function): Difference between revisions

From m204wiki
Jump to navigation Jump to search
m (→‎See also: add mention of String cipher methods)
m (→‎See also: add method bto list)
 
(18 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Template:String:SignedCertificate subtitle}}
{{Template:String:SignedCertificate subtitle}}
This page is [[under construction]].
This method generates a signed SSL certificate from a given certificate request and private key. It adds the lines of the signed certificate to the end of the object certificate-request.
 
==Syntax==
==Syntax==
{{Template:String:SignedCertificate syntax}}
{{Template:String:SignedCertificate syntax}}
===Syntax terms===
===Syntax terms===
<table class="syntaxTable">
<table>
<tr><th>%signedCert</th><td>string</td></tr>
<tr><th>%signedCert</th>
<td>A <var>String</var> or <var>Longstring</var> to contain the signed certificate that the method creates.</td></tr>
 
<tr><th>string</th>
<tr><th>string</th>
<td>string</td></tr>
<td>A <var>String</var> or <var>Longstring</var> that contains a base64 encoded X.509 certificate request.</td></tr>
 
<tr><th><var>PrivateKey</var></th>
<tr><th><var>PrivateKey</var></th>
<td>string</td></tr>
<td>This [[Notation conventions for methods#Named parameters|name allowed]] parameter is a <var>String</var> or <var>Longstring</var> that contains the RSA-generated private key used to create the signature. This value must be less than or equal to 4096 (as of version 7.7 of Model&nbsp;204). The pre-7.7 maximum is 2048 bits.</td></tr>
 
<tr><th><var>Signer</var></th>
<tr><th><var>Signer</var></th>
<td>string<br/>This default value of this argument is [[??]].</td></tr>
<td>This optional, name allowed, argument is a string that contains a base64 encoded CA (certifying authority) X.509 certificate. If not specified, the method object <var class="term">string</var> is used, and the certificate is self-signed. </td></tr>
 
<tr><th><var>StartDate</var></th>
<tr><th><var>StartDate</var></th>
<td>string<br/>This default value of this argument is [[??]].</td></tr>
<td>This optional, name allowed, argument is a string that contains the Start date for the signed certificate (in YYMMDDHHMISS format). The default is today's date.</td></tr>
 
<tr><th><var>EndDate</var></th>
<tr><th><var>EndDate</var></th>
<td>string<br/>This default value of this argument is [[??]].</td></tr>
<td>This optional, name allowed, argument is a string that contains the End date for the signed certificate (in YYMMDDHHMISS format). The default is 24 hours from <var>StartDate</var>.  <code>YY</code> may not be less then the current 2-digit year.</td></tr>
 
<tr><th><var>SerialNumber</var></th>
<tr><th><var>SerialNumber</var></th>
<td>number<br/>This default value of this argument is [[??]].</td></tr>
<td>This optional, name allowed, argument is a numeric value that is the Serial number for the signed certificate. The default is a number guaranteed to increase by 1 for every call and guaranteed to increase from run to run, unless there is an extreme amount
of signing occurrences.</td></tr>
 
<tr><th><var>SignatureAlgorithm</var></th>
<tr><th><var>SignatureAlgorithm</var></th>
<td><var>DigestAlgorithm</var> value<br/>This default value of this argument is [[??]].</td></tr>
<td>This optional, [[Notation conventions for methods#Named parameters|name required]], argument is a <var>[[DigestAlgorithm enumeration|DigestAlgorithm]]</var> enumeration value. Valid values are: <var>MD5</var>, <var>SHA1</var>, <var>SHA256</var>, <var>SHA384</var> (Model 204 7.7 and later), and <var>SHA512</var> (Model 204 7.7 and later). The default value is <var>SHA256</var> as of Model 204 7.7 (and zap maintenance for versions 7.6 and 7.5).
<p class="note"><b>Note:</b> Although supported and formerly the default, most modern browsers are deprecating <var>SHA1</var>.</p></td></tr>
</table>
</table>
==Usage notes==
==Usage notes==
==Examples==
For some background information concerning certificates, see [https://en.wikipedia.org/wiki/Public-key_cryptography Public-key cryptography] and [https://en.wikipedia.org/wiki/Certificate_signing_request Certificate signing request].
 
==Example==
This example uses a self-generated private key and certificate request and then prints a view of the <var>SignedCertificate</var> output.
The <var>DerToXmlDoc</var> method that is used to "unpack" the content does not understand the semantics of the standard tags for the signed certificate items, so the output tags are somewhat generic. No SOUL method interprets signed certificate items as well as, for example, the <var>[[RSAPrivateKeyToXmlDoc (String function)|RSAPrivateKeyToXmlDoc]]</var> does for a private key.
<p class="code">b
%ls  is longstring
%cr  is longstring
%sc  is longstring
 
%ls = %(System):[[GeneratedPrivateKey (System function)|GeneratedPrivateKey]](Length=512)
%cr = %ls:[[CertificateRequest (String function)|CertificateRequest]]
 
%sc = %cr:SignedCertificate(%ls)
%sc:derToXmlDoc:print
end </p>
<p>
The result is:  </p>
<p class="output">%sc:derToXmlDoc:print:
<Sequence>                                                         
  <Sequence>                                                       
      <Integer>16030188579305029649</Integer>                       
      <Sequence>                                                   
        <ObjectIdentifier>1.2.840.113549.1.1.11</ObjectIdentifier> 
        <Null/>                                                   
      </Sequence>                                                   
      <Sequence/>                                                   
      <Sequence>                                                   
        <UTCTime>20160330222419.000Z</UTCTime>
        <UTCTime>20160330222419.000Z</UTCTime>                     
      </Sequence>                                                   
      <Sequence/>                                                   
      <Sequence>                                                   
        <Sequence>                                                 
            <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier>
            <Null/>                                                 
        </Sequence>                                               
        <BitString bits="576">
304602410082FCF711CB0B1C ... 06B82C686516711F8769127D0D-
BE318606B7529E5020103
        </BitString>
      </Sequence>
  </Sequence>
  <Sequence>
      <ObjectIdentifier>1.2.840.113549.1.1.11</ObjectIdentifier>
      <Null/>
  </Sequence>
  <BitString bits="512">
5D076DA8C002B5077047EA27 ... 5C9CEBB9ED37CF1A0096B47220
  </BitString> 
</Sequence>
</p>
 
==See also==
==See also==
<p>
<p>
Line 28: Line 93:
<ul>
<ul>
<li><var>[[CertificateRequest (String function)|CertificateRequest]]</var> </li>
<li><var>[[CertificateRequest (String function)|CertificateRequest]]</var> </li>
<li><var>[[ClientCertificateRequest (String function)|ClientCertificateRequest]]</var> </li>
<li><var>[[SignedCertificate (String function)|SignedCertificate]]</var> </li>
<li><var>[[SignedClientCertificate (String function)|SignedClientCertificate]]</var> </li>


<li><var>[[DerToXmlDoc (String function)|DerToXmlDoc]]</var> </li>
<li><var>[[DerToXmlDoc (String function)|DerToXmlDoc]]</var> </li>
Line 39: Line 110:
<li>Multiple cryptographic cipher methods </li>
<li>Multiple cryptographic cipher methods </li>
</ul>
</ul>
<p>
<var>Stringlist</var> methods: </p>
{{Template:Stringlist crypto methods}}
<p>
<p>
<var>System</var> methods: </p>
<var>System</var> methods: </p>
<ul>
<ul>
<li><var>[[ClientCertificate (System function)|ClientCertificate]]</var>, <li><var>[[GeneratedPrivateKey (System function)|GeneratedPrivateKey]]</var> </li>
<li><var>[[ClientCertificate (System function)|ClientCertificate]]</var> </li>
<li><var>[[GeneratedPrivateKey (System function)|GeneratedPrivateKey]]</var> </li>
</ul>
</ul>
<p>
<p>
<var>Stringlist</var> methods: </p>
<var>Socket</var> methods: </p>
<ul>
<li><var>[[AppendCertificateInfo (Stringlist function)|AppendCertificateInfo]]</var></li>
 
<li><var>[[AppendCertificateRequest (Stringlist function)|AppendCertificateRequest]]</var></li>
 
<li><var>[[AppendCertificateRequestInfo (Stringlist function)|AppendCertificateRequestInfo]]</var></li>
 
<li><var>[[AppendClientCertificateRequest (Stringlist function)|AppendClientCertificateRequest]]</var></li>
 
<li><var>[[AppendEncryptedSecurityData (Stringlist subroutine)|AppendEncryptedSecurityData]]</var></li>
 
<li><var>[[AppendGeneratedPrivateKey (Stringlist subroutine)|AppendGeneratedPrivateKey]]</var></li>
 
<li><var>[[AppendSignedCertificate (Stringlist function)|AppendSignedCertificate]]</var></li>
 
<li><var>[[AppendSignedClientCertificate (Stringlist function)|AppendSignedClientCertificate]]</var></li>
 
<li><var>[[CheckCertificate (Stringlist function)|CheckCertificate]]</var></li>
 
<li><var>[[CheckCertificateRequest (Stringlist function)|CheckCertificateRequest]]</var></li>
 
<li><var>[[PemToString (Stringlist function)|PemToString]]</var> and more</li>
</ul>
 
<var>Socket</var> methods:
<ul>
<ul>
<li><var>[[Certificate (Socket function)|Certificate]]</var> </li>
<li><var>[[Certificate (Socket function)|Certificate]]</var> </li>

Latest revision as of 15:06, 6 September 2018

Sign a certificate request (String class)

[Requires Janus Network Security]

This method generates a signed SSL certificate from a given certificate request and private key. It adds the lines of the signed certificate to the end of the object certificate-request.

Syntax

[%signedCert =] string:SignedCertificate( [PrivateKey=] string, - [[Signer=] string], - [[StartDate=] string], - [[EndDate=] string], - [[SerialNumber=] number], - [SignatureAlgorithm= digestAlgorithm]) Throws PKCSError

Syntax terms

%signedCert A String or Longstring to contain the signed certificate that the method creates.
string A String or Longstring that contains a base64 encoded X.509 certificate request.
PrivateKey This name allowed parameter is a String or Longstring that contains the RSA-generated private key used to create the signature. This value must be less than or equal to 4096 (as of version 7.7 of Model 204). The pre-7.7 maximum is 2048 bits.
Signer This optional, name allowed, argument is a string that contains a base64 encoded CA (certifying authority) X.509 certificate. If not specified, the method object string is used, and the certificate is self-signed.
StartDate This optional, name allowed, argument is a string that contains the Start date for the signed certificate (in YYMMDDHHMISS format). The default is today's date.
EndDate This optional, name allowed, argument is a string that contains the End date for the signed certificate (in YYMMDDHHMISS format). The default is 24 hours from StartDate. YY may not be less then the current 2-digit year.
SerialNumber This optional, name allowed, argument is a numeric value that is the Serial number for the signed certificate. The default is a number guaranteed to increase by 1 for every call and guaranteed to increase from run to run, unless there is an extreme amount of signing occurrences.
SignatureAlgorithm This optional, name required, argument is a DigestAlgorithm enumeration value. Valid values are: MD5, SHA1, SHA256, SHA384 (Model 204 7.7 and later), and SHA512 (Model 204 7.7 and later). The default value is SHA256 as of Model 204 7.7 (and zap maintenance for versions 7.6 and 7.5).

Note: Although supported and formerly the default, most modern browsers are deprecating SHA1.

Usage notes

For some background information concerning certificates, see Public-key cryptography and Certificate signing request.

Example

This example uses a self-generated private key and certificate request and then prints a view of the SignedCertificate output. The DerToXmlDoc method that is used to "unpack" the content does not understand the semantics of the standard tags for the signed certificate items, so the output tags are somewhat generic. No SOUL method interprets signed certificate items as well as, for example, the RSAPrivateKeyToXmlDoc does for a private key.

b %ls is longstring %cr is longstring %sc is longstring %ls = %(System):GeneratedPrivateKey(Length=512) %cr = %ls:CertificateRequest %sc = %cr:SignedCertificate(%ls) %sc:derToXmlDoc:print end

The result is:

%sc:derToXmlDoc:print: <Sequence> <Sequence> <Integer>16030188579305029649</Integer> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.11</ObjectIdentifier> <Null/> </Sequence> <Sequence/> <Sequence> <UTCTime>20160330222419.000Z</UTCTime> <UTCTime>20160330222419.000Z</UTCTime> </Sequence> <Sequence/> <Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier> <Null/> </Sequence> <BitString bits="576"> 304602410082FCF711CB0B1C ... 06B82C686516711F8769127D0D- BE318606B7529E5020103 </BitString> </Sequence> </Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.11</ObjectIdentifier> <Null/> </Sequence> <BitString bits="512"> 5D076DA8C002B5077047EA27 ... 5C9CEBB9ED37CF1A0096B47220 </BitString> </Sequence>

See also

String methods:

Stringlist methods:

System methods:

Socket methods: