Pike v8.0 release 1738

Method Standards.X509.sign_key()


Method sign_key

string sign_key(Sequence issuer, Crypto.Sign.State c, Crypto.Sign.State ca, Crypto.Hash h, Sequence subject, int serial, int ttl, array|mapping|void extensions)

Description

Low-level function for creating a signed certificate.

Parameter issuer

Distinguished name for the issuer. See Standards.PKCS.Certificate.build_distinguished_name.

Parameter c

RSA, DSA or ECDSA parameters for the subject. Only the public key needs to be set. See Crypto.RSA, Crypto.DSA and Crypto.ECC.Curve.ECDSA.

Parameter ca

RSA, DSA or ECDSA parameters for the issuer. Only the private key needs to be set. See Crypto.RSA, Crypto.DSA and Crypto.ECC.Curve.ECDSA.

Parameter h

The hash function to use for the certificate. Must be one of the standardized PKCS hashes to be used with the given Crypto.

Parameter subject

Distinguished name for the subject. See Standards.PKCS.Certificate.build_distinguished_name.

Parameter public_key

DER-encoded RSAPublicKey structure. See Standards.PKCS.RSA.public_key().

Parameter serial

Serial number for this key and subject.

Parameter ttl

Validity time in seconds for this signature to be valid.

Parameter extensions

Set of extensions.

Returns

Returns a DER-encoded certificate.

See also

make_selfsigned_certificate(), make_tbs(), sign_tbs()