:public_key application provides a set of high-level APIs for working with common PKI-related data structures. Under the hood, it supports many more data types, extracted at build time from various standard ASN.1 files. Combining those APIs and the underlying data types to perform common tasks can be a challenge.
The x509 package offers convenient Elixir APIs for:
- Generating RSA and EC private keys
- Deriving the public key from a given private key
- Wrapping and unwrapping keys (e.g. PKCS#8 containers)
- Creating ‘Relative Distinguished Names’ (e.g. Subject and Issuer names)
- Creating PKCS#10 CSRs
- Creating self-signed and issuer-signed RSA and ECDSA certificates with extensions, based on pre-defined or custom templates
- Exporting and importing entities in PEM and DER format
As a design decision, functions return standard
:public_key data types rather than Elixir structs, so the results can be used directly in calls to Erlang/OTP and related libraries.
There is still some work to be done, in documentation and test coverage as well as functional enhancements, but I believe it is in good enough shape for others to start experimenting. Please note that the API may change until it hits 1.0.
Feedback is welcome, both here and as GitHub issues/PRs!