SYNOPSIS

    use Convert::PEM;
    my $pem = Convert::PEM->new(
                   Name => "DSA PRIVATE KEY",
                   ASN => qq(
                       DSAPrivateKey SEQUENCE {
                           version INTEGER,
                           p INTEGER,
                           q INTEGER,
                           g INTEGER,
                           pub_key INTEGER,
                           priv_key INTEGER
                       }
                  ));

    my $keyfile = 'private-key.pem';
    my $pwd = 'foobar';

    my $pkey = $pem->read(
                   Filename => $keyfile,
                   Password => $pwd
             );

    $pem->write(
                   Content  => $pkey,
                   Password => $pwd,
                   Filename => $keyfile
             );

DESCRIPTION

Convert::PEM reads and writes \s-1PEM\s0 files containing \s-1ASN\s0.1-encoded objects. The files can optionally be encrypted using a symmetric cipher algorithm, such as 3DES. An unencrypted \s-1PEM\s0 file might look something like this:

-----BEGIN DH PARAMETERS----- MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM= -----END DH PARAMETERS-----

The string beginning \*(C`MB4C...\*(C' is the Base64-encoded, \s-1ASN\s0.1-encoded \*(L"object.\*(R"

An encrypted file would have headers describing the type of encryption used, and the initialization vector:

-----BEGIN DH PARAMETERS----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,C814158661DC1449

AFAZFbnQNrGjZJ/ZemdVSoZa3HWujxZuvBHzHNoesxeyqqidFvnydA== -----END DH PARAMETERS-----

The two headers (\*(C`Proc-Type\*(C' and \*(C`DEK-Info\*(C') indicate information about the type of encryption used, and the string starting with \*(C`AFAZ...\*(C' is the Base64-encoded, encrypted, \s-1ASN\s0.1-encoded contents of this \*(L"object.\*(R"

The initialization vector (\*(C`C814158661DC1449\*(C') is chosen randomly.

USAGE

Constructs a new Convert::PEM object designed to read/write an object of a specific type (given in %arg, see below). Returns the new object on success, \*(C`undef\*(C' on failure (see \s-1ERROR\s0 \s-1HANDLING\s0 for details).

%arg can contain:

  • Name The name of the object; when decoding a PEM-encoded stream, the name in the encoding will be checked against the value of Name. Similarly, when encoding an object, the value of Name will be used as the name of the object in the PEM-encoded content. For example, given the string \*(C`FOO BAR\*(C', the output from encode will start with a header like: -----BEGIN FOO BAR----- Name is a required argument.

  • \s-1ASN\s0 An \s-1ASN\s0.1 description of the content to be either encoded or decoded. \s-1ASN\s0 is a required argument.

  • Macro If your \s-1ASN\s0.1 description (in the \s-1ASN\s0 parameter) includes more than one \s-1ASN\s0.1 macro definition, you will want to use the Macro parameter to specify which definition to use when encoding/decoding objects. For example, if your \s-1ASN\s0.1 description looks like this: Foo ::= SEQUENCE { x INTEGER, bar Bar }

    Bar ::= INTEGER If you want to encode/decode a \*(C`Foo\*(C' object, you will need to tell Convert::PEM to use the \*(C`Foo\*(C' macro definition by using the Macro parameter and setting the value to \*(C`Foo\*(C'. Macro is an optional argument. Decodes, and, optionally, decrypts a \s-1PEM\s0 file, returning the object as decoded by Convert::ASN1. The difference between this method and read is that read reads the contents of a \s-1PEM\s0 file on disk; this method expects you to pass the \s-1PEM\s0 contents as an argument.

If an error occurs while reading the file or decrypting/decoding the contents, the function returns undef, and you should check the error message using the errstr method (below).

%args can contain:

  • Content The \s-1PEM\s0 contents.

  • Password The password with which the file contents were encrypted. If the file is encrypted, this is a mandatory argument (well, it's not strictly mandatory, but decryption isn't going to work without it). Otherwise it's not necessary. Constructs the contents for the \s-1PEM\s0 file from an object: \s-1ASN\s0.1-encodes the object, optionally encrypts those contents.

Returns undef on failure (encryption failure, file-writing failure, etc.); in this case you should check the error message using the errstr method (below). On success returns the constructed \s-1PEM\s0 string.

%args can contain:

  • Content A hash reference that will be passed to Convert::ASN1::encode, and which should correspond to the \s-1ASN\s0.1 description you gave to the new method. The hash reference should have the exact same format as that returned from the read method. This argument is mandatory.

  • Password A password used to encrypt the contents of the \s-1PEM\s0 file. This is an optional argument; if not provided the contents will be unencrypted. Reads, decodes, and, optionally, decrypts a \s-1PEM\s0 file, returning the object as decoded by Convert::ASN1. This is implemented as a wrapper around decode, with the bonus of reading the \s-1PEM\s0 file from disk for you.

If an error occurs while reading the file or decrypting/decoding the contents, the function returns undef, and you should check the error message using the errstr method (below).

In addition to the arguments that can be passed to the decode method (minus the Content method), %args can contain:

  • Filename The location of the \s-1PEM\s0 file that you wish to read. Constructs the contents for the \s-1PEM\s0 file from an object: \s-1ASN\s0.1-encodes the object, optionally encrypts those contents; then writes the file to disk. This is implemented as a wrapper around encode, with the bonus of writing the file to disk for you.

Returns undef on failure (encryption failure, file-writing failure, etc.); in this case you should check the error message using the errstr method (below). On success returns the constructed \s-1PEM\s0 string.

In addition to the arguments for encode, %args can contain:

  • Filename The location on disk where you'd like the \s-1PEM\s0 file written. Returns the value of the last error that occurred. This should only be considered meaningful when you've received undef from one of the functions above; in all other cases its relevance is undefined. Returns the Convert::ASN1 object used internally to decode and encode \s-1ASN\s0.1 representations. This is useful when you wish to interact directly with that object; for example, if you need to call configure on that object to set the type of big-integer class to be used when decoding/encoding big integers:

$pem->asn->configure( decode => { bigint => 'Math::Pari' }, encode => { bigint => 'Math::Pari' } );

ERROR HANDLING

If an error occurs in any of the above methods, the method will return \*(C`undef\*(C'. You should then call the method errstr to determine the source of the error:

$pem->errstr

In the case that you do not yet have a Convert::PEM object (that is, if an error occurs while creating a Convert::PEM object), the error can be obtained as a class method:

Convert::PEM->errstr

For example, if you try to decode an encrypted object, and you do not give a passphrase to decrypt the object:

my $obj = $pem->read( Filename => "encrypted.pem" ) or die "Decryption failed: ", $pem->errstr;

LICENSE

Convert::PEM is free software; you may redistribute it and/or modify it under the same terms as Perl itself.

AUTHOR & COPYRIGHTS

Except where otherwise noted, Convert::PEM is Copyright Benjamin Trott, [email protected]. All rights reserved.