Crypt::SMIME::JA − S/MIMEã®ç½²åãæ¤è¨¼ãæå·åã復å·
use
Crypt::SMIME;
my $plain = <<'EOF';
From: [email protected]
To: [email protected]
Subject: Crypt::SMIME test
This is a test mail. Please ignore...
EOF
my $smime = Crypt::SMIME−>new();
$smime−>setPrivateKey($privkey, $crt);
# $smime−>setPublicKey([$icacert]); # if need be.
my $signed = $smime−>sign($plain);
print $signed;
S/MIMEã®ç½²åãæ¤è¨¼ãæå·åã復å·ãè¡ãã¯ã©ã¹ã libcrypto (<http://www.openssl.org>) ãå¿è¦ã
æ¢å®ã§ã¨ã¯ã¹ãã¼ããããã·ã³ãã«ã¯ç¡ããã次ã®ã·ã³ãã«ã¯ã¨ã¯ã¹ãã¼ãå¯è½ã§ããã
"NO_CHECK_CERTIFICATE"
"check()" ãåç§ã
"FORMAT_SMIME"
"FORMAT_ASN1"
"FORMAT_PEM"
"extractCertificates()" ãåç§ã
":constants"
ä¸è¨ã®ãã®å¨ã¦ãã¨ã¯ã¹ãã¼ãããã
new()
my $smime = Crypt::SMIME−>new();
å¼æ°ç¡ã
setPrivateKey()
$smime−>setPrivateKey($key,
$crt);
$smime−>setPrivateKey($key, $crt, $password);
ç§å¯éµãè¨å®ãããããã§è¨å®ãããç§å¯éµã¯ç½²åã¨å¾©å·ã®éã«ç¨ããããã ãã¡ã¤ã«åã§ã¯ãªããéµæ¬ä½ã渡ãã
対å¿ãã¦ãããã©ã¼ããã㯠PEM ã®ã¿ãéµã®èªã¿è¾¼ã¿ã«å¤±æããå ´åã¯dieããã
setPrivateKeyPkcs12()
$smime−>setPrivateKeyPkcs12($key,
$pkcs12);
$smime−>setPrivateKeyPkcs12($key, $pkcs12,
$password);
ç§å¯éµããã³ãã® X.509 証ææ¸ã PKCS#12 ããèªã¿è¾¼ãã§è¨- å®ãããç§å¯éµã¯ç½²åã¨å¾©å·ã®éã«ç¨ããããã èªã¿è¾¼ã¿ã«å¤±æããå ´å㯠die ããã
setPublicKey()
$smime−>setPublicKey($crt);
$smime−>setPublicKey([$crt1, $crt2, ...]);
å¬ééµãè¨å®ãããããã§è¨å®ãããå¬ééµã¯ç½²åã¸ã®æ·»ä»ãç½²åã®æ¤è¨¼ã ããã¦æå·åã®éã«ç¨ããããã
対å¿ãã¦ãããã©ã¼ããã㯠PEM ã®ã¿ãéµã®èªã¿è¾¼ã¿ã«å¤±æããå ´åã¯dieããã
setPublicKeyStore()
$smime−>setPublicKeyStore($path, ...);
ä¿¡é ¼ãã¦ãã証ææ¸ (è¤æ°å¯) ãå¥ã£ããã¡ã¤ã«ããã£ã¬ã¯ããªã®ãã¹ (è¤æ°å¯) ãè¨å®ãããããã§è¨å®ããã証ææ¸ã¹ãã¢ã¯ãç½²åã®æ¤è¨¼ã®éã«ç¨ããããã
証ææ¸ã¹ãã¢ã®èªã¿è¾¼ã¿ã«å¤±æããå ´åã¯dieããã
sign()
$signed_mime = $smime−>sign($raw_mime);
ç½²åãè¡ããMIMEã¡ãã»ã¼ã¸ãè¿ããå¯è½ãªç½²åã¯ã¯ãªã¢ç½²åã®ã¿ã
"Content−*", "MIME−*" åã³ "Subject" ãé¤ããããã㯠multipartã®ãããã¬ãã«ã«ç§»ãããã "Subject" ã¯S/MIMEãèªè- ã§ããªãã¡ã¼ã©ã®ããã«, multipartã® ãããã¬ãã«ã¨ä¿è- ·ãããã¡ãã»ã¼ã¸ã®ä¸¡å´ã«éç½®ãããã
åã® MIME ã¡ãã»ã¼ã¸ãç§å¯éµãã¾ãã¯ãã®è¨¼ææ¸ã®ãããããæ±æããã¦ãã (tainted) ãªãã°ãç½²åãããã¡ãã»ã¼ã¸ãæ±æãããã
signonly()
$sign = $smime−>signonly($prepared_mime);
ç½²åã®è¨ç®ãè¡ãã $sign ã¯BASE64ã§ã¨ã³ã³ã¼ãããã¦è¿ãã $prepared_mime ã«ã¯, "prepareSmimeMessage" ã§è¿ãããå¤ã渡ãã
åã® MIME ã¡ãã»ã¼ã¸ãç§å¯éµãã¾ãã¯ãã®è¨¼ææ¸ã®ãããããæ±æããã¦ãã (tainted) ãªãã°ãçæãããç½²åãæ±æãããã
prepareSmimeMessage()
($prepared_mime, $outer_header)
= $smime−>prepareSmimeMessage($source_mime);
ç½²åç¨ã®ã¡ãã»ã¼ã¸ãæºåããã $prepared_mime ã«ã¯ç½²åç¨ã«ä¿®æ- £ãããMIMEã¡ãã»ã¼ã¸ãè¿ãã $outer_header ã¯ãS/MIMEã®å¤å´ã«ä»ä¸ããããããè¿ãã
$prepared_mime ã®æ¬æã¯$source_mimeã¨åãç©ã¨ãªããã ãããã«é¢ãã¦ã¯"Content−*", "MIME−*", "Subject" ãé¤ãå¨ã¦ã åãé¤ããããåãé¤ãããããã㯠$outer_header ã«è¿ãããã S/MIMEã¡ãã»ã¼ã¸ãæ§ç¯ããéã«ã¯ãããS/MIMEã¡ãã»ã¼ã¸ã®ãããã«è¿½å ããã "Subject" ãããã®ã¿ã¯ $prepared_mime 㨠$outer_header ã®ä¸¡æ¹ã« ç¾ããç¹ã«æ³¨æã
check()
use Crypt::SMIME
qw(:constants);
$source_mime = $smime−>check($signed_mime);
$source_mime = $smime−>check($signed_mime,
$flags);
æ¤è¨¼ãè¡ããæ¤è¨¼ã«å¤±æããå ´åã¯ãã®çç±ã¨å±ã«dieããã
$flags ã¨ã㦠"Crypt::SMIME::NO_CHECK_CERTIFICATE" ãªãã·ã§ã³ãæå®ããå ´åã«ã¯ãç½²åèã®è¨¼ææ¸ãã§ã¼ã³ãæ¤è¨¼ããªãã $flags ã®ããã©ã«ãå¤ã¯ 0 ã§ããããã®å ´åã«ã¯å¨ã¦ã®æ´åæ§ã«ã¤ãã¦ã®æ¤è¨¼ãè¡ãã
åã® S/MIME ã¡ãã»ã¼ã¸, $flags, æ¤è¨¼æå» ("setAtTime"), ã¾ã㯠å¬ééµã®å°ãªãã¨ãä¸ã¤ãæ±æããã¦ãã(tainted) ãªãã°ãæ¤è¨¼ãããã¡ãã»ã¼ã¸ãæ±æãããã
encrypt()
$encrypted_mime = $smime−>encrypt($raw_mime);
æå·åãè¡ãã
"Content−*", "MIME−*" åã³ "Subject" ãé¤ããããã㯠multipartã®ãããã¬ãã«ã«ã³ãã¼ãããã "Subject" ã¯S/MIMEãèªè- ã§ããªãã¡ã¼ã©ã®ããã«, multipartã® ãããã¬ãã«ã¨ä¿è- ·ãããã¡ãã»ã¼ã¸ã®ä¸¡å´ã«éç½®ãããã
åã® MIME ã¡ãã»ã¼ã¸ãã¾ãã¯å¬ééµã®å°ãªãã¨ãä¸ã¤ãæ±æããã¦ãã (tainted) ãªãã°ãæå·åãããã¡ãã»ã¼ã¸ãæ±æãããã
decrypt()
$decrypted_mime = $smime−>decrypt($encrypted_mime);
復å·ãè¡ãã復å·ã«å¤±æããå ´åã¯ãã®çç±ã¨å±ã«dieããã
åã® S/MIME ã¡ãã»ã¼ã¸ãç§å¯éµãã¾ãã¯ãã®è¨¼ææ¸ã®ãããããæ±æããã¦ãã (tainted) ãªãã°ã復å·ãããã¡ãã»ã¼ã¸ãæ±æãããã
isSigned()
$is_signed = $smime−>isSigned($mime);
渡ãããMIMEã¡ãã»ã¼ã¸ãS/MIMEã§ç½²åããããã®ãªãçãè¿ãã ã¯ãªã¢ç½²åãã©ããã¯åããªãã ç½²åå¾ã«æå·åããã¡ãã»ã¼ã¸ã渡ããå ´åã¯ãç½²åãç´æ¥è¦ããªãçºã å½ãè¿ãäºã«æ³¨æã
isEncrypted()
$is_encrypted = $smime−>isEncrypted($mime);
渡ãããMIMEã¡ãã»ã¼ã¸ãS/MIMEã§æå·åããããã®ãªãçãè¿ãã æå·åå¾ã«ç½²åããã¡ãã»ã¼ã¸ã渡ããå ´åã¯ãæå·æãç´æ¥è¦ããªãçºã å½ãè¿ãäºã«æ³¨æã
setAtTime()
$yesterday = time −
(60*60*24);
$smime−>setAtTime($yesterday);
æ¤è¨¼æã«ç¨ããæå»ãè¨å®ãããããã©ã«ãã¯ç¾å¨æå»ã UNIX epoch å½¢å¼ã§ãªããã°ãªããªãã
extractCertificates()
use Crypt::SMIME
qw(:constants);
@certs = @{Crypt::SMIME::extractCertificates($data)};
@certs = @{Crypt::SMIME::extractCertificates($data,
FORMAT_SMIME)};
<S/MIMEã¡ãã»ã¼ã¸ã¾ãã¯PKCS#7ãªãã¸ã§ã¯ãã«å«ã¾ããX.509証ææ¸ (ã証ææ¸å¤±å¹ãªã¹ã) ããã¹ã¦åå¾ããã ãªãã·ã§ã³ã® $type ãã©ã¡ã¼ã¿ã§ãã¼ã¿ã®ç¨®é¡ãæå®ã§ããã "Crypt::SMIME::FORMAT_SMIME" (åæå¤) ã¯S/MIMEã¡ãã»ã¼ã¸ã "Crypt::SMIME::FORMAT_ASN1"ã¯ãã¤ããªå½¢å¼ã "Crypt::SMIME::FORMAT_PEM"ã¯PEMå½¢å¼ã
getSigners()
@certs =
@{Crypt::SMIME::getSigners($data)};
@certs = @{Crypt::SMIME::getSigners($data, $type)};
S/MIMEã¡ãã»ã¼ã¸ã¾ãã¯PKCS#7ãªãã¸ã§ã¯ãã«å«ã¾ãããç½²åèã® X.509証ææ¸ãåå¾ããããªãã·ã§ã³ã®$typeãã©ã¡ã¼ã¿ã§ãã¼ã¿ã®ç¨®é¡ãæå®ã§ããã
ãã®é¢æ°ãè¿ãå¬ééµã¯æ¤è¨¼ããã¦ããªããã¨ã«æ³¨æã å¬ééµãæå¹ã§ãããã¨ã確ãããã«ã¯check()ãå®è¡ãããã¨ã
Copyright 2006−2014 YMIRLINK Inc. All Rights Reserved.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself
Bug reports and comments to: [email protected]