This library provides generic access for variety of keystores.
The following example shows how to use this library:
(import (rnrs) (security keystore))
(define keystore (load-keystore 'jks "keystore.jks" "storepass"))
(keystore-get-key keystore "key-name" "key-pass")
;; -> <private-key>
(keystore-get-certificate keystore "cert-name")
;; -> <x509-certificate>
;; certs must be a list of certificates
(keystore-set-key! keystore "key-name2" private-key "key-pass2" certs)
(keystore-set-certificate! keystore "cert-name2" cert)
(store-keystore-to-file keystore "keystore2.jks" "storepass2")
Base class of keystores.
Returns #t if given obj is a keystore object. Otherwise #f.
Loads type keystore from input-port or file.
storepass must be a string and may or may not be used to decrypt keystore content.
load-keystore
loads from given binary input port input-port.
load-keystore-file
loads from given file file.
Returns newly created type keystore object.
Currently pkcs12
, jks
and jceks
are supported.
The method shall return a private key associated with _alias_from keystore. If there is no key entry associated with alias then #f shall be returned.
alias shall be a string.
keypass shall be a string. It may or may not be used to decrypt the private key.
The method shall return an X509 certificate associated with _alias_from keystore. If there is no certificate entry associated with alias then #f shall be returned.
alias shall be a string.
The method shall return a list of key certificates associated with alias from keystore. If there is no certificate entries associated with alias then #f shall be returned.
alias shall be a string.
The method shall return a date object of alias associated entry. If there is no entry associated with alias then #f shall be returned.
alias shall be a string.
The method shall return #t if keystore contains an entry associated with alias. Otherwise #f shall be returend.
The method shall return all aliases in the given keystore as a list.
The methods shall write keystore to output-port or file.
The store-keystore
shall write to given binary output port
output-port.
The store-keystore-to-file
shall write to given file file.
storepass shall be a string and may or may not be used to encrypt whole contents.
alias shall be a string represents the name of private-key in the keystore.
private-key shall be an RSA private key.
key-pass shall be a string and may or may not be used to encrypt given private-key.
certs shall be a list of X509 certificates which associated with private-key.
The method shall store given private-key to keystore.
alias shall be a string represents the name of cert in the keystore.
cert shall be an X509 certificate.
The method shall store given cert to keystore.
The method shall remove the entry associated with alias from keystore.