{
    "mode": "info",
    "parameter": "Crypt::OpenSSL::RSA",
    "section": "",
    "url": "https://www.chedong.com/phpMan.php/info/Crypt%3A%3AOpenSSL%3A%3ARSA/json",
    "generated": "2026-07-05T12:15:34Z",
    "synopsis": "use Crypt::OpenSSL::Random;\nuse Crypt::OpenSSL::RSA;\n# not necessary if we have /dev/random:\nCrypt::OpenSSL::Random::randomseed($goodentropy);\nCrypt::OpenSSL::RSA->importrandomseed();\n$rsapub = Crypt::OpenSSL::RSA->newpublickey($keystring);\n$rsapub->usesslv23padding(); # usepkcs1oaeppadding is the default\n$ciphertext = $rsa->encrypt($plaintext);\n$rsapriv = Crypt::OpenSSL::RSA->newprivatekey($keystring);\n$plaintext = $rsa->encrypt($ciphertext);\n$rsa = Crypt::OpenSSL::RSA->generatekey(1024); # or\n$rsa = Crypt::OpenSSL::RSA->generatekey(1024, $prime);\nprint \"private key is:\\n\", $rsa->getprivatekeystring();\nprint \"public key (in PKCS1 format) is:\\n\",\n$rsa->getpublickeystring();\nprint \"public key (in X509 format) is:\\n\",\n$rsa->getpublickeyx509string();\n$rsapriv->usemd5hash(); # insecure. usesha256hash or usesha1hash are the default\n$signature = $rsapriv->sign($plaintext);\nprint \"Signed correctly\\n\" if ($rsa->verify($plaintext, $signature));",
    "sections": {
        "NAME": {
            "content": "Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL\nlibraries\n",
            "subsections": []
        },
        "SYNOPSIS": {
            "content": "use Crypt::OpenSSL::Random;\nuse Crypt::OpenSSL::RSA;\n\n# not necessary if we have /dev/random:\nCrypt::OpenSSL::Random::randomseed($goodentropy);\nCrypt::OpenSSL::RSA->importrandomseed();\n$rsapub = Crypt::OpenSSL::RSA->newpublickey($keystring);\n$rsapub->usesslv23padding(); # usepkcs1oaeppadding is the default\n$ciphertext = $rsa->encrypt($plaintext);\n\n$rsapriv = Crypt::OpenSSL::RSA->newprivatekey($keystring);\n$plaintext = $rsa->encrypt($ciphertext);\n\n$rsa = Crypt::OpenSSL::RSA->generatekey(1024); # or\n$rsa = Crypt::OpenSSL::RSA->generatekey(1024, $prime);\n\nprint \"private key is:\\n\", $rsa->getprivatekeystring();\nprint \"public key (in PKCS1 format) is:\\n\",\n$rsa->getpublickeystring();\nprint \"public key (in X509 format) is:\\n\",\n$rsa->getpublickeyx509string();\n\n$rsapriv->usemd5hash(); # insecure. usesha256hash or usesha1hash are the default\n$signature = $rsapriv->sign($plaintext);\nprint \"Signed correctly\\n\" if ($rsa->verify($plaintext, $signature));\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "\"Crypt::OpenSSL::RSA\" provides the ability to RSA encrypt strings which\nare somewhat shorter than the block size of a key.  It also allows for\ndecryption, signatures and signature verification.\n\nNOTE: Many of the methods in this package can croak, so use \"eval\", or\nError.pm's try/catch mechanism to capture errors.  Also, while some\nmethods from earlier versions of this package return true on success,\nthis (never documented) behavior is no longer the case.\n",
            "subsections": []
        },
        "Class Methods": {
            "content": "newpublickey\nCreate a new \"Crypt::OpenSSL::RSA\" object by loading a public key\nin from a string containing Base64/DER-encoding of either the PKCS1\nor X.509 representation of the key.  The string should include the\n\"-----BEGIN...-----\" and \"-----END...-----\" lines.\n\nThe padding is set to PKCS1OAEP, but can be changed with the\n\"usexxxpadding\" methods.\n\nnewprivatekey\nCreate a new \"Crypt::OpenSSL::RSA\" object by loading a private key\nin from an string containing the Base64/DER encoding of the PKCS1\nrepresentation of the key.  The string should include the\n\"-----BEGIN...-----\" and \"-----END...-----\" lines.  The padding is\nset to PKCS1OAEP, but can be changed with \"usexxxpadding\".\n\ngeneratekey\nCreate a new \"Crypt::OpenSSL::RSA\" object by constructing a\nprivate/public key pair.  The first (mandatory) argument is the key\nsize, while the second optional argument specifies the public\nexponent (the default public exponent is 65537).  The padding is\nset to \"PKCS1OAEP\", but can be changed with usexxxpadding\nmethods.\n\nnewkeyfromparameters\nGiven Crypt::OpenSSL::Bignum objects for n, e, and optionally d, p,\nand q, where p and q are the prime factors of n, e is the public\nexponent and d is the private exponent, create a new\nCrypt::OpenSSL::RSA object using these values.  If p and q are\nprovided and d is undef, d is computed.  Note that while p and q\nare not necessary for a private key, their presence will speed up\ncomputation.\n\nimportrandomseed\nImport a random seed from Crypt::OpenSSL::Random, since the OpenSSL\nlibraries won't allow sharing of random structures across perl XS\nmodules.\n",
            "subsections": []
        },
        "Instance Methods": {
            "content": "DESTROY\nClean up after ourselves.  In particular, erase and free the memory\noccupied by the RSA key structure.\n\ngetpublickeystring\nReturn the Base64/DER-encoded PKCS1 representation of the public\nkey.  This string has header and footer lines:\n\n-----BEGIN RSA PUBLIC KEY------\n-----END RSA PUBLIC KEY------\n\ngetpublickeyx509string\nReturn the Base64/DER-encoded representation of the \"subject public\nkey\", suitable for use in X509 certificates.  This string has\nheader and footer lines:\n\n-----BEGIN PUBLIC KEY------\n-----END PUBLIC KEY------\n\nand is the format that is produced by running \"openssl rsa\n-pubout\".\n\ngetprivatekeystring\nReturn the Base64/DER-encoded PKCS1 representation of the private\nkey.  This string has header and footer lines:\n\n-----BEGIN RSA PRIVATE KEY------\n-----END RSA PRIVATE KEY------\n\nencrypt\nEncrypt a binary \"string\" using the public (portion of the) key.\n\ndecrypt\nDecrypt a binary \"string\".  Croaks if the key is public only.\n\nprivateencrypt\nEncrypt a binary \"string\" using the private key.  Croaks if the key\nis public only.\n\npublicdecrypt\nDecrypt a binary \"string\" using the public (portion of the) key.\n\nsign\nSign a string using the secret (portion of the) key.\n\nverify\nCheck the signature on a text.\n\nusenopadding\nUse raw RSA encryption. This mode should only be used to implement\ncryptographically sound padding modes in the application code.\nEncrypting user data directly with RSA is insecure.\n\nusepkcs1padding\nUse PKCS #1 v1.5 padding. This currently is the most widely used\nmode of padding.\n\nusepkcs1oaeppadding\nUse \"EME-OAEP\" padding as defined in PKCS #1 v2.0 with SHA-1, MGF1\nand an empty encoding parameter. This mode of padding is\nrecommended for all new applications.  It is the default mode used\nby \"Crypt::OpenSSL::RSA\".\n\nusesslv23padding\nUse \"PKCS #1 v1.5\" padding with an SSL-specific modification that\ndenotes that the server is SSL3 capable.\n\nusemd5hash\nUse the RFC 1321 MD5 hashing algorithm by Ron Rivest when signing\nand verifying messages.\n\nNote that this is considered insecure.\n\nusesha1hash\nUse the RFC 3174 Secure Hashing Algorithm (FIPS 180-1) when signing\nand verifying messages. This is the default, when usesha256hash\nis not available.\n\nusesha224hash, usesha256hash, usesha384hash, usesha512hash\nThese FIPS 180-2 hash algorithms, for use when signing and\nverifying messages, are only available with newer openssl versions\n(>= 0.9.8).\n\nusesha256hash is the default hash mode when available.\n\nuseripemd160hash\nDobbertin, Bosselaers and Preneel's RIPEMD hashing algorithm when\nsigning and verifying messages.\n\nusewhirlpoolhash\nVincent Rijmen und Paulo S. L. M. Barreto ISO/IEC 10118-3:2004\nWHIRLPOOL hashing algorithm when signing and verifying messages.\n\nsize\nReturns the size, in bytes, of the key.  All encrypted text will be\nof this size, and depending on the padding mode used, the length of\nthe text to be encrypted should be:\n\npkcs1oaeppadding\nat most 42 bytes less than this size.\n\npkcs1padding or sslv23padding\nat most 11 bytes less than this size.\n\nnopadding\nexactly this size.\n\ncheckkey\nThis function validates the RSA key, returning a true value if the\nkey is valid, and a false value otherwise.  Croaks if the key is\npublic only.\n\ngetkeyparameters\nReturn \"Crypt::OpenSSL::Bignum\" objects representing the values of\n\"n\", \"e\", \"d\", \"p\", \"q\", \"d mod (p-1)\", \"d mod (q-1)\", and \"1/q mod\np\", where \"p\" and \"q\" are the prime factors of \"n\", \"e\" is the\npublic exponent and \"d\" is the private exponent.  Some of these\nvalues may return as \"undef\"; only \"n\" and \"e\" will be defined for\na public key.  The \"Crypt::OpenSSL::Bignum\" module must be\ninstalled for this to work.\n\nisprivate\nReturn true if this is a private key, and false if it is private\nonly.\n",
            "subsections": []
        },
        "BUGS": {
            "content": "There is a small memory leak when generating new keys of more than 512\nbits.\n",
            "subsections": []
        },
        "AUTHOR": {
            "content": "Ian Robertson, \"iroberts@cpan.org\".  For support, please email\n\"perl-openssl-users@lists.sourceforge.net\".\n",
            "subsections": []
        },
        "ACKNOWLEDGEMENTS": {
            "content": "",
            "subsections": []
        },
        "LICENSE": {
            "content": "Copyright (c) 2001-2011 Ian Robertson.  Crypt::OpenSSL::RSA is free\nsoftware; you may redistribute it and/or modify it under the same terms\nas Perl itself.\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "perl(1), Crypt::OpenSSL::Random, Crypt::OpenSSL::Bignum, rsa(3),\nRSAnew(3) <http://man.he.net/?topic=RSAnew&section=3>,\nRSApublicencrypt(3)\n<http://man.he.net/?topic=RSApublicencrypt&section=3>, RSAsize(3)\n<http://man.he.net/?topic=RSAsize&section=3>, RSAgeneratekey(3)\n<http://man.he.net/?topic=RSAgeneratekey&section=3>, RSAcheckkey(3)\n<http://man.he.net/?topic=RSAcheckkey&section=3>\n\nperl v5.34.0                      2022-02-06                          RSA(3pm)",
            "subsections": []
        }
    },
    "summary": "Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries",
    "flags": [],
    "examples": [],
    "see_also": [
        {
            "name": "perl",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/perl/1/json"
        },
        {
            "name": "rsa",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/rsa/3/json"
        },
        {
            "name": "RSAnew",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/RSAnew/3/json"
        },
        {
            "name": "RSApublicencrypt",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/RSApublicencrypt/3/json"
        },
        {
            "name": "RSAsize",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/RSAsize/3/json"
        },
        {
            "name": "RSAgeneratekey",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/RSAgeneratekey/3/json"
        },
        {
            "name": "RSAcheckkey",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/RSAcheckkey/3/json"
        }
    ]
}