{ "content": [ { "type": "text", "text": "# Crypt::PK::RSA (perldoc)\n\n## NAME\n\nCrypt::PK::RSA - Public key cryptography based on RSA\n\n## SYNOPSIS\n\n### OO interface\n#Encryption: Alice\nmy $pub = Crypt::PK::RSA->new('Bobpubrsa1.der');\nmy $ct = $pub->encrypt(\"secret message\");\n#\n#Encryption: Bob (received ciphertext $ct)\nmy $priv = Crypt::PK::RSA->new('Bobprivrsa1.der');\nmy $pt = $priv->decrypt($ct);\n#Signature: Alice\nmy $priv = Crypt::PK::RSA->new('Aliceprivrsa1.der');\nmy $sig = $priv->signmessage($message);\n#\n#Signature: Bob (received $message + $sig)\nmy $pub = Crypt::PK::RSA->new('Alicepubrsa1.der');\n$pub->verifymessage($sig, $message) or die \"ERROR\";\n#Key generation\nmy $pk = Crypt::PK::RSA->new();\n$pk->generatekey(256, 65537);\nmy $privateder = $pk->exportkeyder('private');\nmy $publicder = $pk->exportkeyder('public');\nmy $privatepem = $pk->exportkeypem('private');\nmy $publicpem = $pk->exportkeypem('public');\n### Functional interface\n#Encryption: Alice\nmy $ct = rsaencrypt('Bobpubrsa1.der', \"secret message\");\n#Encryption: Bob (received ciphertext $ct)\nmy $pt = rsadecrypt('Bobprivrsa1.der', $ct);\n#Signature: Alice\nmy $sig = rsasignmessage('Aliceprivrsa1.der', $message);\n#Signature: Bob (received $message + $sig)\nrsaverifymessage('Alicepubrsa1.der', $sig, $message) or die \"ERROR\";\n\n## DESCRIPTION\n\nThe module provides a full featured RSA implementation.\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION**\n- **METHODS**\n- **FUNCTIONS**\n- **OpenSSL interoperability** (6 subsections)\n- **SEE ALSO**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "Crypt::PK::RSA", "section": "", "mode": "perldoc", "summary": "Crypt::PK::RSA - Public key cryptography based on RSA", "synopsis": "### OO interface\n#Encryption: Alice\nmy $pub = Crypt::PK::RSA->new('Bobpubrsa1.der');\nmy $ct = $pub->encrypt(\"secret message\");\n#\n#Encryption: Bob (received ciphertext $ct)\nmy $priv = Crypt::PK::RSA->new('Bobprivrsa1.der');\nmy $pt = $priv->decrypt($ct);\n#Signature: Alice\nmy $priv = Crypt::PK::RSA->new('Aliceprivrsa1.der');\nmy $sig = $priv->signmessage($message);\n#\n#Signature: Bob (received $message + $sig)\nmy $pub = Crypt::PK::RSA->new('Alicepubrsa1.der');\n$pub->verifymessage($sig, $message) or die \"ERROR\";\n#Key generation\nmy $pk = Crypt::PK::RSA->new();\n$pk->generatekey(256, 65537);\nmy $privateder = $pk->exportkeyder('private');\nmy $publicder = $pk->exportkeyder('public');\nmy $privatepem = $pk->exportkeypem('private');\nmy $publicpem = $pk->exportkeypem('public');\n### Functional interface\n#Encryption: Alice\nmy $ct = rsaencrypt('Bobpubrsa1.der', \"secret message\");\n#Encryption: Bob (received ciphertext $ct)\nmy $pt = rsadecrypt('Bobprivrsa1.der', $ct);\n#Signature: Alice\nmy $sig = rsasignmessage('Aliceprivrsa1.der', $message);\n#Signature: Bob (received $message + $sig)\nrsaverifymessage('Alicepubrsa1.der', $sig, $message) or die \"ERROR\";", "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [], "see_also": [], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 38, "subsections": [] }, { "name": "DESCRIPTION", "lines": 2, "subsections": [] }, { "name": "METHODS", "lines": 393, "subsections": [] }, { "name": "FUNCTIONS", "lines": 98, "subsections": [] }, { "name": "OpenSSL interoperability", "lines": 5, "subsections": [ { "name": "Encrypt by OpenSSL, decrypt by Crypt::PK::RSA", "lines": 14 }, { "name": "Encrypt by Crypt::PK::RSA, decrypt by OpenSSL", "lines": 14 }, { "name": "Sign by OpenSSL, verify by Crypt::PK::RSA", "lines": 15 }, { "name": "Sign by Crypt::PK::RSA, verify by OpenSSL", "lines": 14 }, { "name": "Keys generated by Crypt::PK::RSA", "lines": 21 }, { "name": "Keys generated by OpenSSL", "lines": 19 } ] }, { "name": "SEE ALSO", "lines": 2, "subsections": [] } ], "sections": { "NAME": { "content": "Crypt::PK::RSA - Public key cryptography based on RSA\n", "subsections": [] }, "SYNOPSIS": { "content": "### OO interface\n\n#Encryption: Alice\nmy $pub = Crypt::PK::RSA->new('Bobpubrsa1.der');\nmy $ct = $pub->encrypt(\"secret message\");\n#\n#Encryption: Bob (received ciphertext $ct)\nmy $priv = Crypt::PK::RSA->new('Bobprivrsa1.der');\nmy $pt = $priv->decrypt($ct);\n\n#Signature: Alice\nmy $priv = Crypt::PK::RSA->new('Aliceprivrsa1.der');\nmy $sig = $priv->signmessage($message);\n#\n#Signature: Bob (received $message + $sig)\nmy $pub = Crypt::PK::RSA->new('Alicepubrsa1.der');\n$pub->verifymessage($sig, $message) or die \"ERROR\";\n\n#Key generation\nmy $pk = Crypt::PK::RSA->new();\n$pk->generatekey(256, 65537);\nmy $privateder = $pk->exportkeyder('private');\nmy $publicder = $pk->exportkeyder('public');\nmy $privatepem = $pk->exportkeypem('private');\nmy $publicpem = $pk->exportkeypem('public');\n\n### Functional interface\n\n#Encryption: Alice\nmy $ct = rsaencrypt('Bobpubrsa1.der', \"secret message\");\n#Encryption: Bob (received ciphertext $ct)\nmy $pt = rsadecrypt('Bobprivrsa1.der', $ct);\n\n#Signature: Alice\nmy $sig = rsasignmessage('Aliceprivrsa1.der', $message);\n#Signature: Bob (received $message + $sig)\nrsaverifymessage('Alicepubrsa1.der', $sig, $message) or die \"ERROR\";\n", "subsections": [] }, "DESCRIPTION": { "content": "The module provides a full featured RSA implementation.\n", "subsections": [] }, "METHODS": { "content": "new\nmy $pk = Crypt::PK::RSA->new();\n#or\nmy $pk = Crypt::PK::RSA->new($privorpubkeyfilename);\n#or\nmy $pk = Crypt::PK::RSA->new(\\$buffercontainingprivorpubkey);\n\nSupport for password protected PEM keys\n\nmy $pk = Crypt::PK::RSA->new($privpemkeyfilename, $password);\n#or\nmy $pk = Crypt::PK::RSA->new(\\$buffercontainingprivpemkey, $password);\n\ngeneratekey\nUses Yarrow-based cryptographically strong random number generator seeded with random data taken\nfrom \"/dev/random\" (UNIX) or \"CryptGenRandom\" (Win32).\n\n$pk->generatekey($size, $e);\n# $size .. key size: 128-512 bytes (DEFAULT is 256)\n# $e ..... exponent: 3, 17, 257 or 65537 (DEFAULT is 65537)\n\nimportkey\nLoads private or public key in DER or PEM format.\n\n$pk->importkey($privorpubkeyfilename);\n#or\n$pk->importkey(\\$buffercontainingprivorpubkey);\n\nSupport for password protected PEM keys\n\n$pk->importkey($pemfilename, $password);\n#or\n$pk->importkey(\\$buffercontainingpemkey, $password);\n\nLoading private or public keys form perl hash:\n\n$pk->importkey($hashref);\n\n# the $hashref is either a key exported via key2hash\n$pk->importkey({\ne => \"10001\", #public exponent\nd => \"9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...\", #private exponent\nN => \"D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...\", #modulus\np => \"D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...\", #p factor of N\nq => \"FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...\", #q factor of N\nqP => \"88C6D406F833DF73C8B734548E0385261AD51F4187CF...\", #1/q mod p CRT param\ndP => \"486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...\", #d mod (p - 1) CRT param\ndQ => \"4597284B2968B72C4212DB7E8F24360B987B80514DA9...\", #d mod (q - 1) CRT param\n});\n\n# or a hash with items corresponding to JWK (JSON Web Key)\n$pk->importkey({\n{\nkty => \"RSA\",\nn => \"0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-GxBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw\",\ne => \"AQAB\",\nd => \"X4cTteJYgn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0YSf\",\np => \"83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI\",\nq => \"3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjiftNGiovonzhKpoVVS78\",\ndp => \"G4sPXkc6Ya9y8oJW9ILj4...ziH7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe\",\ndq => \"s9lAH9fggBsoFR8Oac2RE...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMdagI3G8IbpBUb0JiraRNUfLhc\",\nqi => \"GyMp6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-puxmHZG\",\n});\n\nSupported key formats:\n\n# all formats can be loaded from a file\nmy $pk = Crypt::PK::RSA->new($filename);\n\n# or from a buffer containing the key\nmy $pk = Crypt::PK::RSA->new(\\$bufferwithkey);\n\n* RSA public keys\n\n-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5\nvEzAXpUOL9tDtdPUl96brIbbdMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7Vvb\nVUjAn/2HHDDL0U1utqqlMJhaffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfK\nB2uzcNq60sMIfp6siQIDAQAB\n-----END PUBLIC KEY-----\n\n* RSA private keys\n\n-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5vEzAXpUOL9tDtdPUl96brIbb\ndMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7VvbVUjAn/2HHDDL0U1utqqlMJha\nffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfKB2uzcNq60sMIfp6siQIDAQAB\nAoGBAI5+GgNcGQDYw9uF+t7FwxZM5sGZRJrbbEPyuvL+sDxKKW6voKCyHi4EJzaF\n9jRZMDqgVJcsmUwjPPuMGBHHJ+MI5Zb3L0jbZkyx8u+U5gf88oy9eZmfGOjmHcMB\noCgzyoLmJETuyADg2onLanuY3jggFb3tq/jimKjO8xM2R6zhAkEA7uXWWyJI9cCN\nzrVt5R5v6oosjZ4r5VILGMqBRLrzfTvH+WDMK6Rl/2MHE+YDeLajzunaM8qY2456\nGTYEXQsIdQJBANXfMEtXocSdPtoVj3ME8Do/0r+ApgTdcDPCwXOzkmkEJW/UFMSn\nb8CYF5G6sZQN9L5z3s2nvi55PaFV8Q0LMUUCQBh9GvIQm6YFbQPpeTBpZFOIgnSp\n6BoDxPtvlryy5U7LF/6qO4OlwIbjYdBaXbS8FCKbujBg7jZjboSzEtNu1BkCQDGT\nw0Yz0jQZn3A+fzpScr2N/fSWheWqz0+wXdfMUKw3YdZCe236wlUK7KvDc1a2xX1A\nru1NbTCoujikC3TSm2ECQQDKQshchJlZJmFv9vCFQlGCA/EX+4406xvOOiixbPYC\npIB4Ee2cmvEdAqSaOjrvgs5zvaCCFBO0MecPStCAxUX6\n-----END RSA PRIVATE KEY-----\n\n* RSA private keys in password protected PEM format\n\n-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,4D697440FF5AEF18\n\nC09H49Gn99o8b8O2r4+Hqao4r3udvC+QSSfsk20sXatyuZSEmbhyqKAB+13NRj+3\nKIsRTqnL9VkeibIGgLHuekOFKAqeSVZ0PmR4bGWEFxUPAYUvg9N9pIa6hGtNZG+y\nTEpOAfFITb1pbHQhp3j8y7qmKc5kY5LrZSFE8WwA24NTG773E07wJgRxKDkXNGOl\nkki6oYArNEps0DdtHFxzgdRg0+yaotXuFJRuC5V4YzKGG/oSRcgYyXKTwCndb3xt\naHgI2WprQAPg+qOpLABzoi7bEjCqbHWrwkvnAngylbim2Uyvw1e1xKnzlgIHU7pv\ne/J+s00pTItfqW1IpY2mh4C9nkfkfVKBKaAv7jO0s6aPySATqsdlrzv2kpF6Ub4J\nkgaZDOfZ4K3qkyAYVLWcQeDqg4glv9Ah2J05bTm4qrIMmthYnThyQlGvcjUfCMXs\n0t+mEQbsRY7xKt0o6HzzvQlJ+JsFlLORoslAubJX9iLqpEdnlrj1lD9bo6uIClZ5\n5+aoLcAyz1D4OsauuP5i8VFu+Is+QG4SN/vHVuArjkqi3VpLwSAjNDY+KWbq042l\nCqlM2mwm6FIGUZQFxiLHJD7WDmk1xmae++m+XG9CEDTfrUQ5v+l0O6BTrl80XUfU\nw3gzAWbSjz3UK0FpKeABVFPE9fjNP9fTcS6qL5YJWBPflwxCAbVgsBOW4bOMpDGK\nBJDQTeShWn4BlYCe/vgThI9ERdgZhRz4NcFeDgVA/CqQzVqptvz4PSqH46fqUN2n\n4PtJgKE5cASYUBuAjlD71FecSVVM/OTzL1uxYzXBilzvVn2vSHgo9g==\n-----END RSA PRIVATE KEY-----\n\n* PKCS#8 encoded private keys\n\n-----BEGIN PRIVATE KEY-----\nMIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANPN17xW4EkH5PXG\n1i/i3rE1EXFcCHyxmz95VRBDs1p3MuYf9mxntbfYAmuzS3KrRWh3IyX/Eh80N/v9\nOXPlwZbVqSTX+L3pCEJtRtsWn0zmswGThjMZiwle0oWuap63L35F1QN8EDaSPSBC\nyGELNRr6rwVYq0w5b+LOcaCZ+/H1AgMBAAECgYEApfu3aGpww+rC3HUhX0+ckyTy\ncXLdV9LbxidwqRlVEb0+DyfXNucjelp2sy5EHy3na9GJovo8mmWSxhCRGKliRkQ6\nXgrEMZdCSaWI2AazuHAGlUJRFEVkvdla3AuBAn6y0YdDp/3kbg0yahmKyD8Gq74z\nnUYbDL3R5JtR2Ad/KlUCQQDvSEICTHbO/BF7hVmlKRYZSNHKEPrv8X/OlppS14Kv\nQRwc+CZ5+l6T1Y+l5cHJQUXrXZoWS1K741TXdUhjjUd7AkEA4pod804Ex8sttdWi\npHMfeyj+IbPAk5XnBc91jT7AYIeL8ccjtfl99xhMsGFaxrh3wA/4SGEvwzWkbxcq\nH8G5TwJAKNG+0P2SVwURRm0dOdukdXPCtiHnbP9Zujhe4zr4hEUrMpXymmRntfh8\npORpBpgoAVraams3Fe5WDttnGfSD+QJAOOC6V9HjfUrQhG3FT0XeRwm5EDiQQ/tC\na8DxHqz7mL8tL1ju68ReC+G7jiJBqNOwqzLW/UP3uyYByiikWChGHQJAHUau7jIM\n45ErO096n94Vh95p76ANxOroWszOt39TyvJOykIfoPwFagLrBWV9Jjos2/D54KE+\nfyoy4t3yHT+/nw==\n-----END PRIVATE KEY-----\n\n* PKCS#8 encrypted private keys - password protected keys (supported since: CryptX-0.062)\n\n-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIICojAcBgoqhkiG9w0BDAEDMA4ECCQk+Rr1yzzcAgIIAASCAoD/mgpUFjxxM/Ty\nYt+NeT0Fo4echgoGksqs6+rYhO16oshG664emZfkuNoFGGzJ38X6GVuqIXhlPnYQ\nbiKvL37dN/KnoGytFHq9Wnk8dDwjGHPtwajhW5WuIV3NuhW/AO1PF/cRZKFjWrPt\nNWY5CrpfH6t6zojoe+5uyXpH29lQy4OqvSRdPIt/12UcB+tzV7XzSWEuXh8HAi8a\nsYUu6tuCFnq4GrD2ffM4KWFmL5GqBAwN6m0KkyrNni9XT+RaA6zEhv/lVcwg2esa\n4/EzRs0ixzzZDKaml8oCMl9RHtFAbQmdlfV7Ip4rGK9BwY6UFiDMIVru6HynOVQK\nvvZ+j//bgO+3ubrv7psX+vC9Fy/MoH2Tc7MIwDN/QVTciPZlzjWBnBNxMfeFKtEn\nd7NFiapgfLuRQIiDTMrW/clcqvO54NphxhrcgUEoxos4twKZARntqPZHtf8nEM2x\n2sEF5kI65aEF/5Yy16qvP0vZAA2B1kcIdXZ8XLZCp4c3olhkIrmgUpo1gyFXdCoC\n7dT5Cz7/YLkq5hkcFrtp4V9BZMR24fSttc4p24N5xuZ+JneGnGkLX6B+nJAtm9vw\nbZA6P+23GI0qeMzL3HJXwCOTSsWfm/H9W5+2Zmw851aAmE+pZLni/pk3e3iNSWgs\n946x/doA5O0uCFsU7oxme+WAIp2SjhxGoe808Lf1CCFMPboFi1O/E0NsX8SIEX+i\nU+UHi4kxZqVkr3Q5SB/9kiSv8K1bE787yueQOT/dsTYYaMsjAbkEZo0o/47F32T6\nA2ioXHOV/pr5zNHqE5tL+qKEcLYbAUF1O+WvmdqYz+vHQjRQBatAqTmncvLDYr/j\n1HPwZX2d\n-----END ENCRYPTED PRIVATE KEY-----\n\n* RSA public key from X509 certificate\n\n-----BEGIN CERTIFICATE-----\nMIIC8zCCAdugAwIBAgIJAPi+LvMU3uGWMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV\nBAMMBXBva3VzMB4XDTE3MDcxNDE0MTAyMFoXDTIwMDQwOTE0MTAyMFowEDEOMAwG\nA1UEAwwFcG9rdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQima\nSUIMIdz5uVevzcScbcj06xs1OLaFKUoPJ8v+xP6Ut61BQhAvc8GYuw2uRx223hZC\nr3HYLfSdWIfmOIAtlL8cPYPVoSivJtpSGE6fBG1tlBjVgXWRmJGR/oxx6Y5QDwcB\nQ4GZKga8TtHQoY5idZuatYOFZGfMIcIUC0Uoda+YSypnw7A90F/JvlpcTUh3Fnem\nVinqEA6XOegU9dCZk/29sXqauBjbdGihh8DvpklOhY16eQoiR3909AywQ0KUmI+R\nSa9E8oIsmUDetFuXEvana+sD3y42tU+cd2nhBPRETbSXPcum0B3uF4yKgweuJy5D\ncvtVQIFVkkh4+AWNAgMBAAGjUDBOMB0GA1UdDgQWBBSS6V5PVGyN92NoB0AVLcOb\npzR3SzAfBgNVHSMEGDAWgBSS6V5PVGyN92NoB0AVLcObpzR3SzAMBgNVHRMEBTAD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBIszrBjoJ39axsS6Btbvwvo8vAmgiSWsav\n7AmjXOAwknHPaCcDmrdOys5POD0DNRwNeRsnxFiZ/UL8Vmj2JGDLgAw+/v32MwfX\nIg7m+oIbO8KqDzlYvS5kd3suJ5C21hHy1/JUtfofZLovZH7ZRzhTAoRvCYaodW90\n2o8ZqmyCdcXPzjFmoJ2xYzs/Sf8/E1cHfb+4HjOpeRnKxDvG0gwWzcsXpUrw2pNO\nOztj6Rd0THNrf/anIeYVtAHX4aqZA8Kbv2TyJd+9g78usFw1cn+8vfmilm6Pn0DQ\na+I5GyGd7BJI8wYuWqIStzvrJHbQQaNrSk7hgjWYiYlcsPh6w2QP\n-----END CERTIFICATE-----\n\n* SSH public RSA keys\n\nssh-rsa AAAAB3NzaC1yc2EAAAADAQA...6mdYs5iJNGu/ltUdc=\n\n* SSH public RSA keys (RFC-4716 format)\n\n---- BEGIN SSH2 PUBLIC KEY ----\nComment: \"768-bit RSA, converted from OpenSSH\"\nAAAAB3NzaC1yc2EAAAADAQABAAAAYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6x\nD/DzKem8761GdCpqsLrGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+\nL26mdYs5iJNGu/ltUdc=\n---- END SSH2 PUBLIC KEY ----\n\n* RSA private keys in JSON Web Key (JWK) format\n\nSee \n\n{\n\"kty\":\"RSA\",\n\"n\":\"0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-GxBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw\",\n\"e\":\"AQAB\",\n\"d\":\"X4cTteJYgn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0YSf\",\n\"p\":\"83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI\",\n\"q\":\"3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjiftNGiovonzhKpoVVS78\",\n\"dp\":\"G4sPXkc6Ya9y8oJW9ILj4...ziH7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe\",\n\"dq\":\"s9lAH9fggBsoFR8Oac2RE...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMdagI3G8IbpBUb0JiraRNUfLhc\",\n\"qi\":\"GyMp6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-puxmHZG\",\n}\n\nBEWARE: For JWK support you need to have JSON module installed.\n\n* RSA public keys in JSON Web Key (JWK) format\n\n{\n\"kty\":\"RSA\",\n\"n\": \"0vx7agoebGcQSuuPiLJXZp...tN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSocBJECP\",\n\"e\":\"AQAB\",\n}\n\nBEWARE: For JWK support you need to have JSON module installed.\n\nexportkeyder\nmy $privateder = $pk->exportkeyder('private');\n#or\nmy $publicder = $pk->exportkeyder('public');\n\nexportkeypem\nmy $privatepem = $pk->exportkeypem('private');\n#or\nmy $publicpem = $pk->exportkeypem('public');\n#or\nmy $publicpem = $pk->exportkeypem('publicx509');\n\nWith parameter 'public' uses header and footer lines:\n\n-----BEGIN RSA PUBLIC KEY------\n-----END RSA PUBLIC KEY------\n\nWith parameter 'publicx509' uses header and footer lines:\n\n-----BEGIN PUBLIC KEY------\n-----END PUBLIC KEY------\n\nSupport for password protected PEM keys\n\nmy $privatepem = $pk->exportkeypem('private', $password);\n#or\nmy $privatepem = $pk->exportkeypem('private', $password, $cipher);\n\n# supported ciphers: 'DES-CBC'\n# 'DES-EDE3-CBC'\n# 'SEED-CBC'\n# 'CAMELLIA-128-CBC'\n# 'CAMELLIA-192-CBC'\n# 'CAMELLIA-256-CBC'\n# 'AES-128-CBC'\n# 'AES-192-CBC'\n# 'AES-256-CBC' (DEFAULT)\n\nexportkeyjwk\n*Since: CryptX-0.022*\n\nExports public/private keys as a JSON Web Key (JWK).\n\nmy $privatejsontext = $pk->exportkeyjwk('private');\n#or\nmy $publicjsontext = $pk->exportkeyjwk('public');\n\nAlso exports public/private keys as a perl HASH with JWK structure.\n\nmy $jwkhash = $pk->exportkeyjwk('private', 1);\n#or\nmy $jwkhash = $pk->exportkeyjwk('public', 1);\n\nBEWARE: For JWK support you need to have JSON module installed.\n\nexportkeyjwkthumbprint\n*Since: CryptX-0.031*\n\nExports the key's JSON Web Key Thumbprint as a string.\n\nIf you don't know what this is, see RFC 7638 .\n\nmy $thumbprint = $pk->exportkeyjwkthumbprint('SHA256');\n\nencrypt\nmy $pk = Crypt::PK::RSA->new($pubkeyfilename);\nmy $ct = $pk->encrypt($message);\n#or\nmy $ct = $pk->encrypt($message, $padding);\n#or\nmy $ct = $pk->encrypt($message, 'oaep', $hashname, $lparam);\n\n# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)\n# $hashname (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n# $lparam (only for oaep) ..... DEFAULT is empty string\n\ndecrypt\nmy $pk = Crypt::PK::RSA->new($privkeyfilename);\nmy $pt = $pk->decrypt($ciphertext);\n#or\nmy $pt = $pk->decrypt($ciphertext, $padding);\n#or\nmy $pt = $pk->decrypt($ciphertext, 'oaep', $hashname, $lparam);\n\n# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)\n# $hashname (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n# $lparam (only for oaep) ..... DEFAULT is empty string\n\nsignmessage\nmy $pk = Crypt::PK::RSA->new($privkeyfilename);\nmy $signature = $priv->signmessage($message);\n#or\nmy $signature = $priv->signmessage($message, $hashname);\n#or\nmy $signature = $priv->signmessage($message, $hashname, $padding);\n#or\nmy $signature = $priv->signmessage($message, $hashname, 'pss', $saltlen);\n\n# $hashname ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)\n# $saltlen (only for pss) .. DEFAULT is 12\n\nverifymessage\nmy $pk = Crypt::PK::RSA->new($pubkeyfilename);\nmy $valid = $pub->verifymessage($signature, $message);\n#or\nmy $valid = $pub->verifymessage($signature, $message, $hashname);\n#or\nmy $valid = $pub->verifymessage($signature, $message, $hashname, $padding);\n#or\nmy $valid = $pub->verifymessage($signature, $message, $hashname, 'pss', $saltlen);\n\n# $hashname ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)\n# $saltlen (only for pss) .. DEFAULT is 12\n\nsignhash\nmy $pk = Crypt::PK::RSA->new($privkeyfilename);\nmy $signature = $priv->signhash($messagehash);\n#or\nmy $signature = $priv->signhash($messagehash, $hashname);\n#or\nmy $signature = $priv->signhash($messagehash, $hashname, $padding);\n#or\nmy $signature = $priv->signhash($messagehash, $hashname, 'pss', $saltlen);\n\n# $hashname ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)\n# $saltlen (only for pss) .. DEFAULT is 12\n\nverifyhash\nmy $pk = Crypt::PK::RSA->new($pubkeyfilename);\nmy $valid = $pub->verifyhash($signature, $messagehash);\n#or\nmy $valid = $pub->verifyhash($signature, $messagehash, $hashname);\n#or\nmy $valid = $pub->verifyhash($signature, $messagehash, $hashname, $padding);\n#or\nmy $valid = $pub->verifyhash($signature, $messagehash, $hashname, 'pss', $saltlen);\n\n# $hashname ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)\n# $saltlen (only for pss) .. DEFAULT is 12\n\nisprivate\nmy $rv = $pk->isprivate;\n# 1 .. private key loaded\n# 0 .. public key loaded\n# undef .. no key loaded\n\nsize\nmy $size = $pk->size;\n# returns key size in bytes or undef if no key loaded\n\nkey2hash\nmy $hash = $pk->key2hash;\n\n# returns hash like this (or undef if no key loaded):\n{\ntype => 1, # integer: 1 .. private, 0 .. public\nsize => 256, # integer: key size in bytes\n# all the rest are hex strings\ne => \"10001\", #public exponent\nd => \"9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...\", #private exponent\nN => \"D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...\", #modulus\np => \"D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...\", #p factor of N\nq => \"FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...\", #q factor of N\nqP => \"88C6D406F833DF73C8B734548E0385261AD51F4187CF...\", #1/q mod p CRT param\ndP => \"486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...\", #d mod (p - 1) CRT param\ndQ => \"4597284B2968B72C4212DB7E8F24360B987B80514DA9...\", #d mod (q - 1) CRT param\n}\n", "subsections": [] }, "FUNCTIONS": { "content": "rsaencrypt\nRSA based encryption. See method \"encrypt\" below.\n\nmy $ct = rsaencrypt($pubkeyfilename, $message);\n#or\nmy $ct = rsaencrypt(\\$buffercontainingpubkey, $message);\n#or\nmy $ct = rsaencrypt($pubkey, $message, $padding);\n#or\nmy $ct = rsaencrypt($pubkey, $message, 'oaep', $hashname, $lparam);\n\n# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)\n# $hashname (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n# $lparam (only for oaep) ..... DEFAULT is empty string\n\nrsadecrypt\nRSA based decryption. See method \"decrypt\" below.\n\nmy $pt = rsadecrypt($privkeyfilename, $ciphertext);\n#or\nmy $pt = rsadecrypt(\\$buffercontainingprivkey, $ciphertext);\n#or\nmy $pt = rsadecrypt($privkey, $ciphertext, $padding);\n#or\nmy $pt = rsadecrypt($privkey, $ciphertext, 'oaep', $hashname, $lparam);\n\n# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)\n# $hashname (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n# $lparam (only for oaep) ..... DEFAULT is empty string\n\nrsasignmessage\nGenerate RSA signature. See method \"signmessage\" below.\n\nmy $sig = rsasignmessage($privkeyfilename, $message);\n#or\nmy $sig = rsasignmessage(\\$buffercontainingprivkey, $message);\n#or\nmy $sig = rsasignmessage($privkey, $message, $hashname);\n#or\nmy $sig = rsasignmessage($privkey, $message, $hashname, $padding);\n#or\nmy $sig = rsasignmessage($privkey, $message, $hashname, 'pss', $saltlen);\n\n# $hashname ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)\n# $saltlen (only for pss) .. DEFAULT is 12\n\nrsaverifymessage\nVerify RSA signature. See method \"verifymessage\" below.\n\nrsaverifymessage($pubkeyfilename, $signature, $message) or die \"ERROR\";\n#or\nrsaverifymessage(\\$buffercontainingpubkey, $signature, $message) or die \"ERROR\";\n#or\nrsaverifymessage($pubkey, $signature, $message, $hashname) or die \"ERROR\";\n#or\nrsaverifymessage($pubkey, $signature, $message, $hashname, $padding) or die \"ERROR\";\n#or\nrsaverifymessage($pubkey, $signature, $message, $hashname, 'pss', $saltlen) or die \"ERROR\";\n\n# $hashname ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)\n# $saltlen (only for pss) .. DEFAULT is 12\n\nrsasignhash\nGenerate RSA signature. See method \"signhash\" below.\n\nmy $sig = rsasignhash($privkeyfilename, $messagehash);\n#or\nmy $sig = rsasignhash(\\$buffercontainingprivkey, $messagehash);\n#or\nmy $sig = rsasignhash($privkey, $messagehash, $hashname);\n#or\nmy $sig = rsasignhash($privkey, $messagehash, $hashname, $padding);\n#or\nmy $sig = rsasignhash($privkey, $messagehash, $hashname, 'pss', $saltlen);\n\n# $hashname ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)\n# $saltlen (only for pss) .. DEFAULT is 12\n\nrsaverifyhash\nVerify RSA signature. See method \"verifyhash\" below.\n\nrsaverifyhash($pubkeyfilename, $signature, $messagehash) or die \"ERROR\";\n#or\nrsaverifyhash(\\$buffercontainingpubkey, $signature, $messagehash) or die \"ERROR\";\n#or\nrsaverifyhash($pubkey, $signature, $messagehash, $hashname) or die \"ERROR\";\n#or\nrsaverifyhash($pubkey, $signature, $messagehash, $hashname, $padding) or die \"ERROR\";\n#or\nrsaverifyhash($pubkey, $signature, $messagehash, $hashname, 'pss', $saltlen) or die \"ERROR\";\n\n# $hashname ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)\n# $saltlen (only for pss) .. DEFAULT is 12\n", "subsections": [] }, "OpenSSL interoperability": { "content": "### let's have:\n# RSA private key in PEM format - rsakey.priv.pem\n# RSA public key in PEM format - rsakey.pub.pem\n# data file to be signed or encrypted - input.data\n", "subsections": [ { "name": "Encrypt by OpenSSL, decrypt by Crypt::PK::RSA", "content": "Create encrypted file (from commandline):\n\nopenssl rsautl -encrypt -inkey rsakey.pub.pem -pubin -out input.encrypted.rsa -in input.data\n\nDecrypt file (Perl code):\n\nuse Crypt::PK::RSA;\nuse Crypt::Misc 'readrawfile';\n\nmy $pkrsa = Crypt::PK::RSA->new(\"rsakey.priv.pem\");\nmy $encfile = readrawfile(\"input.encrypted.rsa\");\nmy $plaintext = $pkrsa->decrypt($encfile, 'v1.5');\nprint $plaintext;\n" }, { "name": "Encrypt by Crypt::PK::RSA, decrypt by OpenSSL", "content": "Create encrypted file (Perl code):\n\nuse Crypt::PK::RSA;\nuse Crypt::Misc 'writerawfile';\n\nmy $plaintext = 'secret message';\nmy $pkrsa = Crypt::PK::RSA->new(\"rsakey.pub.pem\");\nmy $encrypted = $pkrsa->encrypt($plaintext, 'v1.5');\nwriterawfile(\"input.encrypted.rsa\", $encrypted);\n\nDecrypt file (from commandline):\n\nopenssl rsautl -decrypt -inkey rsakey.priv.pem -in input.encrypted.rsa\n" }, { "name": "Sign by OpenSSL, verify by Crypt::PK::RSA", "content": "Create signature (from commandline):\n\nopenssl dgst -sha1 -sign rsakey.priv.pem -out input.sha1-rsa.sig input.data\n\nVerify signature (Perl code):\n\nuse Crypt::PK::RSA;\nuse Crypt::Digest 'digestfile';\nuse Crypt::Misc 'readrawfile';\n\nmy $pkrsa = Crypt::PK::RSA->new(\"rsakey.pub.pem\");\nmy $signature = readrawfile(\"input.sha1-rsa.sig\");\nmy $valid = $pkrsa->verifyhash($signature, digestfile(\"SHA1\", \"input.data\"), \"SHA1\", \"v1.5\");\nprint $valid ? \"SUCCESS\" : \"FAILURE\";\n" }, { "name": "Sign by Crypt::PK::RSA, verify by OpenSSL", "content": "Create signature (Perl code):\n\nuse Crypt::PK::RSA;\nuse Crypt::Digest 'digestfile';\nuse Crypt::Misc 'writerawfile';\n\nmy $pkrsa = Crypt::PK::RSA->new(\"rsakey.priv.pem\");\nmy $signature = $pkrsa->signhash(digestfile(\"SHA1\", \"input.data\"), \"SHA1\", \"v1.5\");\nwriterawfile(\"input.sha1-rsa.sig\", $signature);\n\nVerify signature (from commandline):\n\nopenssl dgst -sha1 -verify rsakey.pub.pem -signature input.sha1-rsa.sig input.data\n" }, { "name": "Keys generated by Crypt::PK::RSA", "content": "Generate keys (Perl code):\n\nuse Crypt::PK::RSA;\nuse Crypt::Misc 'writerawfile';\n\nmy $pkrsa = Crypt::PK::RSA->new;\n$pkrsa->generatekey(256, 65537);\nwriterawfile(\"rsakey.pub.der\", $pkrsa->exportkeyder('public'));\nwriterawfile(\"rsakey.priv.der\", $pkrsa->exportkeyder('private'));\nwriterawfile(\"rsakey.pub.pem\", $pkrsa->exportkeypem('publicx509'));\nwriterawfile(\"rsakey.priv.pem\", $pkrsa->exportkeypem('private'));\nwriterawfile(\"rsakey-passwd.priv.pem\", $pkrsa->exportkeypem('private', 'secret'));\n\nUse keys by OpenSSL:\n\nopenssl rsa -in rsakey.priv.der -text -inform der\nopenssl rsa -in rsakey.priv.pem -text\nopenssl rsa -in rsakey-passwd.priv.pem -text -inform pem -passin pass:secret\nopenssl rsa -in rsakey.pub.der -pubin -text -inform der\nopenssl rsa -in rsakey.pub.pem -pubin -text\n" }, { "name": "Keys generated by OpenSSL", "content": "Generate keys:\n\nopenssl genrsa -out rsakey.priv.pem 1024\nopenssl rsa -in rsakey.priv.pem -out rsakey.priv.der -outform der\nopenssl rsa -in rsakey.priv.pem -out rsakey.pub.pem -pubout\nopenssl rsa -in rsakey.priv.pem -out rsakey.pub.der -outform der -pubout\nopenssl rsa -in rsakey.priv.pem -passout pass:secret -des3 -out rsakey-passwd.priv.pem\n\nLoad keys (Perl code):\n\nuse Crypt::PK::RSA;\n\nmy $pkrsa = Crypt::PK::RSA->new;\n$pkrsa->importkey(\"rsakey.pub.der\");\n$pkrsa->importkey(\"rsakey.priv.der\");\n$pkrsa->importkey(\"rsakey.pub.pem\");\n$pkrsa->importkey(\"rsakey.priv.pem\");\n$pkrsa->importkey(\"rsakey-passwd.priv.pem\", \"secret\");\n" } ] }, "SEE ALSO": { "content": "* \n", "subsections": [] } } } }