NAME
Crypt::PK::RSA - Public key cryptography based on RSA
SYNOPSIS
### OO interface#Encryption: Alicemy$pub= Crypt::PK::RSA->new('Bob_pub_rsa1.der');my$ct=$pub->encrypt("secret message");##Encryption: Bob (received ciphertext $ct)my$priv= Crypt::PK::RSA->new('Bob_priv_rsa1.der');my$pt=$priv->decrypt($ct);#Signature: Alicemy$priv= Crypt::PK::RSA->new('Alice_priv_rsa1.der');my$sig=$priv->sign_message($message);##Signature: Bob (received $message + $sig)my$pub= Crypt::PK::RSA->new('Alice_pub_rsa1.der');$pub->verify_message($sig,$message) ordie"ERROR";#Key generationmy$pk= Crypt::PK::RSA->new();$pk->generate_key(256, 65537);my$private_der=$pk->export_key_der('private');my$public_der=$pk->export_key_der('public');my$private_pem=$pk->export_key_pem('private');my$public_pem=$pk->export_key_pem('public');### Functional interface#Encryption: Alicemy$ct= rsa_encrypt('Bob_pub_rsa1.der',"secret message");#Encryption: Bob (received ciphertext $ct)my$pt= rsa_decrypt('Bob_priv_rsa1.der',$ct);#Signature: Alicemy$sig= rsa_sign_message('Alice_priv_rsa1.der',$message);#Signature: Bob (received $message + $sig)rsa_verify_message('Alice_pub_rsa1.der',$sig,$message) ordie"ERROR";
DESCRIPTION
The module provides a full featured RSA implementation.
METHODS
new
my$pk= Crypt::PK::RSA->new();#ormy$pk= Crypt::PK::RSA->new($priv_or_pub_key_filename);#ormy$pk= Crypt::PK::RSA->new(\$buffer_containing_priv_or_pub_key);
Support for password protected PEM keys
my$pk= Crypt::PK::RSA->new($priv_pem_key_filename,$password);#ormy$pk= Crypt::PK::RSA->new(\$buffer_containing_priv_pem_key,$password);
generate_key
Uses Yarrow-based cryptographically strong random number generator seeded with random data taken from /dev/random (UNIX) or CryptGenRandom (Win32).
$pk->generate_key($size,$e);# $size .. key size: 128-512 bytes (DEFAULT is 256)# $e ..... exponent: 3, 17, 257 or 65537 (DEFAULT is 65537)
import_key
Loads private or public key in DER or PEM format.
$pk->import_key($priv_or_pub_key_filename);#or$pk->import_key(\$buffer_containing_priv_or_pub_key);
Support for password protected PEM keys
$pk->import_key($pem_filename,$password);#or$pk->import_key(\$buffer_containing_pem_key,$password);
Loading private or public keys form perl hash:
$pk->import_key($hashref);# the $hashref is either a key exported via key2hash$pk->import_key({e=>"10001",#public exponentd=>"9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...",#private exponentN=>"D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...",#modulusp=>"D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...",#p factor of Nq=>"FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...",#q factor of NqP=>"88C6D406F833DF73C8B734548E0385261AD51F4187CF...",#1/q mod p CRT paramdP=>"486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...",#d mod (p - 1) CRT paramdQ=>"4597284B2968B72C4212DB7E8F24360B987B80514DA9...",#d mod (q - 1) CRT param});# or a hash with items corresponding to JWK (JSON Web Key)$pk->import_key({{kty=>"RSA",n=>"0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",e=>"AQAB",d=>"X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",p=>"83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",q=>"3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",dp=>"G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",dq=>"s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",qi=>"GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",});
Supported key formats:
# all formats can be loaded from a filemy$pk= Crypt::PK::RSA->new($filename);# or from a buffer containing the keymy$pk= Crypt::PK::RSA->new(\$buffer_with_key);
RSA public keys
-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5vEzAXpUOL9tDtdPUl96brIbbdMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7VvbVUjAn/2HHDDL0U1utqqlMJhaffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfKB2uzcNq60sMIfp6siQIDAQAB-----END PUBLIC KEY-----RSA private keys
-----BEGIN RSA PRIVATE KEY-----MIICXQIBAAKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5vEzAXpUOL9tDtdPUl96brIbbdMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7VvbVUjAn/2HHDDL0U1utqqlMJhaffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfKB2uzcNq60sMIfp6siQIDAQABAoGBAI5+GgNcGQDYw9uF+t7FwxZM5sGZRJrbbEPyuvL+sDxKKW6voKCyHi4EJzaF9jRZMDqgVJcsmUwjPPuMGBHHJ+MI5Zb3L0jbZkyx8u+U5gf88oy9eZmfGOjmHcMBoCgzyoLmJETuyADg2onLanuY3jggFb3tq/jimKjO8xM2R6zhAkEA7uXWWyJI9cCNzrVt5R5v6oosjZ4r5VILGMqBRLrzfTvH+WDMK6Rl/2MHE+YDeLajzunaM8qY2456GTYEXQsIdQJBANXfMEtXocSdPtoVj3ME8Do/0r+ApgTdcDPCwXOzkmkEJW/UFMSnb8CYF5G6sZQN9L5z3s2nvi55PaFV8Q0LMUUCQBh9GvIQm6YFbQPpeTBpZFOIgnSp6BoDxPtvlryy5U7LF/6qO4OlwIbjYdBaXbS8FCKbujBg7jZjboSzEtNu1BkCQDGTw0Yz0jQZn3A+fzpScr2N/fSWheWqz0+wXdfMUKw3YdZCe236wlUK7KvDc1a2xX1Aru1NbTCoujikC3TSm2ECQQDKQshchJlZJmFv9vCFQlGCA/EX+4406xvOOiixbPYCpIB4Ee2cmvEdAqSaOjrvgs5zvaCCFBO0MecPStCAxUX6-----END RSA PRIVATE KEY-----RSA private keys in password protected PEM format
-----BEGIN RSA PRIVATE KEY-----Proc-Type: 4,ENCRYPTEDDEK-Info: DES-EDE3-CBC,4D697440FF5AEF18C09H49Gn99o8b8O2r4+Hqao4r3udvC+QSSfsk20sXatyuZSEmbhyqKAB+13NRj+3KIsRTqnL9VkeibIGgLHuekOFKAqeSVZ0PmR4bGWEFxUPAYUvg9N9pIa6hGtNZG+yTEpOAfFITb1pbHQhp3j8y7qmKc5kY5LrZSFE8WwA24NTG773E07wJgRxKDkXNGOlkki6oYArNEps0DdtHFxzgdRg0+yaotXuFJRuC5V4YzKGG/oSRcgYyXKTwCndb3xtaHgI2WprQAPg+qOpLABzoi7bEjCqbHWrwkvnAngylbim2Uyvw1e1xKnzlgIHU7pve/J+s00pTItfqW1IpY2mh4C9nkfkfVKBKaAv7jO0s6aPySATqsdlrzv2kpF6Ub4JkgaZDOfZ4K3qkyAYVLWcQeDqg4glv9Ah2J05bTm4qrIMmthYnThyQlGvcjUfCMXs0t+mEQbsRY7xKt0o6HzzvQlJ+JsFlLORoslAubJX9iLqpEdnlrj1lD9bo6uIClZ55+aoLcAyz1D4OsauuP5i8VFu+Is+QG4SN/vHVuArjkqi3VpLwSAjNDY+KWbq042lCqlM2mwm6FIGUZQFxiLHJD7WDmk1xmae++m+XG9CEDTfrUQ5v+l0O6BTrl80XUfUw3gzAWbSjz3UK0FpKeABVFPE9fjNP9fTcS6qL5YJWBPflwxCAbVgsBOW4bOMpDGKBJDQTeShWn4BlYCe/vgThI9ERdgZhRz4NcFeDgVA/CqQzVqptvz4PSqH46fqUN2n4PtJgKE5cASYUBuAjlD71FecSVVM/OTzL1uxYzXBilzvVn2vSHgo9g==-----END RSA PRIVATE KEY-----PKCS#8 encoded private keys
-----BEGIN PRIVATE KEY-----MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANPN17xW4EkH5PXG1i/i3rE1EXFcCHyxmz95VRBDs1p3MuYf9mxntbfYAmuzS3KrRWh3IyX/Eh80N/v9OXPlwZbVqSTX+L3pCEJtRtsWn0zmswGThjMZiwle0oWuap63L35F1QN8EDaSPSBCyGELNRr6rwVYq0w5b+LOcaCZ+/H1AgMBAAECgYEApfu3aGpww+rC3HUhX0+ckyTycXLdV9LbxidwqRlVEb0+DyfXNucjelp2sy5EHy3na9GJovo8mmWSxhCRGKliRkQ6XgrEMZdCSaWI2AazuHAGlUJRFEVkvdla3AuBAn6y0YdDp/3kbg0yahmKyD8Gq74znUYbDL3R5JtR2Ad/KlUCQQDvSEICTHbO/BF7hVmlKRYZSNHKEPrv8X/OlppS14KvQRwc+CZ5+l6T1Y+l5cHJQUXrXZoWS1K741TXdUhjjUd7AkEA4pod804Ex8sttdWipHMfeyj+IbPAk5XnBc91jT7AYIeL8ccjtfl99xhMsGFaxrh3wA/4SGEvwzWkbxcqH8G5TwJAKNG+0P2SVwURRm0dOdukdXPCtiHnbP9Zujhe4zr4hEUrMpXymmRntfh8pORpBpgoAVraams3Fe5WDttnGfSD+QJAOOC6V9HjfUrQhG3FT0XeRwm5EDiQQ/tCa8DxHqz7mL8tL1ju68ReC+G7jiJBqNOwqzLW/UP3uyYByiikWChGHQJAHUau7jIM45ErO096n94Vh95p76ANxOroWszOt39TyvJOykIfoPwFagLrBWV9Jjos2/D54KE+fyoy4t3yHT+/nw==-----END PRIVATE KEY-----PKCS#8 encrypted private keys - password protected keys (supported since: CryptX-0.062)
-----BEGIN ENCRYPTED PRIVATE KEY-----MIICojAcBgoqhkiG9w0BDAEDMA4ECCQk+Rr1yzzcAgIIAASCAoD/mgpUFjxxM/TyYt+NeT0Fo4echgoGksqs6+rYhO16oshG664emZfkuNoFGGzJ38X6GVuqIXhlPnYQbiKvL37dN/KnoGytFHq9Wnk8dDwjGHPtwajhW5WuIV3NuhW/AO1PF/cRZKFjWrPtNWY5CrpfH6t6zojoe+5uyXpH29lQy4OqvSRdPIt/12UcB+tzV7XzSWEuXh8HAi8asYUu6tuCFnq4GrD2ffM4KWFmL5GqBAwN6m0KkyrNni9XT+RaA6zEhv/lVcwg2esa4/EzRs0ixzzZDKaml8oCMl9RHtFAbQmdlfV7Ip4rGK9BwY6UFiDMIVru6HynOVQKvvZ+j//bgO+3ubrv7psX+vC9Fy/MoH2Tc7MIwDN/QVTciPZlzjWBnBNxMfeFKtEnd7NFiapgfLuRQIiDTMrW/clcqvO54NphxhrcgUEoxos4twKZARntqPZHtf8nEM2x2sEF5kI65aEF/5Yy16qvP0vZAA2B1kcIdXZ8XLZCp4c3olhkIrmgUpo1gyFXdCoC7dT5Cz7/YLkq5hkcFrtp4V9BZMR24fSttc4p24N5xuZ+JneGnGkLX6B+nJAtm9vwbZA6P+23GI0qeMzL3HJXwCOTSsWfm/H9W5+2Zmw851aAmE+pZLni/pk3e3iNSWgs946x/doA5O0uCFsU7oxme+WAIp2SjhxGoe808Lf1CCFMPboFi1O/E0NsX8SIEX+iU+UHi4kxZqVkr3Q5SB/9kiSv8K1bE787yueQOT/dsTYYaMsjAbkEZo0o/47F32T6A2ioXHOV/pr5zNHqE5tL+qKEcLYbAUF1O+WvmdqYz+vHQjRQBatAqTmncvLDYr/j1HPwZX2d-----END ENCRYPTED PRIVATE KEY-----RSA public key from X509 certificate
-----BEGIN CERTIFICATE-----MIIC8zCCAdugAwIBAgIJAPi+LvMU3uGWMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNVBAMMBXBva3VzMB4XDTE3MDcxNDE0MTAyMFoXDTIwMDQwOTE0MTAyMFowEDEOMAwGA1UEAwwFcG9rdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQimaSUIMIdz5uVevzcScbcj06xs1OLaFKUoPJ8v+xP6Ut61BQhAvc8GYuw2uRx223hZCr3HYLfSdWIfmOIAtlL8cPYPVoSivJtpSGE6fBG1tlBjVgXWRmJGR/oxx6Y5QDwcBQ4GZKga8TtHQoY5idZuatYOFZGfMIcIUC0Uoda+YSypnw7A90F/JvlpcTUh3FnemVinqEA6XOegU9dCZk/29sXqauBjbdGihh8DvpklOhY16eQoiR3909AywQ0KUmI+RSa9E8oIsmUDetFuXEvana+sD3y42tU+cd2nhBPRETbSXPcum0B3uF4yKgweuJy5DcvtVQIFVkkh4+AWNAgMBAAGjUDBOMB0GA1UdDgQWBBSS6V5PVGyN92NoB0AVLcObpzR3SzAfBgNVHSMEGDAWgBSS6V5PVGyN92NoB0AVLcObpzR3SzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBIszrBjoJ39axsS6Btbvwvo8vAmgiSWsav7AmjXOAwknHPaCcDmrdOys5POD0DNRwNeRsnxFiZ/UL8Vmj2JGDLgAw+/v32MwfXIg7m+oIbO8KqDzlYvS5kd3suJ5C21hHy1/JUtfofZLovZH7ZRzhTAoRvCYaodW902o8ZqmyCdcXPzjFmoJ2xYzs/Sf8/E1cHfb+4HjOpeRnKxDvG0gwWzcsXpUrw2pNOOztj6Rd0THNrf/anIeYVtAHX4aqZA8Kbv2TyJd+9g78usFw1cn+8vfmilm6Pn0DQa+I5GyGd7BJI8wYuWqIStzvrJHbQQaNrSk7hgjWYiYlcsPh6w2QP-----END CERTIFICATE-----SSH public RSA keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQA...6mdYs5iJNGu/ltUdc=SSH public RSA keys (RFC-4716 format)
---- BEGIN SSH2 PUBLIC KEY ----Comment:"768-bit RSA, converted from OpenSSH"AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6xD/DzKem8761GdCpqsLrGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+L26mdYs5iJNGu/ltUdc=---- END SSH2 PUBLIC KEY ----RSA private keys in JSON Web Key (JWK) format
See http://tools.ietf.org/html/draft-ietf-jose-json-web-key
{"kty":"RSA","n":"0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw","e":"AQAB","d":"X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf","p":"83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI","q":"3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78","dp":"G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe","dq":"s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc","qi":"GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",}BEWARE: For JWK support you need to have JSON module installed.
RSA public keys in JSON Web Key (JWK) format
{"kty":"RSA","n":"0vx7agoebGcQSuuPiLJXZp...tN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECP","e":"AQAB",}BEWARE: For JWK support you need to have JSON module installed.
export_key_der
my$private_der=$pk->export_key_der('private');#ormy$public_der=$pk->export_key_der('public');
export_key_pem
my$private_pem=$pk->export_key_pem('private');#ormy$public_pem=$pk->export_key_pem('public');#ormy$public_pem=$pk->export_key_pem('public_x509');
With parameter 'public' uses header and footer lines:
-----BEGIN RSA PUBLIC KEY-----------END RSA PUBLIC KEY------
With parameter 'public_x509' uses header and footer lines:
-----BEGIN PUBLIC KEY-----------END PUBLIC KEY------
Support for password protected PEM keys
my$private_pem=$pk->export_key_pem('private',$password);#ormy$private_pem=$pk->export_key_pem('private',$password,$cipher);# supported ciphers: 'DES-CBC'# 'DES-EDE3-CBC'# 'SEED-CBC'# 'CAMELLIA-128-CBC'# 'CAMELLIA-192-CBC'# 'CAMELLIA-256-CBC'# 'AES-128-CBC'# 'AES-192-CBC'# 'AES-256-CBC' (DEFAULT)
export_key_jwk
Since: CryptX-0.022
Exports public/private keys as a JSON Web Key (JWK).
my$private_json_text=$pk->export_key_jwk('private');#ormy$public_json_text=$pk->export_key_jwk('public');
Also exports public/private keys as a perl HASH with JWK structure.
my$jwk_hash=$pk->export_key_jwk('private', 1);#ormy$jwk_hash=$pk->export_key_jwk('public', 1);
BEWARE: For JWK support you need to have JSON module installed.
export_key_jwk_thumbprint
Since: CryptX-0.031
Exports the key's JSON Web Key Thumbprint as a string.
If you don't know what this is, see RFC 7638 https://tools.ietf.org/html/rfc7638.
my$thumbprint=$pk->export_key_jwk_thumbprint('SHA256');
encrypt
my$pk= Crypt::PK::RSA->new($pub_key_filename);my$ct=$pk->encrypt($message);#ormy$ct=$pk->encrypt($message,$padding);#ormy$ct=$pk->encrypt($message,'oaep',$hash_name,$lparam);# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest# $lparam (only for oaep) ..... DEFAULT is empty string
decrypt
my$pk= Crypt::PK::RSA->new($priv_key_filename);my$pt=$pk->decrypt($ciphertext);#ormy$pt=$pk->decrypt($ciphertext,$padding);#ormy$pt=$pk->decrypt($ciphertext,'oaep',$hash_name,$lparam);# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest# $lparam (only for oaep) ..... DEFAULT is empty string
sign_message
my$pk= Crypt::PK::RSA->new($priv_key_filename);my$signature=$priv->sign_message($message);#ormy$signature=$priv->sign_message($message,$hash_name);#ormy$signature=$priv->sign_message($message,$hash_name,$padding);#ormy$signature=$priv->sign_message($message,$hash_name,'pss',$saltlen);# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)# $saltlen (only for pss) .. DEFAULT is 12
verify_message
my$pk= Crypt::PK::RSA->new($pub_key_filename);my$valid=$pub->verify_message($signature,$message);#ormy$valid=$pub->verify_message($signature,$message,$hash_name);#ormy$valid=$pub->verify_message($signature,$message,$hash_name,$padding);#ormy$valid=$pub->verify_message($signature,$message,$hash_name,'pss',$saltlen);# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)# $saltlen (only for pss) .. DEFAULT is 12
sign_hash
my$pk= Crypt::PK::RSA->new($priv_key_filename);my$signature=$priv->sign_hash($message_hash);#ormy$signature=$priv->sign_hash($message_hash,$hash_name);#ormy$signature=$priv->sign_hash($message_hash,$hash_name,$padding);#ormy$signature=$priv->sign_hash($message_hash,$hash_name,'pss',$saltlen);# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)# $saltlen (only for pss) .. DEFAULT is 12
verify_hash
my$pk= Crypt::PK::RSA->new($pub_key_filename);my$valid=$pub->verify_hash($signature,$message_hash);#ormy$valid=$pub->verify_hash($signature,$message_hash,$hash_name);#ormy$valid=$pub->verify_hash($signature,$message_hash,$hash_name,$padding);#ormy$valid=$pub->verify_hash($signature,$message_hash,$hash_name,'pss',$saltlen);# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)# $saltlen (only for pss) .. DEFAULT is 12
is_private
my$rv=$pk->is_private;# 1 .. private key loaded# 0 .. public key loaded# undef .. no key loaded
size
my$size=$pk->size;# returns key size in bytes or undef if no key loaded
key2hash
my$hash=$pk->key2hash;# returns hash like this (or undef if no key loaded):{type=> 1,# integer: 1 .. private, 0 .. publicsize=> 256,# integer: key size in bytes# all the rest are hex stringse=>"10001",#public exponentd=>"9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...",#private exponentN=>"D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...",#modulusp=>"D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...",#p factor of Nq=>"FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...",#q factor of NqP=>"88C6D406F833DF73C8B734548E0385261AD51F4187CF...",#1/q mod p CRT paramdP=>"486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...",#d mod (p - 1) CRT paramdQ=>"4597284B2968B72C4212DB7E8F24360B987B80514DA9...",#d mod (q - 1) CRT param}
FUNCTIONS
rsa_encrypt
RSA based encryption. See method "encrypt" below.
my$ct= rsa_encrypt($pub_key_filename,$message);#ormy$ct= rsa_encrypt(\$buffer_containing_pub_key,$message);#ormy$ct= rsa_encrypt($pub_key,$message,$padding);#ormy$ct= rsa_encrypt($pub_key,$message,'oaep',$hash_name,$lparam);# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest# $lparam (only for oaep) ..... DEFAULT is empty string
rsa_decrypt
RSA based decryption. See method "decrypt" below.
my$pt= rsa_decrypt($priv_key_filename,$ciphertext);#ormy$pt= rsa_decrypt(\$buffer_containing_priv_key,$ciphertext);#ormy$pt= rsa_decrypt($priv_key,$ciphertext,$padding);#ormy$pt= rsa_decrypt($priv_key,$ciphertext,'oaep',$hash_name,$lparam);# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest# $lparam (only for oaep) ..... DEFAULT is empty string
rsa_sign_message
Generate RSA signature. See method "sign_message" below.
my$sig= rsa_sign_message($priv_key_filename,$message);#ormy$sig= rsa_sign_message(\$buffer_containing_priv_key,$message);#ormy$sig= rsa_sign_message($priv_key,$message,$hash_name);#ormy$sig= rsa_sign_message($priv_key,$message,$hash_name,$padding);#ormy$sig= rsa_sign_message($priv_key,$message,$hash_name,'pss',$saltlen);# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)# $saltlen (only for pss) .. DEFAULT is 12
rsa_verify_message
Verify RSA signature. See method "verify_message" below.
rsa_verify_message($pub_key_filename,$signature,$message) ordie"ERROR";#orrsa_verify_message(\$buffer_containing_pub_key,$signature,$message) ordie"ERROR";#orrsa_verify_message($pub_key,$signature,$message,$hash_name) ordie"ERROR";#orrsa_verify_message($pub_key,$signature,$message,$hash_name,$padding) ordie"ERROR";#orrsa_verify_message($pub_key,$signature,$message,$hash_name,'pss',$saltlen) ordie"ERROR";# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)# $saltlen (only for pss) .. DEFAULT is 12
rsa_sign_hash
Generate RSA signature. See method "sign_hash" below.
my$sig= rsa_sign_hash($priv_key_filename,$message_hash);#ormy$sig= rsa_sign_hash(\$buffer_containing_priv_key,$message_hash);#ormy$sig= rsa_sign_hash($priv_key,$message_hash,$hash_name);#ormy$sig= rsa_sign_hash($priv_key,$message_hash,$hash_name,$padding);#ormy$sig= rsa_sign_hash($priv_key,$message_hash,$hash_name,'pss',$saltlen);# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)# $saltlen (only for pss) .. DEFAULT is 12
rsa_verify_hash
Verify RSA signature. See method "verify_hash" below.
rsa_verify_hash($pub_key_filename,$signature,$message_hash) ordie"ERROR";#orrsa_verify_hash(\$buffer_containing_pub_key,$signature,$message_hash) ordie"ERROR";#orrsa_verify_hash($pub_key,$signature,$message_hash,$hash_name) ordie"ERROR";#orrsa_verify_hash($pub_key,$signature,$message_hash,$hash_name,$padding) ordie"ERROR";#orrsa_verify_hash($pub_key,$signature,$message_hash,$hash_name,'pss',$saltlen) ordie"ERROR";# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)# $saltlen (only for pss) .. DEFAULT is 12
OpenSSL interoperability
### let's have:# RSA private key in PEM format - rsakey.priv.pem# RSA public key in PEM format - rsakey.pub.pem# data file to be signed or encrypted - input.data
Encrypt by OpenSSL, decrypt by Crypt::PK::RSA
Create encrypted file (from commandline):
openssl rsautl -encrypt -inkey rsakey.pub.pem -pubin -out input.encrypted.rsa -in input.data
Decrypt file (Perl code):
useCrypt::PK::RSA;my$pkrsa= Crypt::PK::RSA->new("rsakey.priv.pem");my$encfile= read_rawfile("input.encrypted.rsa");my$plaintext=$pkrsa->decrypt($encfile,'v1.5');$plaintext;
Encrypt by Crypt::PK::RSA, decrypt by OpenSSL
Create encrypted file (Perl code):
useCrypt::PK::RSA;my$plaintext='secret message';my$pkrsa= Crypt::PK::RSA->new("rsakey.pub.pem");my$encrypted=$pkrsa->encrypt($plaintext,'v1.5');write_rawfile("input.encrypted.rsa",$encrypted);
Decrypt file (from commandline):
openssl rsautl -decrypt -inkey rsakey.priv.pem -in input.encrypted.rsa
Sign by OpenSSL, verify by Crypt::PK::RSA
Create signature (from commandline):
openssl dgst -sha1 -sign rsakey.priv.pem -out input.sha1-rsa.sig input.data
Verify signature (Perl code):
useCrypt::PK::RSA;my$pkrsa= Crypt::PK::RSA->new("rsakey.pub.pem");my$signature= read_rawfile("input.sha1-rsa.sig");my$valid=$pkrsa->verify_hash($signature, digest_file("SHA1","input.data"),"SHA1","v1.5");$valid?"SUCCESS":"FAILURE";
Sign by Crypt::PK::RSA, verify by OpenSSL
Create signature (Perl code):
useCrypt::PK::RSA;my$pkrsa= Crypt::PK::RSA->new("rsakey.priv.pem");my$signature=$pkrsa->sign_hash(digest_file("SHA1","input.data"),"SHA1","v1.5");write_rawfile("input.sha1-rsa.sig",$signature);
Verify signature (from commandline):
openssl dgst -sha1 -verify rsakey.pub.pem -signature input.sha1-rsa.sig input.data
Keys generated by Crypt::PK::RSA
Generate keys (Perl code):
useCrypt::PK::RSA;my$pkrsa= Crypt::PK::RSA->new;$pkrsa->generate_key(256, 65537);write_rawfile("rsakey.pub.der",$pkrsa->export_key_der('public'));write_rawfile("rsakey.priv.der",$pkrsa->export_key_der('private'));write_rawfile("rsakey.pub.pem",$pkrsa->export_key_pem('public_x509'));write_rawfile("rsakey.priv.pem",$pkrsa->export_key_pem('private'));write_rawfile("rsakey-passwd.priv.pem",$pkrsa->export_key_pem('private','secret'));
Use keys by OpenSSL:
openssl rsa -in rsakey.priv.der -text -inform deropenssl rsa -in rsakey.priv.pem -textopenssl rsa -in rsakey-passwd.priv.pem -text -inform pem -passin pass:secretopenssl rsa -in rsakey.pub.der -pubin -text -inform deropenssl rsa -in rsakey.pub.pem -pubin -text
Keys generated by OpenSSL
Generate keys:
openssl genrsa -out rsakey.priv.pem 1024openssl rsa -in rsakey.priv.pem -out rsakey.priv.der -outform deropenssl rsa -in rsakey.priv.pem -out rsakey.pub.pem -puboutopenssl rsa -in rsakey.priv.pem -out rsakey.pub.der -outform der -puboutopenssl rsa -in rsakey.priv.pem -passout pass:secret -des3 -out rsakey-passwd.priv.pem
Load keys (Perl code):
useCrypt::PK::RSA;my$pkrsa= Crypt::PK::RSA->new;$pkrsa->import_key("rsakey.pub.der");$pkrsa->import_key("rsakey.priv.der");$pkrsa->import_key("rsakey.pub.pem");$pkrsa->import_key("rsakey.priv.pem");$pkrsa->import_key("rsakey-passwd.priv.pem","secret");