Crypt::PK::ECC - Public key cryptography based on EC
### OO interface #Encryption: Alice my $pub = Crypt::PK::ECC->new('Bob_pub_ecc1.der'); my $ct = $pub->encrypt("secret message"); # #Encryption: Bob (received ciphertext $ct) my $priv = Crypt::PK::ECC->new('Bob_priv_ecc1.der'); my $pt = $priv->decrypt($ct); #Signature: Alice my $priv = Crypt::PK::ECC->new('Alice_priv_ecc1.der'); my $sig = $priv->sign_message($message); # #Signature: Bob (received $message + $sig) my $pub = Crypt::PK::ECC->new('Alice_pub_ecc1.der'); $pub->verify_message($sig, $message) or die "ERROR"; #Shared secret my $priv = Crypt::PK::ECC->new('Alice_priv_ecc1.der'); my $pub = Crypt::PK::ECC->new('Bob_pub_ecc1.der'); my $shared_secret = $priv->shared_secret($pub); #Key generation my $pk = Crypt::PK::ECC->new(); $pk->generate_key('secp160r1'); my $private_der = $pk->export_key_der('private'); my $public_der = $pk->export_key_der('public'); my $private_pem = $pk->export_key_pem('private'); my $public_pem = $pk->export_key_pem('public'); my $public_raw = $pk->export_key_raw('public'); ### Functional interface #Encryption: Alice my $ct = ecc_encrypt('Bob_pub_ecc1.der', "secret message"); #Encryption: Bob (received ciphertext $ct) my $pt = ecc_decrypt('Bob_priv_ecc1.der', $ct); #Signature: Alice my $sig = ecc_sign_message('Alice_priv_ecc1.der', $message); #Signature: Bob (received $message + $sig) ecc_verify_message('Alice_pub_ecc1.der', $sig, $message) or die "ERROR"; #Shared secret my $shared_secret = ecc_shared_secret('Alice_priv_ecc1.der', 'Bob_pub_ecc1.der');
The module provides a set of core ECC functions as well as implementation of ECDSA and ECDH.
Supports elliptic curves y^2 = x^3 + a*x + b over prime fields Fp = Z/pZ (binary fields not supported).
y^2 = x^3 + a*x + b
Fp = Z/pZ
my $pk = Crypt::PK::ECC->new(); #or my $pk = Crypt::PK::ECC->new($priv_or_pub_key_filename); #or my $pk = Crypt::PK::ECC->new(\$buffer_containing_priv_or_pub_key);
Support for password protected PEM keys
my $pk = Crypt::PK::ECC->new($priv_pem_key_filename, $password); #or my $pk = Crypt::PK::ECC->new(\$buffer_containing_priv_pem_key, $password);
Uses Yarrow-based cryptographically strong random number generator seeded with random data taken from /dev/random (UNIX) or CryptGenRandom (Win32).
/dev/random
CryptGenRandom
$pk->generate_key($curve_name); #or $pk->generate_key($hashref_with_curve_params);
The following pre-defined $curve_name values are supported:
$curve_name
# curves from http://www.ecc-brainpool.org/download/Domain-parameters.pdf 'brainpoolP160r1' 'brainpoolP192r1' 'brainpoolP224r1' 'brainpoolP256r1' 'brainpoolP320r1' 'brainpoolP384r1' 'brainpoolP512r1' # curves from http://www.secg.org/collateral/sec2_final.pdf 'secp112r1' 'secp112r2' 'secp128r1' 'secp128r2' 'secp160k1' 'secp160r1' 'secp160r2' 'secp192k1' 'secp192r1' 'secp224k1' 'secp224r1' 'secp256k1' ... used by Bitcoin 'secp256r1' 'secp384r1' 'secp521r1' #curves from http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf 'nistp192' 'nistp224' 'nistp256' 'nistp384' 'nistp521' # curves from ANS X9.62 'prime192v1' 'prime192v2' 'prime192v3' 'prime239v1' 'prime239v2' 'prime239v3' 'prime256v1'
Using custom curve parameters:
$pk->generate_key({ prime => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF', A => 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC', B => '22123DC2395A05CAA7423DAECCC94760A7D462256BD56916', Gx => '7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896', Gy => '38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0', order => 'FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13', cofactor => 1 });
See http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf, http://www.secg.org/collateral/sec2_final.pdf, http://www.ecc-brainpool.org/download/Domain-parameters.pdf
Loads private or public key in DER or PEM format.
$pk->import_key($filename); #or $pk->import_key(\$buffer_containing_key);
$pk->import_key($pem_filename, $password); #or $pk->import_key(\$buffer_containing_pem_key, $password);
Import raw public/private key - can load data exported by "export_key_raw".
$pk->import_key_raw($key, $curve); # $key .... data exported by export_key_raw() # $curve .. curve name or hashref with curve parameters - same as by generate_key()
my $private_der = $pk->export_key_der('private'); #or my $public_der = $pk->export_key_der('public');
my $private_pem = $pk->export_key_pem('private'); #or my $public_pem = $pk->export_key_pem('public');
my $private_pem = $pk->export_key_pem('private', $password); #or my $private_pem = $pk->export_key_pem('private', $password, $cipher); # supported ciphers: 'DES-CBC' # 'DES-EDE3-CBC' # 'SEED-CBC' # 'CAMELLIA-128-CBC' # 'CAMELLIA-192-CBC' # 'CAMELLIA-256-CBC' # 'AES-128-CBC' # 'AES-192-CBC' # 'AES-256-CBC' (DEFAULT)
Export raw public/private key. Public key is exported in ANS X9.63 format (compressed or uncompressed), private key is exported as raw bytes (padded with leading zeros to have the same size as the ECC curve).
my $pubkey_octets = $pk->export_key_raw('public'); #or my $pubckey_octets = $pk->export_key_raw('public_compressed'); #or my $privkey_octets = $pk->export_key_raw('private');
my $pk = Crypt::PK::ECC->new($pub_key_filename); my $ct = $pk->encrypt($message); #or my $ct = $pk->encrypt($message, $hash_name); #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
my $pk = Crypt::PK::ECC->new($priv_key_filename); my $pt = $pk->decrypt($ciphertext);
my $pk = Crypt::PK::ECC->new($priv_key_filename); my $signature = $priv->sign_message($message); #or my $signature = $priv->sign_message($message, $hash_name); #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
my $pk = Crypt::PK::ECC->new($pub_key_filename); my $valid = $pub->verify_message($signature, $message) #or my $valid = $pub->verify_message($signature, $message, $hash_name); #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
my $pk = Crypt::PK::ECC->new($priv_key_filename); my $signature = $priv->sign_hash($message_hash);
my $pk = Crypt::PK::ECC->new($pub_key_filename); my $valid = $pub->verify_hash($signature, $message_hash);
# Alice having her priv key $pk and Bob's public key $pkb my $pk = Crypt::PK::ECC->new($priv_key_filename); my $pkb = Crypt::PK::ECC->new($pub_key_filename); my $shared_secret = $pk->shared_secret($pkb); # Bob having his priv key $pk and Alice's public key $pka my $pk = Crypt::PK::ECC->new($priv_key_filename); my $pka = Crypt::PK::ECC->new($pub_key_filename); my $shared_secret = $pk->shared_secret($pka); # same value as computed by Alice
my $rv = $pk->is_private; # 1 .. private key loaded # 0 .. public key loaded # undef .. no key loaded
my $size = $pk->size; # returns key size in bytes or undef if no key loaded
my $hash = $pk->key2hash; # returns hash like this (or undef if no key loaded): { size => 20, # integer: key (curve) size in bytes type => 1, # integer: 1 .. private, 0 .. public #curve parameters curve_A => "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", curve_B => "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", curve_bits => 160, curve_bytes => 20, curve_cofactor => 1, curve_Gx => "4A96B5688EF573284664698968C38BB913CBFC82", curve_Gy => "23A628553168947D59DCC912042351377AC5FB32", curve_name => "secp160r1", curve_order => "0100000000000000000001F4C8F927AED3CA752257", curve_prime => "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", #private key k => "B0EE84A749FE95DF997E33B8F333E12101E824C3", #public key point coordinates pub_x => "5AE1ACE3ED0AEA9707CE5C0BCE014F6A2F15023A", pub_y => "895D57E992D0A15F88D6680B27B701F615FCDC0F", }
Elliptic Curve Diffie-Hellman (ECDH) encryption as implemented by libtomcrypt. See method "encrypt" below.
my $ct = ecc_encrypt($pub_key_filename, $message); #or my $ct = ecc_encrypt(\$buffer_containing_pub_key, $message); #or my $ct = ecc_encrypt($pub_key_filename, $message, $hash_name); #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
ECCDH Encryption is performed by producing a random key, hashing it, and XOR'ing the digest against the plaintext.
Elliptic Curve Diffie-Hellman (ECDH) decryption as implemented by libtomcrypt. See method "decrypt" below.
my $pt = ecc_decrypt($priv_key_filename, $ciphertext); #or my $pt = ecc_decrypt(\$buffer_containing_priv_key, $ciphertext);
Elliptic Curve Digital Signature Algorithm (ECDSA) - signature generation. See method "sign_message" below.
my $sig = ecc_sign_message($priv_key_filename, $message); #or my $sig = ecc_sign_message(\$buffer_containing_priv_key, $message); #or my $sig = ecc_sign_message($priv_key, $message, $hash_name);
Elliptic Curve Digital Signature Algorithm (ECDSA) - signature verification. See method "verify_message" below.
ecc_verify_message($pub_key_filename, $signature, $message) or die "ERROR"; #or ecc_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR"; #or ecc_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";
Elliptic Curve Digital Signature Algorithm (ECDSA) - signature generation. See method "sign_hash" below.
my $sig = ecc_sign_hash($priv_key_filename, $message_hash); #or my $sig = ecc_sign_hash(\$buffer_containing_priv_key, $message_hash);
Elliptic Curve Digital Signature Algorithm (ECDSA) - signature verification. See method "verify_hash" below.
ecc_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR"; #or ecc_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";
Elliptic curve Diffie-Hellman (ECDH) - construct a Diffie-Hellman shared secret with a private and public ECC key. See method "shared_secret" below.
#on Alice side my $shared_secret = ecc_shared_secret('Alice_priv_ecc1.der', 'Bob_pub_ecc1.der'); #on Bob side my $shared_secret = ecc_shared_secret('Bob_priv_ecc1.der', 'Alice_pub_ecc1.der');
### let's have: # ECC private key in PEM format - eckey.priv.pem # ECC public key in PEM format - eckey.pub.pem # data file to be signed - input.data
Create signature (from commandline):
openssl dgst -sha1 -sign eckey.priv.pem -out input.sha1-ec.sig input.data
Verify signature (Perl code):
use Crypt::PK::ECC; use Crypt::Digest 'digest_file'; use File::Slurp 'read_file'; my $pkec = Crypt::PK::ECC->new("eckey.pub.pem"); my $signature = read_file("input.sha1-ec.sig", binmode=>':raw'); my $valid = $pkec->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5"); print $valid ? "SUCCESS" : "FAILURE";
Create signature (Perl code):
use Crypt::PK::ECC; use Crypt::Digest 'digest_file'; use File::Slurp 'write_file'; my $pkec = Crypt::PK::ECC->new("eckey.priv.pem"); my $signature = $pkec->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5"); write_file("input.sha1-ec.sig", {binmode=>':raw'}, $signature);
Verify signature (from commandline):
openssl dgst -sha1 -verify eckey.pub.pem -signature input.sha1-ec.sig input.data
Generate keys (Perl code):
use Crypt::PK::ECC; use File::Slurp 'write_file'; my $pkec = Crypt::PK::ECC->new; $pkec->generate_key('secp160k1'); write_file("eckey.pub.der", {binmode=>':raw'}, $pkec->export_key_der('public')); write_file("eckey.priv.der", {binmode=>':raw'}, $pkec->export_key_der('private')); write_file("eckey.pub.pem", $pkec->export_key_pem('public')); write_file("eckey.priv.pem", $pkec->export_key_pem('private')); write_file("eckey-passwd.priv.pem", $pkec->export_key_pem('private', 'secret'));
Use keys by OpenSSL:
openssl ec -in eckey.priv.der -text -inform der openssl ec -in eckey.priv.pem -text openssl ec -in eckey-passwd.priv.pem -text -inform pem -passin pass:secret openssl ec -in eckey.pub.der -pubin -text -inform der openssl ec -in eckey.pub.pem -pubin -text
Generate keys:
openssl ecparam -param_enc explicit -name prime192v3 -genkey -out eckey.priv.pem openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.pub.pem -pubout openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.priv.der -outform der openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.pub.der -outform der -pubout openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.privc.der -outform der -conv_form compressed openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.pubc.der -outform der -pubout -conv_form compressed openssl ec -param_enc explicit -in eckey.priv.pem -passout pass:secret -des3 -out eckey-passwd.priv.pem
IMPORTANT: it is necessary to use -param_enc explicit option
-param_enc explicit
Load keys (Perl code):
use Crypt::PK::ECC; use File::Slurp 'write_file'; my $pkec = Crypt::PK::ECC->new; $pkec->import_key("eckey.pub.der"); $pkec->import_key("eckey.pubc.der"); $pkec->import_key("eckey.priv.der"); $pkec->import_key("eckey.privc.der"); $pkec->import_key("eckey.pub.pem"); $pkec->import_key("eckey.priv.pem"); $pkec->import_key("eckey-passwd.priv.pem", "secret");
https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman
https://en.wikipedia.org/wiki/ECDSA
To install CryptX, copy and paste the appropriate command in to your terminal.
cpanm
cpanm CryptX
CPAN shell
perl -MCPAN -e shell install CryptX
For more information on module installation, please visit the detailed CPAN module installation guide.