1Crypt::PK::RSA(3) User Contributed Perl Documentation Crypt::PK::RSA(3)
2
6 Crypt::PK::RSA - Public key cryptography based on RSA
7
9 ### OO interface
10 #Encryption: Alice
12 my $pub = Crypt::PK::RSA->new('Bob_pub_rsa1.der');
13 my $ct = $pub->encrypt("secret message");
14 #
15 #Encryption: Bob (received ciphertext $ct)
16 my $priv = Crypt::PK::RSA->new('Bob_priv_rsa1.der');
17 my $pt = $priv->decrypt($ct);
18 #Signature: Alice
20 my $priv = Crypt::PK::RSA->new('Alice_priv_rsa1.der');
21 my $sig = $priv->sign_message($message);
22 #
23 #Signature: Bob (received $message + $sig)
24 my $pub = Crypt::PK::RSA->new('Alice_pub_rsa1.der');
25 $pub->verify_message($sig, $message) or die "ERROR";
26 #Key generation
28 my $pk = Crypt::PK::RSA->new();
29 $pk->generate_key(256, 65537);
30 my $private_der = $pk->export_key_der('private');
31 my $public_der = $pk->export_key_der('public');
32 my $private_pem = $pk->export_key_pem('private');
33 my $public_pem = $pk->export_key_pem('public');
34 ### Functional interface
36 #Encryption: Alice
38 my $ct = rsa_encrypt('Bob_pub_rsa1.der', "secret message");
39 #Encryption: Bob (received ciphertext $ct)
40 my $pt = rsa_decrypt('Bob_priv_rsa1.der', $ct);
41 #Signature: Alice
43 my $sig = rsa_sign_message('Alice_priv_rsa1.der', $message);
44 #Signature: Bob (received $message + $sig)
45 rsa_verify_message('Alice_pub_rsa1.der', $sig, $message) or die "ERROR";
46
48 The module provides a full featured RSA implementation.
49
51 new
52 my $pk = Crypt::PK::RSA->new();
53 #or
54 my $pk = Crypt::PK::RSA->new($priv_or_pub_key_filename);
55 #or
56 my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_or_pub_key);
57 Support for password protected PEM keys
59 my $pk = Crypt::PK::RSA->new($priv_pem_key_filename, $password);
61 #or
62 my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_pem_key, $password);
63 generate_key
65 Uses Yarrow-based cryptographically strong random number generator
66 seeded with random data taken from "/dev/random" (UNIX) or
67 "CryptGenRandom" (Win32).
68 $pk->generate_key($size, $e);
70 # $size .. key size: 128-512 bytes (DEFAULT is 256)
71 # $e ..... exponent: 3, 17, 257 or 65537 (DEFAULT is 65537)
72 import_key
74 Loads private or public key in DER or PEM format.
75 $pk->import_key($priv_or_pub_key_filename);
77 #or
78 $pk->import_key(\$buffer_containing_priv_or_pub_key);
79 Support for password protected PEM keys
81 $pk->import_key($pem_filename, $password);
83 #or
84 $pk->import_key(\$buffer_containing_pem_key, $password);
85 Loading private or public keys form perl hash:
87 $pk->import_key($hashref);
89 # the $hashref is either a key exported via key2hash
91 $pk->import_key({
92 e => "10001", #public exponent
93 d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
94 N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
95 p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
96 q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
97 qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
98 dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param
99 dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param
100 });
101 # or a hash with items corresponding to JWK (JSON Web Key)
103 $pk->import_key({
104 {
105 kty => "RSA",
106 n => "0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
107 e => "AQAB",
108 d => "X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
109 p => "83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
110 q => "3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
111 dp => "G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
112 dq => "s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
113 qi => "GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
114 });
115 Supported key formats:
117 # all formats can be loaded from a file
119 my $pk = Crypt::PK::RSA->new($filename);
120 # or from a buffer containing the key
122 my $pk = Crypt::PK::RSA->new(\$buffer_with_key);
123 · RSA public keys
125 -----BEGIN PUBLIC KEY-----
127 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5
128 vEzAXpUOL9tDtdPUl96brIbbdMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7Vvb
129 VUjAn/2HHDDL0U1utqqlMJhaffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfK
130 B2uzcNq60sMIfp6siQIDAQAB
131 -----END PUBLIC KEY-----
132 · RSA private keys
134 -----BEGIN RSA PRIVATE KEY-----
136 MIICXQIBAAKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5vEzAXpUOL9tDtdPUl96brIbb
137 dMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7VvbVUjAn/2HHDDL0U1utqqlMJha
138 ffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfKB2uzcNq60sMIfp6siQIDAQAB
139 AoGBAI5+GgNcGQDYw9uF+t7FwxZM5sGZRJrbbEPyuvL+sDxKKW6voKCyHi4EJzaF
140 9jRZMDqgVJcsmUwjPPuMGBHHJ+MI5Zb3L0jbZkyx8u+U5gf88oy9eZmfGOjmHcMB
141 oCgzyoLmJETuyADg2onLanuY3jggFb3tq/jimKjO8xM2R6zhAkEA7uXWWyJI9cCN
142 zrVt5R5v6oosjZ4r5VILGMqBRLrzfTvH+WDMK6Rl/2MHE+YDeLajzunaM8qY2456
143 GTYEXQsIdQJBANXfMEtXocSdPtoVj3ME8Do/0r+ApgTdcDPCwXOzkmkEJW/UFMSn
144 b8CYF5G6sZQN9L5z3s2nvi55PaFV8Q0LMUUCQBh9GvIQm6YFbQPpeTBpZFOIgnSp
145 6BoDxPtvlryy5U7LF/6qO4OlwIbjYdBaXbS8FCKbujBg7jZjboSzEtNu1BkCQDGT
146 w0Yz0jQZn3A+fzpScr2N/fSWheWqz0+wXdfMUKw3YdZCe236wlUK7KvDc1a2xX1A
147 ru1NbTCoujikC3TSm2ECQQDKQshchJlZJmFv9vCFQlGCA/EX+4406xvOOiixbPYC
148 pIB4Ee2cmvEdAqSaOjrvgs5zvaCCFBO0MecPStCAxUX6
149 -----END RSA PRIVATE KEY-----
150 · RSA private keys in password protected PEM format
152 -----BEGIN RSA PRIVATE KEY-----
154 Proc-Type: 4,ENCRYPTED
155 DEK-Info: DES-EDE3-CBC,4D697440FF5AEF18
156 C09H49Gn99o8b8O2r4+Hqao4r3udvC+QSSfsk20sXatyuZSEmbhyqKAB+13NRj+3
158 KIsRTqnL9VkeibIGgLHuekOFKAqeSVZ0PmR4bGWEFxUPAYUvg9N9pIa6hGtNZG+y
159 TEpOAfFITb1pbHQhp3j8y7qmKc5kY5LrZSFE8WwA24NTG773E07wJgRxKDkXNGOl
160 kki6oYArNEps0DdtHFxzgdRg0+yaotXuFJRuC5V4YzKGG/oSRcgYyXKTwCndb3xt
161 aHgI2WprQAPg+qOpLABzoi7bEjCqbHWrwkvnAngylbim2Uyvw1e1xKnzlgIHU7pv
162 e/J+s00pTItfqW1IpY2mh4C9nkfkfVKBKaAv7jO0s6aPySATqsdlrzv2kpF6Ub4J
163 kgaZDOfZ4K3qkyAYVLWcQeDqg4glv9Ah2J05bTm4qrIMmthYnThyQlGvcjUfCMXs
164 0t+mEQbsRY7xKt0o6HzzvQlJ+JsFlLORoslAubJX9iLqpEdnlrj1lD9bo6uIClZ5
165 5+aoLcAyz1D4OsauuP5i8VFu+Is+QG4SN/vHVuArjkqi3VpLwSAjNDY+KWbq042l
166 CqlM2mwm6FIGUZQFxiLHJD7WDmk1xmae++m+XG9CEDTfrUQ5v+l0O6BTrl80XUfU
167 w3gzAWbSjz3UK0FpKeABVFPE9fjNP9fTcS6qL5YJWBPflwxCAbVgsBOW4bOMpDGK
168 BJDQTeShWn4BlYCe/vgThI9ERdgZhRz4NcFeDgVA/CqQzVqptvz4PSqH46fqUN2n
169 4PtJgKE5cASYUBuAjlD71FecSVVM/OTzL1uxYzXBilzvVn2vSHgo9g==
170 -----END RSA PRIVATE KEY-----
171 · PKCS#8 encoded private keys
173 -----BEGIN PRIVATE KEY-----
175 MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANPN17xW4EkH5PXG
176 1i/i3rE1EXFcCHyxmz95VRBDs1p3MuYf9mxntbfYAmuzS3KrRWh3IyX/Eh80N/v9
177 OXPlwZbVqSTX+L3pCEJtRtsWn0zmswGThjMZiwle0oWuap63L35F1QN8EDaSPSBC
178 yGELNRr6rwVYq0w5b+LOcaCZ+/H1AgMBAAECgYEApfu3aGpww+rC3HUhX0+ckyTy
179 cXLdV9LbxidwqRlVEb0+DyfXNucjelp2sy5EHy3na9GJovo8mmWSxhCRGKliRkQ6
180 XgrEMZdCSaWI2AazuHAGlUJRFEVkvdla3AuBAn6y0YdDp/3kbg0yahmKyD8Gq74z
181 nUYbDL3R5JtR2Ad/KlUCQQDvSEICTHbO/BF7hVmlKRYZSNHKEPrv8X/OlppS14Kv
182 QRwc+CZ5+l6T1Y+l5cHJQUXrXZoWS1K741TXdUhjjUd7AkEA4pod804Ex8sttdWi
183 pHMfeyj+IbPAk5XnBc91jT7AYIeL8ccjtfl99xhMsGFaxrh3wA/4SGEvwzWkbxcq
184 H8G5TwJAKNG+0P2SVwURRm0dOdukdXPCtiHnbP9Zujhe4zr4hEUrMpXymmRntfh8
185 pORpBpgoAVraams3Fe5WDttnGfSD+QJAOOC6V9HjfUrQhG3FT0XeRwm5EDiQQ/tC
186 a8DxHqz7mL8tL1ju68ReC+G7jiJBqNOwqzLW/UP3uyYByiikWChGHQJAHUau7jIM
187 45ErO096n94Vh95p76ANxOroWszOt39TyvJOykIfoPwFagLrBWV9Jjos2/D54KE+
188 fyoy4t3yHT+/nw==
189 -----END PRIVATE KEY-----
190 · PKCS#8 encrypted private keys ARE NOT SUPPORTED YET!
192 -----BEGIN ENCRYPTED PRIVATE KEY-----
194 MIICojAcBgoqhkiG9w0BDAEDMA4ECCQk+Rr1yzzcAgIIAASCAoD/mgpUFjxxM/Ty
195 Yt+NeT0Fo4echgoGksqs6+rYhO16oshG664emZfkuNoFGGzJ38X6GVuqIXhlPnYQ
196 biKvL37dN/KnoGytFHq9Wnk8dDwjGHPtwajhW5WuIV3NuhW/AO1PF/cRZKFjWrPt
197 NWY5CrpfH6t6zojoe+5uyXpH29lQy4OqvSRdPIt/12UcB+tzV7XzSWEuXh8HAi8a
198 sYUu6tuCFnq4GrD2ffM4KWFmL5GqBAwN6m0KkyrNni9XT+RaA6zEhv/lVcwg2esa
199 4/EzRs0ixzzZDKaml8oCMl9RHtFAbQmdlfV7Ip4rGK9BwY6UFiDMIVru6HynOVQK
200 vvZ+j//bgO+3ubrv7psX+vC9Fy/MoH2Tc7MIwDN/QVTciPZlzjWBnBNxMfeFKtEn
201 d7NFiapgfLuRQIiDTMrW/clcqvO54NphxhrcgUEoxos4twKZARntqPZHtf8nEM2x
202 2sEF5kI65aEF/5Yy16qvP0vZAA2B1kcIdXZ8XLZCp4c3olhkIrmgUpo1gyFXdCoC
203 7dT5Cz7/YLkq5hkcFrtp4V9BZMR24fSttc4p24N5xuZ+JneGnGkLX6B+nJAtm9vw
204 bZA6P+23GI0qeMzL3HJXwCOTSsWfm/H9W5+2Zmw851aAmE+pZLni/pk3e3iNSWgs
205 946x/doA5O0uCFsU7oxme+WAIp2SjhxGoe808Lf1CCFMPboFi1O/E0NsX8SIEX+i
206 U+UHi4kxZqVkr3Q5SB/9kiSv8K1bE787yueQOT/dsTYYaMsjAbkEZo0o/47F32T6
207 A2ioXHOV/pr5zNHqE5tL+qKEcLYbAUF1O+WvmdqYz+vHQjRQBatAqTmncvLDYr/j
208 1HPwZX2d
209 -----END ENCRYPTED PRIVATE KEY-----
210 · RSA public key from X509 certificate
212 -----BEGIN CERTIFICATE-----
214 MIIC8zCCAdugAwIBAgIJAPi+LvMU3uGWMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV
215 BAMMBXBva3VzMB4XDTE3MDcxNDE0MTAyMFoXDTIwMDQwOTE0MTAyMFowEDEOMAwG
216 A1UEAwwFcG9rdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQima
217 SUIMIdz5uVevzcScbcj06xs1OLaFKUoPJ8v+xP6Ut61BQhAvc8GYuw2uRx223hZC
218 r3HYLfSdWIfmOIAtlL8cPYPVoSivJtpSGE6fBG1tlBjVgXWRmJGR/oxx6Y5QDwcB
219 Q4GZKga8TtHQoY5idZuatYOFZGfMIcIUC0Uoda+YSypnw7A90F/JvlpcTUh3Fnem
220 VinqEA6XOegU9dCZk/29sXqauBjbdGihh8DvpklOhY16eQoiR3909AywQ0KUmI+R
221 Sa9E8oIsmUDetFuXEvana+sD3y42tU+cd2nhBPRETbSXPcum0B3uF4yKgweuJy5D
222 cvtVQIFVkkh4+AWNAgMBAAGjUDBOMB0GA1UdDgQWBBSS6V5PVGyN92NoB0AVLcOb
223 pzR3SzAfBgNVHSMEGDAWgBSS6V5PVGyN92NoB0AVLcObpzR3SzAMBgNVHRMEBTAD
224 AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBIszrBjoJ39axsS6Btbvwvo8vAmgiSWsav
225 7AmjXOAwknHPaCcDmrdOys5POD0DNRwNeRsnxFiZ/UL8Vmj2JGDLgAw+/v32MwfX
226 Ig7m+oIbO8KqDzlYvS5kd3suJ5C21hHy1/JUtfofZLovZH7ZRzhTAoRvCYaodW90
227 2o8ZqmyCdcXPzjFmoJ2xYzs/Sf8/E1cHfb+4HjOpeRnKxDvG0gwWzcsXpUrw2pNO
228 Oztj6Rd0THNrf/anIeYVtAHX4aqZA8Kbv2TyJd+9g78usFw1cn+8vfmilm6Pn0DQ
229 a+I5GyGd7BJI8wYuWqIStzvrJHbQQaNrSk7hgjWYiYlcsPh6w2QP
230 -----END CERTIFICATE-----
231 · SSH public RSA keys
233 ssh-rsa AAAAB3NzaC1yc2EAAAADAQA...6mdYs5iJNGu/ltUdc=
235 · SSH public RSA keys (RFC-4716 format)
237 ---- BEGIN SSH2 PUBLIC KEY ----
239 Comment: "768-bit RSA, converted from OpenSSH"
240 AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6x
241 D/DzKem8761GdCpqsLrGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+
242 L26mdYs5iJNGu/ltUdc=
243 ---- END SSH2 PUBLIC KEY ----
244 · RSA private keys in JSON Web Key (JWK) format
246 See <http://tools.ietf.org/html/draft-ietf-jose-json-web-key>
248 {
250 "kty":"RSA",
251 "n":"0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
252 "e":"AQAB",
253 "d":"X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
254 "p":"83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
255 "q":"3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
256 "dp":"G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
257 "dq":"s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
258 "qi":"GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
259 }
260 BEWARE: For JWK support you need to have JSON::PP, JSON::XS or
262 Cpanel::JSON::XS module.
263 · RSA public keys in JSON Web Key (JWK) format
265 {
267 "kty":"RSA",
268 "n": "0vx7agoebGcQSuuPiLJXZp...tN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECP",
269 "e":"AQAB",
270 }
271 BEWARE: For JWK support you need to have JSON::PP, JSON::XS or
273 Cpanel::JSON::XS module.
274 export_key_der
276 my $private_der = $pk->export_key_der('private');
277 #or
278 my $public_der = $pk->export_key_der('public');
279 export_key_pem
281 my $private_pem = $pk->export_key_pem('private');
282 #or
283 my $public_pem = $pk->export_key_pem('public');
284 #or
285 my $public_pem = $pk->export_key_pem('public_x509');
286 With parameter 'public' uses header and footer lines:
288 -----BEGIN RSA PUBLIC KEY------
290 -----END RSA PUBLIC KEY------
291 With parameter 'public_x509' uses header and footer lines:
293 -----BEGIN PUBLIC KEY------
295 -----END PUBLIC KEY------
296 Support for password protected PEM keys
298 my $private_pem = $pk->export_key_pem('private', $password);
300 #or
301 my $private_pem = $pk->export_key_pem('private', $password, $cipher);
302 # supported ciphers: 'DES-CBC'
304 # 'DES-EDE3-CBC'
305 # 'SEED-CBC'
306 # 'CAMELLIA-128-CBC'
307 # 'CAMELLIA-192-CBC'
308 # 'CAMELLIA-256-CBC'
309 # 'AES-128-CBC'
310 # 'AES-192-CBC'
311 # 'AES-256-CBC' (DEFAULT)
312 export_key_jwk
314 Since: CryptX-0.022
315 Exports public/private keys as a JSON Web Key (JWK).
317 my $private_json_text = $pk->export_key_jwk('private');
319 #or
320 my $public_json_text = $pk->export_key_jwk('public');
321 Also exports public/private keys as a perl HASH with JWK structure.
323 my $jwk_hash = $pk->export_key_jwk('private', 1);
325 #or
326 my $jwk_hash = $pk->export_key_jwk('public', 1);
327 BEWARE: For JWK support you need to have JSON::PP, JSON::XS or
329 Cpanel::JSON::XS module.
330 export_key_jwk_thumbprint
332 Since: CryptX-0.031
333 Exports the key's JSON Web Key Thumbprint as a string.
335 If you don't know what this is, see RFC 7638
337 ("https://tools.ietf.org/html/rfc7638").
338 my $thumbprint = $pk->export_key_jwk_thumbprint('SHA256');
340 encrypt
342 my $pk = Crypt::PK::RSA->new($pub_key_filename);
343 my $ct = $pk->encrypt($message);
344 #or
345 my $ct = $pk->encrypt($message, $padding);
346 #or
347 my $ct = $pk->encrypt($message, 'oaep', $hash_name, $lparam);
348 # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
350 # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
351 # $lparam (only for oaep) ..... DEFAULT is empty string
352 decrypt
354 my $pk = Crypt::PK::RSA->new($priv_key_filename);
355 my $pt = $pk->decrypt($ciphertext);
356 #or
357 my $pt = $pk->decrypt($ciphertext, $padding);
358 #or
359 my $pt = $pk->decrypt($ciphertext, 'oaep', $hash_name, $lparam);
360 # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
362 # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
363 # $lparam (only for oaep) ..... DEFAULT is empty string
364 sign_message
366 my $pk = Crypt::PK::RSA->new($priv_key_filename);
367 my $signature = $priv->sign_message($message);
368 #or
369 my $signature = $priv->sign_message($message, $hash_name);
370 #or
371 my $signature = $priv->sign_message($message, $hash_name, $padding);
372 #or
373 my $signature = $priv->sign_message($message, $hash_name, 'pss', $saltlen);
374 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
376 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
377 # $saltlen (only for pss) .. DEFAULT is 12
378 verify_message
380 my $pk = Crypt::PK::RSA->new($pub_key_filename);
381 my $valid = $pub->verify_message($signature, $message);
382 #or
383 my $valid = $pub->verify_message($signature, $message, $hash_name);
384 #or
385 my $valid = $pub->verify_message($signature, $message, $hash_name, $padding);
386 #or
387 my $valid = $pub->verify_message($signature, $message, $hash_name, 'pss', $saltlen);
388 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
390 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
391 # $saltlen (only for pss) .. DEFAULT is 12
392 sign_hash
394 my $pk = Crypt::PK::RSA->new($priv_key_filename);
395 my $signature = $priv->sign_hash($message_hash);
396 #or
397 my $signature = $priv->sign_hash($message_hash, $hash_name);
398 #or
399 my $signature = $priv->sign_hash($message_hash, $hash_name, $padding);
400 #or
401 my $signature = $priv->sign_hash($message_hash, $hash_name, 'pss', $saltlen);
402 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
404 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
405 # $saltlen (only for pss) .. DEFAULT is 12
406 verify_hash
408 my $pk = Crypt::PK::RSA->new($pub_key_filename);
409 my $valid = $pub->verify_hash($signature, $message_hash);
410 #or
411 my $valid = $pub->verify_hash($signature, $message_hash, $hash_name);
412 #or
413 my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, $padding);
414 #or
415 my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, 'pss', $saltlen);
416 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
418 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
419 # $saltlen (only for pss) .. DEFAULT is 12
420 is_private
422 my $rv = $pk->is_private;
423 # 1 .. private key loaded
424 # 0 .. public key loaded
425 # undef .. no key loaded
426 size
428 my $size = $pk->size;
429 # returns key size in bytes or undef if no key loaded
430 key2hash
432 my $hash = $pk->key2hash;
433 # returns hash like this (or undef if no key loaded):
435 {
436 type => 1, # integer: 1 .. private, 0 .. public
437 size => 256, # integer: key size in bytes
438 # all the rest are hex strings
439 e => "10001", #public exponent
440 d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
441 N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
442 p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
443 q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
444 qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
445 dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param
446 dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param
447 }
448
450 rsa_encrypt
451 RSA based encryption. See method "encrypt" below.
452 my $ct = rsa_encrypt($pub_key_filename, $message);
454 #or
455 my $ct = rsa_encrypt(\$buffer_containing_pub_key, $message);
456 #or
457 my $ct = rsa_encrypt($pub_key, $message, $padding);
458 #or
459 my $ct = rsa_encrypt($pub_key, $message, 'oaep', $hash_name, $lparam);
460 # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
462 # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
463 # $lparam (only for oaep) ..... DEFAULT is empty string
464 rsa_decrypt
466 RSA based decryption. See method "decrypt" below.
467 my $pt = rsa_decrypt($priv_key_filename, $ciphertext);
469 #or
470 my $pt = rsa_decrypt(\$buffer_containing_priv_key, $ciphertext);
471 #or
472 my $pt = rsa_decrypt($priv_key, $ciphertext, $padding);
473 #or
474 my $pt = rsa_decrypt($priv_key, $ciphertext, 'oaep', $hash_name, $lparam);
475 # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
477 # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
478 # $lparam (only for oaep) ..... DEFAULT is empty string
479 rsa_sign_message
481 Generate RSA signature. See method "sign_message" below.
482 my $sig = rsa_sign_message($priv_key_filename, $message);
484 #or
485 my $sig = rsa_sign_message(\$buffer_containing_priv_key, $message);
486 #or
487 my $sig = rsa_sign_message($priv_key, $message, $hash_name);
488 #or
489 my $sig = rsa_sign_message($priv_key, $message, $hash_name, $padding);
490 #or
491 my $sig = rsa_sign_message($priv_key, $message, $hash_name, 'pss', $saltlen);
492 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
494 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
495 # $saltlen (only for pss) .. DEFAULT is 12
496 rsa_verify_message
498 Verify RSA signature. See method "verify_message" below.
499 rsa_verify_message($pub_key_filename, $signature, $message) or die "ERROR";
501 #or
502 rsa_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR";
503 #or
504 rsa_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";
505 #or
506 rsa_verify_message($pub_key, $signature, $message, $hash_name, $padding) or die "ERROR";
507 #or
508 rsa_verify_message($pub_key, $signature, $message, $hash_name, 'pss', $saltlen) or die "ERROR";
509 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
511 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
512 # $saltlen (only for pss) .. DEFAULT is 12
513 rsa_sign_hash
515 Generate RSA signature. See method "sign_hash" below.
516 my $sig = rsa_sign_hash($priv_key_filename, $message_hash);
518 #or
519 my $sig = rsa_sign_hash(\$buffer_containing_priv_key, $message_hash);
520 #or
521 my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name);
522 #or
523 my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, $padding);
524 #or
525 my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, 'pss', $saltlen);
526 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
528 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
529 # $saltlen (only for pss) .. DEFAULT is 12
530 rsa_verify_hash
532 Verify RSA signature. See method "verify_hash" below.
533 rsa_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR";
535 #or
536 rsa_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";
537 #or
538 rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name) or die "ERROR";
539 #or
540 rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, $padding) or die "ERROR";
541 #or
542 rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, 'pss', $saltlen) or die "ERROR";
543 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
545 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
546 # $saltlen (only for pss) .. DEFAULT is 12
547
549 ### let's have:
550 # RSA private key in PEM format - rsakey.priv.pem
551 # RSA public key in PEM format - rsakey.pub.pem
552 # data file to be signed or encrypted - input.data
553 Encrypt by OpenSSL, decrypt by Crypt::PK::RSA
555 Create encrypted file (from commandline):
556 openssl rsautl -encrypt -inkey rsakey.pub.pem -pubin -out input.encrypted.rsa -in input.data
558 Decrypt file (Perl code):
560 use Crypt::PK::RSA;
562 use File::Slurp 'read_file';
563 my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem");
565 my $encfile = read_file("input.encrypted.rsa", binmode=>':raw');
566 my $plaintext = $pkrsa->decrypt($encfile, 'v1.5');
567 print $plaintext;
568 Encrypt by Crypt::PK::RSA, decrypt by OpenSSL
570 Create encrypted file (Perl code):
571 use Crypt::PK::RSA;
573 use File::Slurp 'write_file';
574 my $plaintext = 'secret message';
576 my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem");
577 my $encrypted = $pkrsa->encrypt($plaintext, 'v1.5');
578 write_file("input.encrypted.rsa", {binmode=>':raw'}, $encrypted);
579 Decrypt file (from commandline):
581 openssl rsautl -decrypt -inkey rsakey.priv.pem -in input.encrypted.rsa
583 Sign by OpenSSL, verify by Crypt::PK::RSA
585 Create signature (from commandline):
586 openssl dgst -sha1 -sign rsakey.priv.pem -out input.sha1-rsa.sig input.data
588 Verify signature (Perl code):
590 use Crypt::PK::RSA;
592 use Crypt::Digest 'digest_file';
593 use File::Slurp 'read_file';
594 my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem");
596 my $signature = read_file("input.sha1-rsa.sig", binmode=>':raw');
597 my $valid = $pkrsa->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5");
598 print $valid ? "SUCCESS" : "FAILURE";
599 Sign by Crypt::PK::RSA, verify by OpenSSL
601 Create signature (Perl code):
602 use Crypt::PK::RSA;
604 use Crypt::Digest 'digest_file';
605 use File::Slurp 'write_file';
606 my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem");
608 my $signature = $pkrsa->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5");
609 write_file("input.sha1-rsa.sig", {binmode=>':raw'}, $signature);
610 Verify signature (from commandline):
612 openssl dgst -sha1 -verify rsakey.pub.pem -signature input.sha1-rsa.sig input.data
614 Keys generated by Crypt::PK::RSA
616 Generate keys (Perl code):
617 use Crypt::PK::RSA;
619 use File::Slurp 'write_file';
620 my $pkrsa = Crypt::PK::RSA->new;
622 $pkrsa->generate_key(256, 65537);
623 write_file("rsakey.pub.der", {binmode=>':raw'}, $pkrsa->export_key_der('public'));
624 write_file("rsakey.priv.der", {binmode=>':raw'}, $pkrsa->export_key_der('private'));
625 write_file("rsakey.pub.pem", $pkrsa->export_key_pem('public_x509'));
626 write_file("rsakey.priv.pem", $pkrsa->export_key_pem('private'));
627 write_file("rsakey-passwd.priv.pem", $pkrsa->export_key_pem('private', 'secret'));
628 Use keys by OpenSSL:
630 openssl rsa -in rsakey.priv.der -text -inform der
632 openssl rsa -in rsakey.priv.pem -text
633 openssl rsa -in rsakey-passwd.priv.pem -text -inform pem -passin pass:secret
634 openssl rsa -in rsakey.pub.der -pubin -text -inform der
635 openssl rsa -in rsakey.pub.pem -pubin -text
636 Keys generated by OpenSSL
638 Generate keys:
639 openssl genrsa -out rsakey.priv.pem 1024
641 openssl rsa -in rsakey.priv.pem -out rsakey.priv.der -outform der
642 openssl rsa -in rsakey.priv.pem -out rsakey.pub.pem -pubout
643 openssl rsa -in rsakey.priv.pem -out rsakey.pub.der -outform der -pubout
644 openssl rsa -in rsakey.priv.pem -passout pass:secret -des3 -out rsakey-passwd.priv.pem
645 Load keys (Perl code):
647 use Crypt::PK::RSA;
649 use File::Slurp 'write_file';
650 my $pkrsa = Crypt::PK::RSA->new;
652 $pkrsa->import_key("rsakey.pub.der");
653 $pkrsa->import_key("rsakey.priv.der");
654 $pkrsa->import_key("rsakey.pub.pem");
655 $pkrsa->import_key("rsakey.priv.pem");
656 $pkrsa->import_key("rsakey-passwd.priv.pem", "secret");
657
659 · <https://en.wikipedia.org/wiki/RSA_%28algorithm%29>
660perl v5.32.1 2021-03-30 Crypt::PK::RSA(3)