1Crypt::PK::RSA(3)     User Contributed Perl Documentation    Crypt::PK::RSA(3)
2
3
4

NAME

6       Crypt::PK::RSA - Public key cryptography based on RSA
7

SYNOPSIS

9        ### OO interface
10
11        #Encryption: Alice
12        my $pub = Crypt::PK::RSA->new('Bob_pub_rsa1.der');
13        my $ct = $pub->encrypt("secret message");
14        #
15        #Encryption: Bob (received ciphertext $ct)
16        my $priv = Crypt::PK::RSA->new('Bob_priv_rsa1.der');
17        my $pt = $priv->decrypt($ct);
18
19        #Signature: Alice
20        my $priv = Crypt::PK::RSA->new('Alice_priv_rsa1.der');
21        my $sig = $priv->sign_message($message);
22        #
23        #Signature: Bob (received $message + $sig)
24        my $pub = Crypt::PK::RSA->new('Alice_pub_rsa1.der');
25        $pub->verify_message($sig, $message) or die "ERROR";
26
27        #Key generation
28        my $pk = Crypt::PK::RSA->new();
29        $pk->generate_key(256, 65537);
30        my $private_der = $pk->export_key_der('private');
31        my $public_der = $pk->export_key_der('public');
32        my $private_pem = $pk->export_key_pem('private');
33        my $public_pem = $pk->export_key_pem('public');
34
35        ### Functional interface
36
37        #Encryption: Alice
38        my $ct = rsa_encrypt('Bob_pub_rsa1.der', "secret message");
39        #Encryption: Bob (received ciphertext $ct)
40        my $pt = rsa_decrypt('Bob_priv_rsa1.der', $ct);
41
42        #Signature: Alice
43        my $sig = rsa_sign_message('Alice_priv_rsa1.der', $message);
44        #Signature: Bob (received $message + $sig)
45        rsa_verify_message('Alice_pub_rsa1.der', $sig, $message) or die "ERROR";
46

DESCRIPTION

48       The module provides a full featured RSA implementation.
49

METHODS

51   new
52         my $pk = Crypt::PK::RSA->new();
53         #or
54         my $pk = Crypt::PK::RSA->new($priv_or_pub_key_filename);
55         #or
56         my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_or_pub_key);
57
58       Support for password protected PEM keys
59
60         my $pk = Crypt::PK::RSA->new($priv_pem_key_filename, $password);
61         #or
62         my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_pem_key, $password);
63
64   generate_key
65       Uses Yarrow-based cryptographically strong random number generator
66       seeded with random data taken from "/dev/random" (UNIX) or
67       "CryptGenRandom" (Win32).
68
69        $pk->generate_key($size, $e);
70        # $size .. key size: 128-512 bytes (DEFAULT is 256)
71        # $e ..... exponent: 3, 17, 257 or 65537 (DEFAULT is 65537)
72
73   import_key
74       Loads private or public key in DER or PEM format.
75
76         $pk->import_key($priv_or_pub_key_filename);
77         #or
78         $pk->import_key(\$buffer_containing_priv_or_pub_key);
79
80       Support for password protected PEM keys
81
82         $pk->import_key($pem_filename, $password);
83         #or
84         $pk->import_key(\$buffer_containing_pem_key, $password);
85
86       Loading private or public keys form perl hash:
87
88        $pk->import_key($hashref);
89
90        # the $hashref is either a key exported via key2hash
91        $pk->import_key({
92          e  => "10001", #public exponent
93          d  => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
94          N  => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
95          p  => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
96          q  => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
97          qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
98          dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param
99          dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param
100        });
101
102        # or a hash with items corresponding to JWK (JSON Web Key)
103        $pk->import_key({
104        {
105          kty => "RSA",
106          n   => "0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
107          e   => "AQAB",
108          d   => "X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
109          p   => "83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
110          q   => "3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
111          dp  => "G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
112          dq  => "s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
113          qi  => "GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
114        });
115
116       Supported key formats:
117
118        # all formats can be loaded from a file
119        my $pk = Crypt::PK::RSA->new($filename);
120
121        # or from a buffer containing the key
122        my $pk = Crypt::PK::RSA->new(\$buffer_with_key);
123
124       •   RSA public keys
125
126            -----BEGIN PUBLIC KEY-----
127            MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5
128            vEzAXpUOL9tDtdPUl96brIbbdMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7Vvb
129            VUjAn/2HHDDL0U1utqqlMJhaffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfK
130            B2uzcNq60sMIfp6siQIDAQAB
131            -----END PUBLIC KEY-----
132
133       •   RSA private keys
134
135            -----BEGIN RSA PRIVATE KEY-----
136            MIICXQIBAAKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5vEzAXpUOL9tDtdPUl96brIbb
137            dMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7VvbVUjAn/2HHDDL0U1utqqlMJha
138            ffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfKB2uzcNq60sMIfp6siQIDAQAB
139            AoGBAI5+GgNcGQDYw9uF+t7FwxZM5sGZRJrbbEPyuvL+sDxKKW6voKCyHi4EJzaF
140            9jRZMDqgVJcsmUwjPPuMGBHHJ+MI5Zb3L0jbZkyx8u+U5gf88oy9eZmfGOjmHcMB
141            oCgzyoLmJETuyADg2onLanuY3jggFb3tq/jimKjO8xM2R6zhAkEA7uXWWyJI9cCN
142            zrVt5R5v6oosjZ4r5VILGMqBRLrzfTvH+WDMK6Rl/2MHE+YDeLajzunaM8qY2456
143            GTYEXQsIdQJBANXfMEtXocSdPtoVj3ME8Do/0r+ApgTdcDPCwXOzkmkEJW/UFMSn
144            b8CYF5G6sZQN9L5z3s2nvi55PaFV8Q0LMUUCQBh9GvIQm6YFbQPpeTBpZFOIgnSp
145            6BoDxPtvlryy5U7LF/6qO4OlwIbjYdBaXbS8FCKbujBg7jZjboSzEtNu1BkCQDGT
146            w0Yz0jQZn3A+fzpScr2N/fSWheWqz0+wXdfMUKw3YdZCe236wlUK7KvDc1a2xX1A
147            ru1NbTCoujikC3TSm2ECQQDKQshchJlZJmFv9vCFQlGCA/EX+4406xvOOiixbPYC
148            pIB4Ee2cmvEdAqSaOjrvgs5zvaCCFBO0MecPStCAxUX6
149            -----END RSA PRIVATE KEY-----
150
151       •   RSA private keys in password protected PEM format
152
153            -----BEGIN RSA PRIVATE KEY-----
154            Proc-Type: 4,ENCRYPTED
155            DEK-Info: DES-EDE3-CBC,4D697440FF5AEF18
156
157            C09H49Gn99o8b8O2r4+Hqao4r3udvC+QSSfsk20sXatyuZSEmbhyqKAB+13NRj+3
158            KIsRTqnL9VkeibIGgLHuekOFKAqeSVZ0PmR4bGWEFxUPAYUvg9N9pIa6hGtNZG+y
159            TEpOAfFITb1pbHQhp3j8y7qmKc5kY5LrZSFE8WwA24NTG773E07wJgRxKDkXNGOl
160            kki6oYArNEps0DdtHFxzgdRg0+yaotXuFJRuC5V4YzKGG/oSRcgYyXKTwCndb3xt
161            aHgI2WprQAPg+qOpLABzoi7bEjCqbHWrwkvnAngylbim2Uyvw1e1xKnzlgIHU7pv
162            e/J+s00pTItfqW1IpY2mh4C9nkfkfVKBKaAv7jO0s6aPySATqsdlrzv2kpF6Ub4J
163            kgaZDOfZ4K3qkyAYVLWcQeDqg4glv9Ah2J05bTm4qrIMmthYnThyQlGvcjUfCMXs
164            0t+mEQbsRY7xKt0o6HzzvQlJ+JsFlLORoslAubJX9iLqpEdnlrj1lD9bo6uIClZ5
165            5+aoLcAyz1D4OsauuP5i8VFu+Is+QG4SN/vHVuArjkqi3VpLwSAjNDY+KWbq042l
166            CqlM2mwm6FIGUZQFxiLHJD7WDmk1xmae++m+XG9CEDTfrUQ5v+l0O6BTrl80XUfU
167            w3gzAWbSjz3UK0FpKeABVFPE9fjNP9fTcS6qL5YJWBPflwxCAbVgsBOW4bOMpDGK
168            BJDQTeShWn4BlYCe/vgThI9ERdgZhRz4NcFeDgVA/CqQzVqptvz4PSqH46fqUN2n
169            4PtJgKE5cASYUBuAjlD71FecSVVM/OTzL1uxYzXBilzvVn2vSHgo9g==
170            -----END RSA PRIVATE KEY-----
171
172       •   PKCS#8 encoded private keys
173
174            -----BEGIN PRIVATE KEY-----
175            MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANPN17xW4EkH5PXG
176            1i/i3rE1EXFcCHyxmz95VRBDs1p3MuYf9mxntbfYAmuzS3KrRWh3IyX/Eh80N/v9
177            OXPlwZbVqSTX+L3pCEJtRtsWn0zmswGThjMZiwle0oWuap63L35F1QN8EDaSPSBC
178            yGELNRr6rwVYq0w5b+LOcaCZ+/H1AgMBAAECgYEApfu3aGpww+rC3HUhX0+ckyTy
179            cXLdV9LbxidwqRlVEb0+DyfXNucjelp2sy5EHy3na9GJovo8mmWSxhCRGKliRkQ6
180            XgrEMZdCSaWI2AazuHAGlUJRFEVkvdla3AuBAn6y0YdDp/3kbg0yahmKyD8Gq74z
181            nUYbDL3R5JtR2Ad/KlUCQQDvSEICTHbO/BF7hVmlKRYZSNHKEPrv8X/OlppS14Kv
182            QRwc+CZ5+l6T1Y+l5cHJQUXrXZoWS1K741TXdUhjjUd7AkEA4pod804Ex8sttdWi
183            pHMfeyj+IbPAk5XnBc91jT7AYIeL8ccjtfl99xhMsGFaxrh3wA/4SGEvwzWkbxcq
184            H8G5TwJAKNG+0P2SVwURRm0dOdukdXPCtiHnbP9Zujhe4zr4hEUrMpXymmRntfh8
185            pORpBpgoAVraams3Fe5WDttnGfSD+QJAOOC6V9HjfUrQhG3FT0XeRwm5EDiQQ/tC
186            a8DxHqz7mL8tL1ju68ReC+G7jiJBqNOwqzLW/UP3uyYByiikWChGHQJAHUau7jIM
187            45ErO096n94Vh95p76ANxOroWszOt39TyvJOykIfoPwFagLrBWV9Jjos2/D54KE+
188            fyoy4t3yHT+/nw==
189            -----END PRIVATE KEY-----
190
191       •   PKCS#8 encrypted private keys ARE NOT SUPPORTED YET!
192
193            -----BEGIN ENCRYPTED PRIVATE KEY-----
194            MIICojAcBgoqhkiG9w0BDAEDMA4ECCQk+Rr1yzzcAgIIAASCAoD/mgpUFjxxM/Ty
195            Yt+NeT0Fo4echgoGksqs6+rYhO16oshG664emZfkuNoFGGzJ38X6GVuqIXhlPnYQ
196            biKvL37dN/KnoGytFHq9Wnk8dDwjGHPtwajhW5WuIV3NuhW/AO1PF/cRZKFjWrPt
197            NWY5CrpfH6t6zojoe+5uyXpH29lQy4OqvSRdPIt/12UcB+tzV7XzSWEuXh8HAi8a
198            sYUu6tuCFnq4GrD2ffM4KWFmL5GqBAwN6m0KkyrNni9XT+RaA6zEhv/lVcwg2esa
199            4/EzRs0ixzzZDKaml8oCMl9RHtFAbQmdlfV7Ip4rGK9BwY6UFiDMIVru6HynOVQK
200            vvZ+j//bgO+3ubrv7psX+vC9Fy/MoH2Tc7MIwDN/QVTciPZlzjWBnBNxMfeFKtEn
201            d7NFiapgfLuRQIiDTMrW/clcqvO54NphxhrcgUEoxos4twKZARntqPZHtf8nEM2x
202            2sEF5kI65aEF/5Yy16qvP0vZAA2B1kcIdXZ8XLZCp4c3olhkIrmgUpo1gyFXdCoC
203            7dT5Cz7/YLkq5hkcFrtp4V9BZMR24fSttc4p24N5xuZ+JneGnGkLX6B+nJAtm9vw
204            bZA6P+23GI0qeMzL3HJXwCOTSsWfm/H9W5+2Zmw851aAmE+pZLni/pk3e3iNSWgs
205            946x/doA5O0uCFsU7oxme+WAIp2SjhxGoe808Lf1CCFMPboFi1O/E0NsX8SIEX+i
206            U+UHi4kxZqVkr3Q5SB/9kiSv8K1bE787yueQOT/dsTYYaMsjAbkEZo0o/47F32T6
207            A2ioXHOV/pr5zNHqE5tL+qKEcLYbAUF1O+WvmdqYz+vHQjRQBatAqTmncvLDYr/j
208            1HPwZX2d
209            -----END ENCRYPTED PRIVATE KEY-----
210
211       •   RSA public key from X509 certificate
212
213            -----BEGIN CERTIFICATE-----
214            MIIC8zCCAdugAwIBAgIJAPi+LvMU3uGWMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV
215            BAMMBXBva3VzMB4XDTE3MDcxNDE0MTAyMFoXDTIwMDQwOTE0MTAyMFowEDEOMAwG
216            A1UEAwwFcG9rdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQima
217            SUIMIdz5uVevzcScbcj06xs1OLaFKUoPJ8v+xP6Ut61BQhAvc8GYuw2uRx223hZC
218            r3HYLfSdWIfmOIAtlL8cPYPVoSivJtpSGE6fBG1tlBjVgXWRmJGR/oxx6Y5QDwcB
219            Q4GZKga8TtHQoY5idZuatYOFZGfMIcIUC0Uoda+YSypnw7A90F/JvlpcTUh3Fnem
220            VinqEA6XOegU9dCZk/29sXqauBjbdGihh8DvpklOhY16eQoiR3909AywQ0KUmI+R
221            Sa9E8oIsmUDetFuXEvana+sD3y42tU+cd2nhBPRETbSXPcum0B3uF4yKgweuJy5D
222            cvtVQIFVkkh4+AWNAgMBAAGjUDBOMB0GA1UdDgQWBBSS6V5PVGyN92NoB0AVLcOb
223            pzR3SzAfBgNVHSMEGDAWgBSS6V5PVGyN92NoB0AVLcObpzR3SzAMBgNVHRMEBTAD
224            AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBIszrBjoJ39axsS6Btbvwvo8vAmgiSWsav
225            7AmjXOAwknHPaCcDmrdOys5POD0DNRwNeRsnxFiZ/UL8Vmj2JGDLgAw+/v32MwfX
226            Ig7m+oIbO8KqDzlYvS5kd3suJ5C21hHy1/JUtfofZLovZH7ZRzhTAoRvCYaodW90
227            2o8ZqmyCdcXPzjFmoJ2xYzs/Sf8/E1cHfb+4HjOpeRnKxDvG0gwWzcsXpUrw2pNO
228            Oztj6Rd0THNrf/anIeYVtAHX4aqZA8Kbv2TyJd+9g78usFw1cn+8vfmilm6Pn0DQ
229            a+I5GyGd7BJI8wYuWqIStzvrJHbQQaNrSk7hgjWYiYlcsPh6w2QP
230            -----END CERTIFICATE-----
231
232       •   SSH public RSA keys
233
234            ssh-rsa AAAAB3NzaC1yc2EAAAADAQA...6mdYs5iJNGu/ltUdc=
235
236       •   SSH public RSA keys (RFC-4716 format)
237
238            ---- BEGIN SSH2 PUBLIC KEY ----
239            Comment: "768-bit RSA, converted from OpenSSH"
240            AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6x
241            D/DzKem8761GdCpqsLrGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+
242            L26mdYs5iJNGu/ltUdc=
243            ---- END SSH2 PUBLIC KEY ----
244
245       •   RSA private keys in JSON Web Key (JWK) format
246
247           See <http://tools.ietf.org/html/draft-ietf-jose-json-web-key>
248
249            {
250              "kty":"RSA",
251              "n":"0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
252              "e":"AQAB",
253              "d":"X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
254              "p":"83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
255              "q":"3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
256              "dp":"G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
257              "dq":"s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
258              "qi":"GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
259            }
260
261           BEWARE: For JWK support you need to have JSON::PP, JSON::XS or
262           Cpanel::JSON::XS module.
263
264       •   RSA public keys in JSON Web Key (JWK) format
265
266            {
267              "kty":"RSA",
268              "n": "0vx7agoebGcQSuuPiLJXZp...tN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECP",
269              "e":"AQAB",
270            }
271
272           BEWARE: For JWK support you need to have JSON::PP, JSON::XS or
273           Cpanel::JSON::XS module.
274
275   export_key_der
276        my $private_der = $pk->export_key_der('private');
277        #or
278        my $public_der = $pk->export_key_der('public');
279
280   export_key_pem
281        my $private_pem = $pk->export_key_pem('private');
282        #or
283        my $public_pem = $pk->export_key_pem('public');
284        #or
285        my $public_pem = $pk->export_key_pem('public_x509');
286
287       With parameter 'public' uses header and footer lines:
288
289         -----BEGIN RSA PUBLIC KEY------
290         -----END RSA PUBLIC KEY------
291
292       With parameter 'public_x509' uses header and footer lines:
293
294         -----BEGIN PUBLIC KEY------
295         -----END PUBLIC KEY------
296
297       Support for password protected PEM keys
298
299        my $private_pem = $pk->export_key_pem('private', $password);
300        #or
301        my $private_pem = $pk->export_key_pem('private', $password, $cipher);
302
303        # supported ciphers: 'DES-CBC'
304        #                    'DES-EDE3-CBC'
305        #                    'SEED-CBC'
306        #                    'CAMELLIA-128-CBC'
307        #                    'CAMELLIA-192-CBC'
308        #                    'CAMELLIA-256-CBC'
309        #                    'AES-128-CBC'
310        #                    'AES-192-CBC'
311        #                    'AES-256-CBC' (DEFAULT)
312
313   export_key_jwk
314       Since: CryptX-0.022
315
316       Exports public/private keys as a JSON Web Key (JWK).
317
318        my $private_json_text = $pk->export_key_jwk('private');
319        #or
320        my $public_json_text = $pk->export_key_jwk('public');
321
322       Also exports public/private keys as a perl HASH with JWK structure.
323
324        my $jwk_hash = $pk->export_key_jwk('private', 1);
325        #or
326        my $jwk_hash = $pk->export_key_jwk('public', 1);
327
328       BEWARE: For JWK support you need to have JSON::PP, JSON::XS or
329       Cpanel::JSON::XS module.
330
331   export_key_jwk_thumbprint
332       Since: CryptX-0.031
333
334       Exports the key's JSON Web Key Thumbprint as a string.
335
336       If you don't know what this is, see RFC 7638
337       ("https://tools.ietf.org/html/rfc7638").
338
339        my $thumbprint = $pk->export_key_jwk_thumbprint('SHA256');
340
341   encrypt
342        my $pk = Crypt::PK::RSA->new($pub_key_filename);
343        my $ct = $pk->encrypt($message);
344        #or
345        my $ct = $pk->encrypt($message, $padding);
346        #or
347        my $ct = $pk->encrypt($message, 'oaep', $hash_name, $lparam);
348
349        # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
350        # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
351        # $lparam (only for oaep) ..... DEFAULT is empty string
352
353   decrypt
354        my $pk = Crypt::PK::RSA->new($priv_key_filename);
355        my $pt = $pk->decrypt($ciphertext);
356        #or
357        my $pt = $pk->decrypt($ciphertext, $padding);
358        #or
359        my $pt = $pk->decrypt($ciphertext, 'oaep', $hash_name, $lparam);
360
361        # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
362        # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
363        # $lparam (only for oaep) ..... DEFAULT is empty string
364
365   sign_message
366        my $pk = Crypt::PK::RSA->new($priv_key_filename);
367        my $signature = $priv->sign_message($message);
368        #or
369        my $signature = $priv->sign_message($message, $hash_name);
370        #or
371        my $signature = $priv->sign_message($message, $hash_name, $padding);
372        #or
373        my $signature = $priv->sign_message($message, $hash_name, 'pss', $saltlen);
374
375        # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
376        # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
377        # $saltlen (only for pss) .. DEFAULT is 12
378
379   verify_message
380        my $pk = Crypt::PK::RSA->new($pub_key_filename);
381        my $valid = $pub->verify_message($signature, $message);
382        #or
383        my $valid = $pub->verify_message($signature, $message, $hash_name);
384        #or
385        my $valid = $pub->verify_message($signature, $message, $hash_name, $padding);
386        #or
387        my $valid = $pub->verify_message($signature, $message, $hash_name, 'pss', $saltlen);
388
389        # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
390        # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
391        # $saltlen (only for pss) .. DEFAULT is 12
392
393   sign_hash
394        my $pk = Crypt::PK::RSA->new($priv_key_filename);
395        my $signature = $priv->sign_hash($message_hash);
396        #or
397        my $signature = $priv->sign_hash($message_hash, $hash_name);
398        #or
399        my $signature = $priv->sign_hash($message_hash, $hash_name, $padding);
400        #or
401        my $signature = $priv->sign_hash($message_hash, $hash_name, 'pss', $saltlen);
402
403        # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
404        # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
405        # $saltlen (only for pss) .. DEFAULT is 12
406
407   verify_hash
408        my $pk = Crypt::PK::RSA->new($pub_key_filename);
409        my $valid = $pub->verify_hash($signature, $message_hash);
410        #or
411        my $valid = $pub->verify_hash($signature, $message_hash, $hash_name);
412        #or
413        my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, $padding);
414        #or
415        my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, 'pss', $saltlen);
416
417        # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
418        # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
419        # $saltlen (only for pss) .. DEFAULT is 12
420
421   is_private
422        my $rv = $pk->is_private;
423        # 1 .. private key loaded
424        # 0 .. public key loaded
425        # undef .. no key loaded
426
427   size
428        my $size = $pk->size;
429        # returns key size in bytes or undef if no key loaded
430
431   key2hash
432        my $hash = $pk->key2hash;
433
434        # returns hash like this (or undef if no key loaded):
435        {
436          type => 1,   # integer: 1 .. private, 0 .. public
437          size => 256, # integer: key size in bytes
438          # all the rest are hex strings
439          e  => "10001", #public exponent
440          d  => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
441          N  => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
442          p  => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
443          q  => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
444          qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
445          dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param
446          dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param
447        }
448

FUNCTIONS

450   rsa_encrypt
451       RSA based encryption. See method "encrypt" below.
452
453        my $ct = rsa_encrypt($pub_key_filename, $message);
454        #or
455        my $ct = rsa_encrypt(\$buffer_containing_pub_key, $message);
456        #or
457        my $ct = rsa_encrypt($pub_key, $message, $padding);
458        #or
459        my $ct = rsa_encrypt($pub_key, $message, 'oaep', $hash_name, $lparam);
460
461        # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
462        # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
463        # $lparam (only for oaep) ..... DEFAULT is empty string
464
465   rsa_decrypt
466       RSA based decryption. See method "decrypt" below.
467
468        my $pt = rsa_decrypt($priv_key_filename, $ciphertext);
469        #or
470        my $pt = rsa_decrypt(\$buffer_containing_priv_key, $ciphertext);
471        #or
472        my $pt = rsa_decrypt($priv_key, $ciphertext, $padding);
473        #or
474        my $pt = rsa_decrypt($priv_key, $ciphertext, 'oaep', $hash_name, $lparam);
475
476        # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
477        # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
478        # $lparam (only for oaep) ..... DEFAULT is empty string
479
480   rsa_sign_message
481       Generate RSA signature. See method "sign_message" below.
482
483        my $sig = rsa_sign_message($priv_key_filename, $message);
484        #or
485        my $sig = rsa_sign_message(\$buffer_containing_priv_key, $message);
486        #or
487        my $sig = rsa_sign_message($priv_key, $message, $hash_name);
488        #or
489        my $sig = rsa_sign_message($priv_key, $message, $hash_name, $padding);
490        #or
491        my $sig = rsa_sign_message($priv_key, $message, $hash_name, 'pss', $saltlen);
492
493        # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
494        # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
495        # $saltlen (only for pss) .. DEFAULT is 12
496
497   rsa_verify_message
498       Verify RSA signature. See method "verify_message" below.
499
500        rsa_verify_message($pub_key_filename, $signature, $message) or die "ERROR";
501        #or
502        rsa_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR";
503        #or
504        rsa_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";
505        #or
506        rsa_verify_message($pub_key, $signature, $message, $hash_name, $padding) or die "ERROR";
507        #or
508        rsa_verify_message($pub_key, $signature, $message, $hash_name, 'pss', $saltlen) or die "ERROR";
509
510        # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
511        # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
512        # $saltlen (only for pss) .. DEFAULT is 12
513
514   rsa_sign_hash
515       Generate RSA signature. See method "sign_hash" below.
516
517        my $sig = rsa_sign_hash($priv_key_filename, $message_hash);
518        #or
519        my $sig = rsa_sign_hash(\$buffer_containing_priv_key, $message_hash);
520        #or
521        my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name);
522        #or
523        my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, $padding);
524        #or
525        my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, 'pss', $saltlen);
526
527        # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
528        # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
529        # $saltlen (only for pss) .. DEFAULT is 12
530
531   rsa_verify_hash
532       Verify RSA signature. See method "verify_hash" below.
533
534        rsa_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR";
535        #or
536        rsa_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";
537        #or
538        rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name) or die "ERROR";
539        #or
540        rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, $padding) or die "ERROR";
541        #or
542        rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, 'pss', $saltlen) or die "ERROR";
543
544        # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
545        # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
546        # $saltlen (only for pss) .. DEFAULT is 12
547

OpenSSL interoperability

549        ### let's have:
550        # RSA private key in PEM format - rsakey.priv.pem
551        # RSA public key in PEM format  - rsakey.pub.pem
552        # data file to be signed or encrypted - input.data
553
554   Encrypt by OpenSSL, decrypt by Crypt::PK::RSA
555       Create encrypted file (from commandline):
556
557        openssl rsautl -encrypt -inkey rsakey.pub.pem -pubin -out input.encrypted.rsa -in input.data
558
559       Decrypt file (Perl code):
560
561         use Crypt::PK::RSA;
562         use File::Slurp 'read_file';
563
564         my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem");
565         my $encfile = read_file("input.encrypted.rsa", binmode=>':raw');
566         my $plaintext = $pkrsa->decrypt($encfile, 'v1.5');
567         print $plaintext;
568
569   Encrypt by Crypt::PK::RSA, decrypt by OpenSSL
570       Create encrypted file (Perl code):
571
572         use Crypt::PK::RSA;
573         use File::Slurp 'write_file';
574
575         my $plaintext = 'secret message';
576         my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem");
577         my $encrypted = $pkrsa->encrypt($plaintext, 'v1.5');
578         write_file("input.encrypted.rsa", {binmode=>':raw'}, $encrypted);
579
580       Decrypt file (from commandline):
581
582        openssl rsautl -decrypt -inkey rsakey.priv.pem -in input.encrypted.rsa
583
584   Sign by OpenSSL, verify by Crypt::PK::RSA
585       Create signature (from commandline):
586
587        openssl dgst -sha1 -sign rsakey.priv.pem -out input.sha1-rsa.sig input.data
588
589       Verify signature (Perl code):
590
591        use Crypt::PK::RSA;
592        use Crypt::Digest 'digest_file';
593        use File::Slurp 'read_file';
594
595        my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem");
596        my $signature = read_file("input.sha1-rsa.sig", binmode=>':raw');
597        my $valid = $pkrsa->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5");
598        print $valid ? "SUCCESS" : "FAILURE";
599
600   Sign by Crypt::PK::RSA, verify by OpenSSL
601       Create signature (Perl code):
602
603        use Crypt::PK::RSA;
604        use Crypt::Digest 'digest_file';
605        use File::Slurp 'write_file';
606
607        my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem");
608        my $signature = $pkrsa->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5");
609        write_file("input.sha1-rsa.sig", {binmode=>':raw'}, $signature);
610
611       Verify signature (from commandline):
612
613        openssl dgst -sha1 -verify rsakey.pub.pem -signature input.sha1-rsa.sig input.data
614
615   Keys generated by Crypt::PK::RSA
616       Generate keys (Perl code):
617
618        use Crypt::PK::RSA;
619        use File::Slurp 'write_file';
620
621        my $pkrsa = Crypt::PK::RSA->new;
622        $pkrsa->generate_key(256, 65537);
623        write_file("rsakey.pub.der",  {binmode=>':raw'}, $pkrsa->export_key_der('public'));
624        write_file("rsakey.priv.der", {binmode=>':raw'}, $pkrsa->export_key_der('private'));
625        write_file("rsakey.pub.pem",  $pkrsa->export_key_pem('public_x509'));
626        write_file("rsakey.priv.pem", $pkrsa->export_key_pem('private'));
627        write_file("rsakey-passwd.priv.pem", $pkrsa->export_key_pem('private', 'secret'));
628
629       Use keys by OpenSSL:
630
631        openssl rsa -in rsakey.priv.der -text -inform der
632        openssl rsa -in rsakey.priv.pem -text
633        openssl rsa -in rsakey-passwd.priv.pem -text -inform pem -passin pass:secret
634        openssl rsa -in rsakey.pub.der -pubin -text -inform der
635        openssl rsa -in rsakey.pub.pem -pubin -text
636
637   Keys generated by OpenSSL
638       Generate keys:
639
640        openssl genrsa -out rsakey.priv.pem 1024
641        openssl rsa -in rsakey.priv.pem -out rsakey.priv.der -outform der
642        openssl rsa -in rsakey.priv.pem -out rsakey.pub.pem -pubout
643        openssl rsa -in rsakey.priv.pem -out rsakey.pub.der -outform der -pubout
644        openssl rsa -in rsakey.priv.pem -passout pass:secret -des3 -out rsakey-passwd.priv.pem
645
646       Load keys (Perl code):
647
648        use Crypt::PK::RSA;
649        use File::Slurp 'write_file';
650
651        my $pkrsa = Crypt::PK::RSA->new;
652        $pkrsa->import_key("rsakey.pub.der");
653        $pkrsa->import_key("rsakey.priv.der");
654        $pkrsa->import_key("rsakey.pub.pem");
655        $pkrsa->import_key("rsakey.priv.pem");
656        $pkrsa->import_key("rsakey-passwd.priv.pem", "secret");
657

SEE ALSO

659       •   <https://en.wikipedia.org/wiki/RSA_%28algorithm%29>
660
661
662
663perl v5.34.0                      2021-07-22                 Crypt::PK::RSA(3)
Impressum