1Crypt::PK::RSA(3) User Contributed Perl Documentation Crypt::PK::RSA(3)
2
3
4
6 Crypt::PK::RSA - Public key cryptography based on RSA
7
9 ### OO interface
10
11 #Encryption: Alice
12 my $pub = Crypt::PK::RSA->new('Bob_pub_rsa1.der');
13 my $ct = $pub->encrypt("secret message");
14 #
15 #Encryption: Bob (received ciphertext $ct)
16 my $priv = Crypt::PK::RSA->new('Bob_priv_rsa1.der');
17 my $pt = $priv->decrypt($ct);
18
19 #Signature: Alice
20 my $priv = Crypt::PK::RSA->new('Alice_priv_rsa1.der');
21 my $sig = $priv->sign_message($message);
22 #
23 #Signature: Bob (received $message + $sig)
24 my $pub = Crypt::PK::RSA->new('Alice_pub_rsa1.der');
25 $pub->verify_message($sig, $message) or die "ERROR";
26
27 #Key generation
28 my $pk = Crypt::PK::RSA->new();
29 $pk->generate_key(256, 65537);
30 my $private_der = $pk->export_key_der('private');
31 my $public_der = $pk->export_key_der('public');
32 my $private_pem = $pk->export_key_pem('private');
33 my $public_pem = $pk->export_key_pem('public');
34
35 ### Functional interface
36
37 #Encryption: Alice
38 my $ct = rsa_encrypt('Bob_pub_rsa1.der', "secret message");
39 #Encryption: Bob (received ciphertext $ct)
40 my $pt = rsa_decrypt('Bob_priv_rsa1.der', $ct);
41
42 #Signature: Alice
43 my $sig = rsa_sign_message('Alice_priv_rsa1.der', $message);
44 #Signature: Bob (received $message + $sig)
45 rsa_verify_message('Alice_pub_rsa1.der', $sig, $message) or die "ERROR";
46
48 The module provides a full featured RSA implementation.
49
51 new
52 my $pk = Crypt::PK::RSA->new();
53 #or
54 my $pk = Crypt::PK::RSA->new($priv_or_pub_key_filename);
55 #or
56 my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_or_pub_key);
57
58 Support for password protected PEM keys
59
60 my $pk = Crypt::PK::RSA->new($priv_pem_key_filename, $password);
61 #or
62 my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_pem_key, $password);
63
64 generate_key
65 Uses Yarrow-based cryptographically strong random number generator
66 seeded with random data taken from "/dev/random" (UNIX) or
67 "CryptGenRandom" (Win32).
68
69 $pk->generate_key($size, $e);
70 # $size .. key size: 128-512 bytes (DEFAULT is 256)
71 # $e ..... exponent: 3, 17, 257 or 65537 (DEFAULT is 65537)
72
73 import_key
74 Loads private or public key in DER or PEM format.
75
76 $pk->import_key($priv_or_pub_key_filename);
77 #or
78 $pk->import_key(\$buffer_containing_priv_or_pub_key);
79
80 Support for password protected PEM keys
81
82 $pk->import_key($pem_filename, $password);
83 #or
84 $pk->import_key(\$buffer_containing_pem_key, $password);
85
86 Loading private or public keys form perl hash:
87
88 $pk->import_key($hashref);
89
90 # the $hashref is either a key exported via key2hash
91 $pk->import_key({
92 e => "10001", #public exponent
93 d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
94 N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
95 p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
96 q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
97 qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
98 dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param
99 dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param
100 });
101
102 # or a hash with items corresponding to JWK (JSON Web Key)
103 $pk->import_key({
104 {
105 kty => "RSA",
106 n => "0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
107 e => "AQAB",
108 d => "X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
109 p => "83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
110 q => "3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
111 dp => "G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
112 dq => "s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
113 qi => "GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
114 });
115
116 Supported key formats:
117
118 # all formats can be loaded from a file
119 my $pk = Crypt::PK::RSA->new($filename);
120
121 # or from a buffer containing the key
122 my $pk = Crypt::PK::RSA->new(\$buffer_with_key);
123
124 • RSA public keys
125
126 -----BEGIN PUBLIC KEY-----
127 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5
128 vEzAXpUOL9tDtdPUl96brIbbdMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7Vvb
129 VUjAn/2HHDDL0U1utqqlMJhaffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfK
130 B2uzcNq60sMIfp6siQIDAQAB
131 -----END PUBLIC KEY-----
132
133 • RSA private keys
134
135 -----BEGIN RSA PRIVATE KEY-----
136 MIICXQIBAAKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5vEzAXpUOL9tDtdPUl96brIbb
137 dMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7VvbVUjAn/2HHDDL0U1utqqlMJha
138 ffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfKB2uzcNq60sMIfp6siQIDAQAB
139 AoGBAI5+GgNcGQDYw9uF+t7FwxZM5sGZRJrbbEPyuvL+sDxKKW6voKCyHi4EJzaF
140 9jRZMDqgVJcsmUwjPPuMGBHHJ+MI5Zb3L0jbZkyx8u+U5gf88oy9eZmfGOjmHcMB
141 oCgzyoLmJETuyADg2onLanuY3jggFb3tq/jimKjO8xM2R6zhAkEA7uXWWyJI9cCN
142 zrVt5R5v6oosjZ4r5VILGMqBRLrzfTvH+WDMK6Rl/2MHE+YDeLajzunaM8qY2456
143 GTYEXQsIdQJBANXfMEtXocSdPtoVj3ME8Do/0r+ApgTdcDPCwXOzkmkEJW/UFMSn
144 b8CYF5G6sZQN9L5z3s2nvi55PaFV8Q0LMUUCQBh9GvIQm6YFbQPpeTBpZFOIgnSp
145 6BoDxPtvlryy5U7LF/6qO4OlwIbjYdBaXbS8FCKbujBg7jZjboSzEtNu1BkCQDGT
146 w0Yz0jQZn3A+fzpScr2N/fSWheWqz0+wXdfMUKw3YdZCe236wlUK7KvDc1a2xX1A
147 ru1NbTCoujikC3TSm2ECQQDKQshchJlZJmFv9vCFQlGCA/EX+4406xvOOiixbPYC
148 pIB4Ee2cmvEdAqSaOjrvgs5zvaCCFBO0MecPStCAxUX6
149 -----END RSA PRIVATE KEY-----
150
151 • RSA private keys in password protected PEM format
152
153 -----BEGIN RSA PRIVATE KEY-----
154 Proc-Type: 4,ENCRYPTED
155 DEK-Info: DES-EDE3-CBC,4D697440FF5AEF18
156
157 C09H49Gn99o8b8O2r4+Hqao4r3udvC+QSSfsk20sXatyuZSEmbhyqKAB+13NRj+3
158 KIsRTqnL9VkeibIGgLHuekOFKAqeSVZ0PmR4bGWEFxUPAYUvg9N9pIa6hGtNZG+y
159 TEpOAfFITb1pbHQhp3j8y7qmKc5kY5LrZSFE8WwA24NTG773E07wJgRxKDkXNGOl
160 kki6oYArNEps0DdtHFxzgdRg0+yaotXuFJRuC5V4YzKGG/oSRcgYyXKTwCndb3xt
161 aHgI2WprQAPg+qOpLABzoi7bEjCqbHWrwkvnAngylbim2Uyvw1e1xKnzlgIHU7pv
162 e/J+s00pTItfqW1IpY2mh4C9nkfkfVKBKaAv7jO0s6aPySATqsdlrzv2kpF6Ub4J
163 kgaZDOfZ4K3qkyAYVLWcQeDqg4glv9Ah2J05bTm4qrIMmthYnThyQlGvcjUfCMXs
164 0t+mEQbsRY7xKt0o6HzzvQlJ+JsFlLORoslAubJX9iLqpEdnlrj1lD9bo6uIClZ5
165 5+aoLcAyz1D4OsauuP5i8VFu+Is+QG4SN/vHVuArjkqi3VpLwSAjNDY+KWbq042l
166 CqlM2mwm6FIGUZQFxiLHJD7WDmk1xmae++m+XG9CEDTfrUQ5v+l0O6BTrl80XUfU
167 w3gzAWbSjz3UK0FpKeABVFPE9fjNP9fTcS6qL5YJWBPflwxCAbVgsBOW4bOMpDGK
168 BJDQTeShWn4BlYCe/vgThI9ERdgZhRz4NcFeDgVA/CqQzVqptvz4PSqH46fqUN2n
169 4PtJgKE5cASYUBuAjlD71FecSVVM/OTzL1uxYzXBilzvVn2vSHgo9g==
170 -----END RSA PRIVATE KEY-----
171
172 • PKCS#8 encoded private keys
173
174 -----BEGIN PRIVATE KEY-----
175 MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANPN17xW4EkH5PXG
176 1i/i3rE1EXFcCHyxmz95VRBDs1p3MuYf9mxntbfYAmuzS3KrRWh3IyX/Eh80N/v9
177 OXPlwZbVqSTX+L3pCEJtRtsWn0zmswGThjMZiwle0oWuap63L35F1QN8EDaSPSBC
178 yGELNRr6rwVYq0w5b+LOcaCZ+/H1AgMBAAECgYEApfu3aGpww+rC3HUhX0+ckyTy
179 cXLdV9LbxidwqRlVEb0+DyfXNucjelp2sy5EHy3na9GJovo8mmWSxhCRGKliRkQ6
180 XgrEMZdCSaWI2AazuHAGlUJRFEVkvdla3AuBAn6y0YdDp/3kbg0yahmKyD8Gq74z
181 nUYbDL3R5JtR2Ad/KlUCQQDvSEICTHbO/BF7hVmlKRYZSNHKEPrv8X/OlppS14Kv
182 QRwc+CZ5+l6T1Y+l5cHJQUXrXZoWS1K741TXdUhjjUd7AkEA4pod804Ex8sttdWi
183 pHMfeyj+IbPAk5XnBc91jT7AYIeL8ccjtfl99xhMsGFaxrh3wA/4SGEvwzWkbxcq
184 H8G5TwJAKNG+0P2SVwURRm0dOdukdXPCtiHnbP9Zujhe4zr4hEUrMpXymmRntfh8
185 pORpBpgoAVraams3Fe5WDttnGfSD+QJAOOC6V9HjfUrQhG3FT0XeRwm5EDiQQ/tC
186 a8DxHqz7mL8tL1ju68ReC+G7jiJBqNOwqzLW/UP3uyYByiikWChGHQJAHUau7jIM
187 45ErO096n94Vh95p76ANxOroWszOt39TyvJOykIfoPwFagLrBWV9Jjos2/D54KE+
188 fyoy4t3yHT+/nw==
189 -----END PRIVATE KEY-----
190
191 • PKCS#8 encrypted private keys - password protected keys (supported
192 since: CryptX-0.062)
193
194 -----BEGIN ENCRYPTED PRIVATE KEY-----
195 MIICojAcBgoqhkiG9w0BDAEDMA4ECCQk+Rr1yzzcAgIIAASCAoD/mgpUFjxxM/Ty
196 Yt+NeT0Fo4echgoGksqs6+rYhO16oshG664emZfkuNoFGGzJ38X6GVuqIXhlPnYQ
197 biKvL37dN/KnoGytFHq9Wnk8dDwjGHPtwajhW5WuIV3NuhW/AO1PF/cRZKFjWrPt
198 NWY5CrpfH6t6zojoe+5uyXpH29lQy4OqvSRdPIt/12UcB+tzV7XzSWEuXh8HAi8a
199 sYUu6tuCFnq4GrD2ffM4KWFmL5GqBAwN6m0KkyrNni9XT+RaA6zEhv/lVcwg2esa
200 4/EzRs0ixzzZDKaml8oCMl9RHtFAbQmdlfV7Ip4rGK9BwY6UFiDMIVru6HynOVQK
201 vvZ+j//bgO+3ubrv7psX+vC9Fy/MoH2Tc7MIwDN/QVTciPZlzjWBnBNxMfeFKtEn
202 d7NFiapgfLuRQIiDTMrW/clcqvO54NphxhrcgUEoxos4twKZARntqPZHtf8nEM2x
203 2sEF5kI65aEF/5Yy16qvP0vZAA2B1kcIdXZ8XLZCp4c3olhkIrmgUpo1gyFXdCoC
204 7dT5Cz7/YLkq5hkcFrtp4V9BZMR24fSttc4p24N5xuZ+JneGnGkLX6B+nJAtm9vw
205 bZA6P+23GI0qeMzL3HJXwCOTSsWfm/H9W5+2Zmw851aAmE+pZLni/pk3e3iNSWgs
206 946x/doA5O0uCFsU7oxme+WAIp2SjhxGoe808Lf1CCFMPboFi1O/E0NsX8SIEX+i
207 U+UHi4kxZqVkr3Q5SB/9kiSv8K1bE787yueQOT/dsTYYaMsjAbkEZo0o/47F32T6
208 A2ioXHOV/pr5zNHqE5tL+qKEcLYbAUF1O+WvmdqYz+vHQjRQBatAqTmncvLDYr/j
209 1HPwZX2d
210 -----END ENCRYPTED PRIVATE KEY-----
211
212 • RSA public key from X509 certificate
213
214 -----BEGIN CERTIFICATE-----
215 MIIC8zCCAdugAwIBAgIJAPi+LvMU3uGWMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV
216 BAMMBXBva3VzMB4XDTE3MDcxNDE0MTAyMFoXDTIwMDQwOTE0MTAyMFowEDEOMAwG
217 A1UEAwwFcG9rdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQima
218 SUIMIdz5uVevzcScbcj06xs1OLaFKUoPJ8v+xP6Ut61BQhAvc8GYuw2uRx223hZC
219 r3HYLfSdWIfmOIAtlL8cPYPVoSivJtpSGE6fBG1tlBjVgXWRmJGR/oxx6Y5QDwcB
220 Q4GZKga8TtHQoY5idZuatYOFZGfMIcIUC0Uoda+YSypnw7A90F/JvlpcTUh3Fnem
221 VinqEA6XOegU9dCZk/29sXqauBjbdGihh8DvpklOhY16eQoiR3909AywQ0KUmI+R
222 Sa9E8oIsmUDetFuXEvana+sD3y42tU+cd2nhBPRETbSXPcum0B3uF4yKgweuJy5D
223 cvtVQIFVkkh4+AWNAgMBAAGjUDBOMB0GA1UdDgQWBBSS6V5PVGyN92NoB0AVLcOb
224 pzR3SzAfBgNVHSMEGDAWgBSS6V5PVGyN92NoB0AVLcObpzR3SzAMBgNVHRMEBTAD
225 AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBIszrBjoJ39axsS6Btbvwvo8vAmgiSWsav
226 7AmjXOAwknHPaCcDmrdOys5POD0DNRwNeRsnxFiZ/UL8Vmj2JGDLgAw+/v32MwfX
227 Ig7m+oIbO8KqDzlYvS5kd3suJ5C21hHy1/JUtfofZLovZH7ZRzhTAoRvCYaodW90
228 2o8ZqmyCdcXPzjFmoJ2xYzs/Sf8/E1cHfb+4HjOpeRnKxDvG0gwWzcsXpUrw2pNO
229 Oztj6Rd0THNrf/anIeYVtAHX4aqZA8Kbv2TyJd+9g78usFw1cn+8vfmilm6Pn0DQ
230 a+I5GyGd7BJI8wYuWqIStzvrJHbQQaNrSk7hgjWYiYlcsPh6w2QP
231 -----END CERTIFICATE-----
232
233 • SSH public RSA keys
234
235 ssh-rsa AAAAB3NzaC1yc2EAAAADAQA...6mdYs5iJNGu/ltUdc=
236
237 • SSH public RSA keys (RFC-4716 format)
238
239 ---- BEGIN SSH2 PUBLIC KEY ----
240 Comment: "768-bit RSA, converted from OpenSSH"
241 AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6x
242 D/DzKem8761GdCpqsLrGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+
243 L26mdYs5iJNGu/ltUdc=
244 ---- END SSH2 PUBLIC KEY ----
245
246 • RSA private keys in JSON Web Key (JWK) format
247
248 See <http://tools.ietf.org/html/draft-ietf-jose-json-web-key>
249
250 {
251 "kty":"RSA",
252 "n":"0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
253 "e":"AQAB",
254 "d":"X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
255 "p":"83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
256 "q":"3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
257 "dp":"G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
258 "dq":"s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
259 "qi":"GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
260 }
261
262 BEWARE: For JWK support you need to have JSON module installed.
263
264 • RSA public keys in JSON Web Key (JWK) format
265
266 {
267 "kty":"RSA",
268 "n": "0vx7agoebGcQSuuPiLJXZp...tN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECP",
269 "e":"AQAB",
270 }
271
272 BEWARE: For JWK support you need to have JSON module installed.
273
274 export_key_der
275 my $private_der = $pk->export_key_der('private');
276 #or
277 my $public_der = $pk->export_key_der('public');
278
279 export_key_pem
280 my $private_pem = $pk->export_key_pem('private');
281 #or
282 my $public_pem = $pk->export_key_pem('public');
283 #or
284 my $public_pem = $pk->export_key_pem('public_x509');
285
286 With parameter 'public' uses header and footer lines:
287
288 -----BEGIN RSA PUBLIC KEY------
289 -----END RSA PUBLIC KEY------
290
291 With parameter 'public_x509' uses header and footer lines:
292
293 -----BEGIN PUBLIC KEY------
294 -----END PUBLIC KEY------
295
296 Support for password protected PEM keys
297
298 my $private_pem = $pk->export_key_pem('private', $password);
299 #or
300 my $private_pem = $pk->export_key_pem('private', $password, $cipher);
301
302 # supported ciphers: 'DES-CBC'
303 # 'DES-EDE3-CBC'
304 # 'SEED-CBC'
305 # 'CAMELLIA-128-CBC'
306 # 'CAMELLIA-192-CBC'
307 # 'CAMELLIA-256-CBC'
308 # 'AES-128-CBC'
309 # 'AES-192-CBC'
310 # 'AES-256-CBC' (DEFAULT)
311
312 export_key_jwk
313 Since: CryptX-0.022
314
315 Exports public/private keys as a JSON Web Key (JWK).
316
317 my $private_json_text = $pk->export_key_jwk('private');
318 #or
319 my $public_json_text = $pk->export_key_jwk('public');
320
321 Also exports public/private keys as a perl HASH with JWK structure.
322
323 my $jwk_hash = $pk->export_key_jwk('private', 1);
324 #or
325 my $jwk_hash = $pk->export_key_jwk('public', 1);
326
327 BEWARE: For JWK support you need to have JSON module installed.
328
329 export_key_jwk_thumbprint
330 Since: CryptX-0.031
331
332 Exports the key's JSON Web Key Thumbprint as a string.
333
334 If you don't know what this is, see RFC 7638
335 <https://tools.ietf.org/html/rfc7638>.
336
337 my $thumbprint = $pk->export_key_jwk_thumbprint('SHA256');
338
339 encrypt
340 my $pk = Crypt::PK::RSA->new($pub_key_filename);
341 my $ct = $pk->encrypt($message);
342 #or
343 my $ct = $pk->encrypt($message, $padding);
344 #or
345 my $ct = $pk->encrypt($message, 'oaep', $hash_name, $lparam);
346
347 # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
348 # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
349 # $lparam (only for oaep) ..... DEFAULT is empty string
350
351 decrypt
352 my $pk = Crypt::PK::RSA->new($priv_key_filename);
353 my $pt = $pk->decrypt($ciphertext);
354 #or
355 my $pt = $pk->decrypt($ciphertext, $padding);
356 #or
357 my $pt = $pk->decrypt($ciphertext, 'oaep', $hash_name, $lparam);
358
359 # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
360 # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
361 # $lparam (only for oaep) ..... DEFAULT is empty string
362
363 sign_message
364 my $pk = Crypt::PK::RSA->new($priv_key_filename);
365 my $signature = $priv->sign_message($message);
366 #or
367 my $signature = $priv->sign_message($message, $hash_name);
368 #or
369 my $signature = $priv->sign_message($message, $hash_name, $padding);
370 #or
371 my $signature = $priv->sign_message($message, $hash_name, 'pss', $saltlen);
372
373 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
374 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
375 # $saltlen (only for pss) .. DEFAULT is 12
376
377 verify_message
378 my $pk = Crypt::PK::RSA->new($pub_key_filename);
379 my $valid = $pub->verify_message($signature, $message);
380 #or
381 my $valid = $pub->verify_message($signature, $message, $hash_name);
382 #or
383 my $valid = $pub->verify_message($signature, $message, $hash_name, $padding);
384 #or
385 my $valid = $pub->verify_message($signature, $message, $hash_name, 'pss', $saltlen);
386
387 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
388 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
389 # $saltlen (only for pss) .. DEFAULT is 12
390
391 sign_hash
392 my $pk = Crypt::PK::RSA->new($priv_key_filename);
393 my $signature = $priv->sign_hash($message_hash);
394 #or
395 my $signature = $priv->sign_hash($message_hash, $hash_name);
396 #or
397 my $signature = $priv->sign_hash($message_hash, $hash_name, $padding);
398 #or
399 my $signature = $priv->sign_hash($message_hash, $hash_name, 'pss', $saltlen);
400
401 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
402 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
403 # $saltlen (only for pss) .. DEFAULT is 12
404
405 verify_hash
406 my $pk = Crypt::PK::RSA->new($pub_key_filename);
407 my $valid = $pub->verify_hash($signature, $message_hash);
408 #or
409 my $valid = $pub->verify_hash($signature, $message_hash, $hash_name);
410 #or
411 my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, $padding);
412 #or
413 my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, 'pss', $saltlen);
414
415 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
416 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
417 # $saltlen (only for pss) .. DEFAULT is 12
418
419 is_private
420 my $rv = $pk->is_private;
421 # 1 .. private key loaded
422 # 0 .. public key loaded
423 # undef .. no key loaded
424
425 size
426 my $size = $pk->size;
427 # returns key size in bytes or undef if no key loaded
428
429 key2hash
430 my $hash = $pk->key2hash;
431
432 # returns hash like this (or undef if no key loaded):
433 {
434 type => 1, # integer: 1 .. private, 0 .. public
435 size => 256, # integer: key size in bytes
436 # all the rest are hex strings
437 e => "10001", #public exponent
438 d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
439 N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
440 p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
441 q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
442 qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
443 dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param
444 dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param
445 }
446
448 rsa_encrypt
449 RSA based encryption. See method "encrypt" below.
450
451 my $ct = rsa_encrypt($pub_key_filename, $message);
452 #or
453 my $ct = rsa_encrypt(\$buffer_containing_pub_key, $message);
454 #or
455 my $ct = rsa_encrypt($pub_key, $message, $padding);
456 #or
457 my $ct = rsa_encrypt($pub_key, $message, 'oaep', $hash_name, $lparam);
458
459 # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
460 # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
461 # $lparam (only for oaep) ..... DEFAULT is empty string
462
463 rsa_decrypt
464 RSA based decryption. See method "decrypt" below.
465
466 my $pt = rsa_decrypt($priv_key_filename, $ciphertext);
467 #or
468 my $pt = rsa_decrypt(\$buffer_containing_priv_key, $ciphertext);
469 #or
470 my $pt = rsa_decrypt($priv_key, $ciphertext, $padding);
471 #or
472 my $pt = rsa_decrypt($priv_key, $ciphertext, 'oaep', $hash_name, $lparam);
473
474 # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
475 # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
476 # $lparam (only for oaep) ..... DEFAULT is empty string
477
478 rsa_sign_message
479 Generate RSA signature. See method "sign_message" below.
480
481 my $sig = rsa_sign_message($priv_key_filename, $message);
482 #or
483 my $sig = rsa_sign_message(\$buffer_containing_priv_key, $message);
484 #or
485 my $sig = rsa_sign_message($priv_key, $message, $hash_name);
486 #or
487 my $sig = rsa_sign_message($priv_key, $message, $hash_name, $padding);
488 #or
489 my $sig = rsa_sign_message($priv_key, $message, $hash_name, 'pss', $saltlen);
490
491 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
492 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
493 # $saltlen (only for pss) .. DEFAULT is 12
494
495 rsa_verify_message
496 Verify RSA signature. See method "verify_message" below.
497
498 rsa_verify_message($pub_key_filename, $signature, $message) or die "ERROR";
499 #or
500 rsa_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR";
501 #or
502 rsa_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";
503 #or
504 rsa_verify_message($pub_key, $signature, $message, $hash_name, $padding) or die "ERROR";
505 #or
506 rsa_verify_message($pub_key, $signature, $message, $hash_name, 'pss', $saltlen) or die "ERROR";
507
508 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
509 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
510 # $saltlen (only for pss) .. DEFAULT is 12
511
512 rsa_sign_hash
513 Generate RSA signature. See method "sign_hash" below.
514
515 my $sig = rsa_sign_hash($priv_key_filename, $message_hash);
516 #or
517 my $sig = rsa_sign_hash(\$buffer_containing_priv_key, $message_hash);
518 #or
519 my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name);
520 #or
521 my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, $padding);
522 #or
523 my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, 'pss', $saltlen);
524
525 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
526 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
527 # $saltlen (only for pss) .. DEFAULT is 12
528
529 rsa_verify_hash
530 Verify RSA signature. See method "verify_hash" below.
531
532 rsa_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR";
533 #or
534 rsa_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";
535 #or
536 rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name) or die "ERROR";
537 #or
538 rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, $padding) or die "ERROR";
539 #or
540 rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, 'pss', $saltlen) or die "ERROR";
541
542 # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
543 # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
544 # $saltlen (only for pss) .. DEFAULT is 12
545
547 ### let's have:
548 # RSA private key in PEM format - rsakey.priv.pem
549 # RSA public key in PEM format - rsakey.pub.pem
550 # data file to be signed or encrypted - input.data
551
552 Encrypt by OpenSSL, decrypt by Crypt::PK::RSA
553 Create encrypted file (from commandline):
554
555 openssl rsautl -encrypt -inkey rsakey.pub.pem -pubin -out input.encrypted.rsa -in input.data
556
557 Decrypt file (Perl code):
558
559 use Crypt::PK::RSA;
560 use Crypt::Misc 'read_rawfile';
561
562 my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem");
563 my $encfile = read_rawfile("input.encrypted.rsa");
564 my $plaintext = $pkrsa->decrypt($encfile, 'v1.5');
565 print $plaintext;
566
567 Encrypt by Crypt::PK::RSA, decrypt by OpenSSL
568 Create encrypted file (Perl code):
569
570 use Crypt::PK::RSA;
571 use Crypt::Misc 'write_rawfile';
572
573 my $plaintext = 'secret message';
574 my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem");
575 my $encrypted = $pkrsa->encrypt($plaintext, 'v1.5');
576 write_rawfile("input.encrypted.rsa", $encrypted);
577
578 Decrypt file (from commandline):
579
580 openssl rsautl -decrypt -inkey rsakey.priv.pem -in input.encrypted.rsa
581
582 Sign by OpenSSL, verify by Crypt::PK::RSA
583 Create signature (from commandline):
584
585 openssl dgst -sha1 -sign rsakey.priv.pem -out input.sha1-rsa.sig input.data
586
587 Verify signature (Perl code):
588
589 use Crypt::PK::RSA;
590 use Crypt::Digest 'digest_file';
591 use Crypt::Misc 'read_rawfile';
592
593 my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem");
594 my $signature = read_rawfile("input.sha1-rsa.sig");
595 my $valid = $pkrsa->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5");
596 print $valid ? "SUCCESS" : "FAILURE";
597
598 Sign by Crypt::PK::RSA, verify by OpenSSL
599 Create signature (Perl code):
600
601 use Crypt::PK::RSA;
602 use Crypt::Digest 'digest_file';
603 use Crypt::Misc 'write_rawfile';
604
605 my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem");
606 my $signature = $pkrsa->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5");
607 write_rawfile("input.sha1-rsa.sig", $signature);
608
609 Verify signature (from commandline):
610
611 openssl dgst -sha1 -verify rsakey.pub.pem -signature input.sha1-rsa.sig input.data
612
613 Keys generated by Crypt::PK::RSA
614 Generate keys (Perl code):
615
616 use Crypt::PK::RSA;
617 use Crypt::Misc 'write_rawfile';
618
619 my $pkrsa = Crypt::PK::RSA->new;
620 $pkrsa->generate_key(256, 65537);
621 write_rawfile("rsakey.pub.der", $pkrsa->export_key_der('public'));
622 write_rawfile("rsakey.priv.der", $pkrsa->export_key_der('private'));
623 write_rawfile("rsakey.pub.pem", $pkrsa->export_key_pem('public_x509'));
624 write_rawfile("rsakey.priv.pem", $pkrsa->export_key_pem('private'));
625 write_rawfile("rsakey-passwd.priv.pem", $pkrsa->export_key_pem('private', 'secret'));
626
627 Use keys by OpenSSL:
628
629 openssl rsa -in rsakey.priv.der -text -inform der
630 openssl rsa -in rsakey.priv.pem -text
631 openssl rsa -in rsakey-passwd.priv.pem -text -inform pem -passin pass:secret
632 openssl rsa -in rsakey.pub.der -pubin -text -inform der
633 openssl rsa -in rsakey.pub.pem -pubin -text
634
635 Keys generated by OpenSSL
636 Generate keys:
637
638 openssl genrsa -out rsakey.priv.pem 1024
639 openssl rsa -in rsakey.priv.pem -out rsakey.priv.der -outform der
640 openssl rsa -in rsakey.priv.pem -out rsakey.pub.pem -pubout
641 openssl rsa -in rsakey.priv.pem -out rsakey.pub.der -outform der -pubout
642 openssl rsa -in rsakey.priv.pem -passout pass:secret -des3 -out rsakey-passwd.priv.pem
643
644 Load keys (Perl code):
645
646 use Crypt::PK::RSA;
647
648 my $pkrsa = Crypt::PK::RSA->new;
649 $pkrsa->import_key("rsakey.pub.der");
650 $pkrsa->import_key("rsakey.priv.der");
651 $pkrsa->import_key("rsakey.pub.pem");
652 $pkrsa->import_key("rsakey.priv.pem");
653 $pkrsa->import_key("rsakey-passwd.priv.pem", "secret");
654
656 • <https://en.wikipedia.org/wiki/RSA_%28algorithm%29>
657
658
659
660perl v5.36.1 2023-10-04 Crypt::PK::RSA(3)