1Crypt::PK::DH(3)      User Contributed Perl Documentation     Crypt::PK::DH(3)
2
3
4

NAME

6       Crypt::PK::DH - Public key cryptography based on Diffie-Hellman
7

SYNOPSIS

9        ### OO interface
10
11        #Shared secret
12        my $priv = Crypt::PK::DH->new('Alice_priv_dh1.key');
13        my $pub = Crypt::PK::DH->new('Bob_pub_dh1.key');
14        my $shared_secret = $priv->shared_secret($pub);
15
16        #Key generation
17        my $pk = Crypt::PK::DH->new();
18        $pk->generate_key(128);
19        my $private = $pk->export_key('private');
20        my $public = $pk->export_key('public');
21
22        or
23
24        my $pk = Crypt::PK::DH->new();
25        $pk->generate_key('ike2048');
26        my $private = $pk->export_key('private');
27        my $public = $pk->export_key('public');
28
29        or
30
31        my $pk = Crypt::PK::DH->new();
32        $pk->generate_key({ p => $p, g => $g });
33        my $private = $pk->export_key('private');
34        my $public = $pk->export_key('public');
35
36        ### Functional interface
37
38        #Shared secret
39        my $shared_secret = dh_shared_secret('Alice_priv_dh1.key', 'Bob_pub_dh1.key');
40

METHODS

42   new
43         my $pk = Crypt::PK::DH->new();
44         #or
45         my $pk = Crypt::PK::DH->new($priv_or_pub_key_filename);
46         #or
47         my $pk = Crypt::PK::DH->new(\$buffer_containing_priv_or_pub_key);
48
49   generate_key
50       Uses Yarrow-based cryptographically strong random number generator
51       seeded with random data taken from "/dev/random" (UNIX) or
52       "CryptGenRandom" (Win32).
53
54        $pk->generate_key($groupsize);
55        ### $groupsize (in bytes) corresponds to DH parameters (p, g) predefined by libtomcrypt
56        # 96   =>  DH-768
57        # 128  =>  DH-1024
58        # 192  =>  DH-1536
59        # 256  =>  DH-2048
60        # 384  =>  DH-3072
61        # 512  =>  DH-4096
62        # 768  =>  DH-6144
63        # 1024 =>  DH-8192
64
65       The following variants are available since CryptX-0.032
66
67        $pk->generate_key($groupname)
68        ### $groupname corresponds to values defined in RFC7296 and RFC3526
69        # 'ike768'  =>  768-bit MODP (Group 1)
70        # 'ike1024' => 1024-bit MODP (Group 2)
71        # 'ike1536' => 1536-bit MODP (Group 5)
72        # 'ike2048' => 2048-bit MODP (Group 14)
73        # 'ike3072' => 3072-bit MODP (Group 15)
74        # 'ike4096' => 4096-bit MODP (Group 16)
75        # 'ike6144' => 6144-bit MODP (Group 17)
76        # 'ike8192' => 8192-bit MODP (Group 18)
77
78        $pk->generate_key($param_hash)
79        # $param_hash is { g => $g, p => $p }
80        # where $g is the generator (base) in a hex string and $p is the prime in a hex string
81
82        $pk->generate_key(\$dh_param)
83        # $dh_param is the content of DER or PEM file with DH parameters
84        # e.g. openssl dhparam 2048
85
86   import_key
87       Loads private or public key (exported by "export_key").
88
89         $pk->import_key($filename);
90         #or
91         $pk->import_key(\$buffer_containing_key);
92
93   import_key_raw
94       Since: CryptX-0.032
95
96         $pk->import_key_raw($raw_bytes, $type, $params)
97         ### $raw_bytes is a binary string containing the key
98         ### $type is either 'private' or 'public'
99         ### $param is either a name ('ike2038') or hash containing the p,g values { g=>$g, p=>$p }
100         ### in hex strings
101
102   export_key
103       BEWARE: DH key format change - since v0.049 it is compatible with
104       libtomcrypt 1.18.
105
106        my $private = $pk->export_key('private');
107        #or
108        my $public = $pk->export_key('public');
109
110   export_key_raw
111       Since: CryptX-0.032
112
113        $raw_bytes = $dh->export_key_raw('public')
114        #or
115        $raw_bytes = $dh->export_key_raw('private')
116
117   shared_secret
118        # Alice having her priv key $pk and Bob's public key $pkb
119        my $pk  = Crypt::PK::DH->new($priv_key_filename);
120        my $pkb = Crypt::PK::DH->new($pub_key_filename);
121        my $shared_secret = $pk->shared_secret($pkb);
122
123        # Bob having his priv key $pk and Alice's public key $pka
124        my $pk = Crypt::PK::DH->new($priv_key_filename);
125        my $pka = Crypt::PK::DH->new($pub_key_filename);
126        my $shared_secret = $pk->shared_secret($pka);  # same value as computed by Alice
127
128   is_private
129        my $rv = $pk->is_private;
130        # 1 .. private key loaded
131        # 0 .. public key loaded
132        # undef .. no key loaded
133
134   size
135        my $size = $pk->size;
136        # returns key size in bytes or undef if no key loaded
137
138   key2hash
139        my $hash = $pk->key2hash;
140
141        # returns hash like this (or undef if no key loaded):
142        {
143          type => 0,   # integer: 1 .. private, 0 .. public
144          size => 256, # integer: key size in bytes
145          x => "FBC1062F73B9A17BB8473A2F5A074911FA7F20D28FB...", #private key
146          y => "AB9AAA40774D3CD476B52F82E7EE2D8A8D40CD88BF4...", #public key
147          g => "2", # generator/base
148          p => "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80D...", # prime
149       }
150
151   params2hash
152       Since: CryptX-0.032
153
154        my $params = $pk->params2hash;
155
156        # returns hash like this (or undef if no key loaded):
157        {
158          g => "2", # generator/base
159          p => "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80D...", # prime
160       }
161

FUNCTIONS

163   dh_shared_secret
164       DH based shared secret generation. See method "shared_secret" below.
165
166        #on Alice side
167        my $shared_secret = dh_shared_secret('Alice_priv_dh1.key', 'Bob_pub_dh1.key');
168
169        #on Bob side
170        my $shared_secret = dh_shared_secret('Bob_priv_dh1.key', 'Alice_pub_dh1.key');
171

DEPRECATED INTERFACE

173       The following functions/methods were removed in removed in v0.049:
174
175        encrypt
176        decrypt
177        sign_message
178        verify_message
179        sign_hash
180        verify_hash
181
182        dh_encrypt
183        dh_decrypt
184        dh_sign_message
185        dh_verify_message
186        dh_sign_hash
187        dh_verify_hash
188

SEE ALSO

190       •   <https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange>
191
192
193
194perl v5.38.0                      2023-10-04                  Crypt::PK::DH(3)
Impressum