Crypt-OpenSSL-RSA
view release on metacpan or search on metacpan
release of OpenSSL.
- Apply patch from Jim Radford <radford@blackbean.org> to add support
for SHA{224,256,384,512}
0.22 Mon Nov 15 2005 21:13:20
- Add public_decrypt, private_encrypt methods, contributed
by Paul G. Weiss <paul@weiss.name>
- Some changes to help builds on Redhat9
- Remove deprecated methods:
* the no-arg new constructor - use new_from_public_key,
new_from_private_key or Crypt::OpenSSL::RSA->generate_key instead
* load_public_key - use new_from_public_key
* load_private_key - use new_from_private_key
* generate_key as an instance method - use it as a class constructor
method instead.
* set_padding_mode - use use_no_padding, use_pkcs1_padding,
use_pkcs1_oaep_padding, or use_sslv23_padding instead.
* get_padding_mode
- Eliminate all(most all) memory leaks.
- fix email address
- Stop returning true from methods just to indicate success.
- Change default public exponent from 65535 to 65537
get_key_parameters, which, working with
Crypt::OpenSSL::Bignum, allow working directly with the
paramaters of an rsa key.
0.17 Mon Jan 06 2003 22:43:31
- Workaround for gcc 3.2 compile problems:
"/usr/include/openssl/des.h:193: parse error before '&' token"
(Patch by Rob Brown <bbb@cpan.org>)
- Deprecate no-arg constructor, load_*_key methods and the
instance method generate_key; switch to three constructors:
new_public_key, new_private_key and generate_key (as a class
method)
- Deprecate set_padding_mode method; replace with
use_xxx_padding.
- move tests into t directory, use Test as a framework
0.16 Tue Jun 11 22:01:45
- Fix bug reported by Rob McMillin <rlm@pricegrabber.com> which
prevented subclassing.
0.15 Fri Jun 07 09:13:12
SYNOPSIS
use Crypt::OpenSSL::Random;
use Crypt::OpenSSL::RSA;
# not necessary if we have /dev/random:
Crypt::OpenSSL::Random::random_seed($good_entropy);
Crypt::OpenSSL::RSA->import_random_seed();
$rsa_pub = Crypt::OpenSSL::RSA->new_public_key($key_string);
$ciphertext = $rsa->encrypt($plaintext);
$rsa_priv = Crypt::OpenSSL::RSA->new_private_key($key_string);
$plaintext = $rsa->encrypt($ciphertext);
$rsa = Crypt::OpenSSL::RSA->generate_key(1024); # or
$rsa = Crypt::OpenSSL::RSA->generate_key(1024, $prime);
print "private key is:\n", $rsa->get_private_key_string();
print "public key (in PKCS1 format) is:\n",
$rsa->get_public_key_string();
print "public key (in X509 format) is:\n",
$rsa->get_public_key_x509_string();
$rsa_priv->use_md5_hash(); # insecure. use_sha256_hash or use_sha1_hash are the default
$signature = $rsa_priv->sign($plaintext);
print "Signed correctly\n" if ($rsa->verify($plaintext, $signature));
DESCRIPTION
Class Methods
new_public_key
Create a new "Crypt::OpenSSL::RSA" object by loading a public key in
from a string containing Base64/DER-encoding of either the PKCS1 or
X.509 representation of the key. The string should include the
"-----BEGIN...-----" and "-----END...-----" lines.
The padding is set to PKCS1_OAEP, but can be changed with the
"use_xxx_padding" methods.
new_private_key
Create a new "Crypt::OpenSSL::RSA" object by loading a private key
in from an string containing the Base64/DER encoding of the PKCS1
representation of the key. The string should include the
"-----BEGIN...-----" and "-----END...-----" lines. The padding is
set to PKCS1_OAEP, but can be changed with "use_xxx_padding".
An optional parameter can be passed for passphase protected private
key:
passphase
get_public_key_x509_string
Return the Base64/DER-encoded representation of the "subject public
key", suitable for use in X509 certificates. This string has header
and footer lines:
-----BEGIN PUBLIC KEY------
-----END PUBLIC KEY------
and is the format that is produced by running "openssl rsa -pubout".
get_private_key_string
Return the Base64/DER-encoded PKCS1 representation of the private
key. This string has header and footer lines:
-----BEGIN RSA PRIVATE KEY------
-----END RSA PRIVATE KEY------
2 optional parameters can be passed for passphase protected private
key string:
passphase
use Crypt::OpenSSL::Random;
use Crypt::OpenSSL::RSA;
# not necessary if we have /dev/random:
Crypt::OpenSSL::Random::random_seed($good_entropy);
Crypt::OpenSSL::RSA->import_random_seed();
$rsa_pub = Crypt::OpenSSL::RSA->new_public_key($key_string);
$ciphertext = $rsa->encrypt($plaintext);
$rsa_priv = Crypt::OpenSSL::RSA->new_private_key($key_string);
$plaintext = $rsa->encrypt($ciphertext);
$rsa = Crypt::OpenSSL::RSA->generate_key(1024); # or
$rsa = Crypt::OpenSSL::RSA->generate_key(1024, $prime);
print "private key is:\n", $rsa->get_private_key_string();
print "public key (in PKCS1 format) is:\n",
$rsa->get_public_key_string();
print "public key (in X509 format) is:\n",
$rsa->get_public_key_x509_string();
$rsa_priv->use_md5_hash(); # insecure. use_sha256_hash or use_sha1_hash are the default
$signature = $rsa_priv->sign($plaintext);
print "Signed correctly\n" if ($rsa->verify($plaintext, $signature));
# DESCRIPTION
use Crypt::OpenSSL::Random;
use Crypt::OpenSSL::RSA;
# not necessary if we have /dev/random:
Crypt::OpenSSL::Random::random_seed($good_entropy);
Crypt::OpenSSL::RSA->import_random_seed();
$rsa_pub = Crypt::OpenSSL::RSA->new_public_key($key_string);
$ciphertext = $rsa->encrypt($plaintext);
$rsa_priv = Crypt::OpenSSL::RSA->new_private_key($key_string);
$plaintext = $rsa->decrypt($ciphertext);
$rsa = Crypt::OpenSSL::RSA->generate_key(1024); # or
$rsa = Crypt::OpenSSL::RSA->generate_key(1024, $prime);
print "private key is:\n", $rsa->get_private_key_string();
print "public key (in PKCS1 format) is:\n",
$rsa->get_public_key_string();
print "public key (in X509 format) is:\n",
$rsa->get_public_key_x509_string();
$rsa_priv->use_md5_hash(); # insecure. use_sha256_hash or use_sha1_hash are the default
$signature = $rsa_priv->sign($plaintext);
print "Signed correctly\n" if ($rsa->verify($plaintext, $signature));
=head1 SECURITY
=item new_public_key
Create a new C<Crypt::OpenSSL::RSA> object by loading a public key in
from a string containing Base64/DER-encoding of either the PKCS1 or
X.509 representation of the key. The string should include the
C<-----BEGIN...-----> and C<-----END...-----> lines.
The padding is set to PKCS1_OAEP, but can be changed with the
C<use_xxx_padding> methods.
=item new_private_key
Create a new C<Crypt::OpenSSL::RSA> object by loading a private key in
from an string containing the Base64/DER encoding of the PKCS1
representation of the key. The string should include the
C<-----BEGIN...-----> and C<-----END...-----> lines. The padding is set to
PKCS1_OAEP, but can be changed with C<use_xxx_padding>.
An optional parameter can be passed for passphase protected private key:
=over
Return the Base64/DER-encoded representation of the "subject
public key", suitable for use in X509 certificates. This string has
header and footer lines:
-----BEGIN PUBLIC KEY------
-----END PUBLIC KEY------
and is the format that is produced by running C<openssl rsa -pubout>.
=item get_private_key_string
Return the Base64/DER-encoded PKCS1 representation of the private
key. This string has
header and footer lines:
-----BEGIN RSA PRIVATE KEY------
-----END RSA PRIVATE KEY------
2 optional parameters can be passed for passphase protected private key
string:
#if OPENSSL_VERSION_NUMBER < 0x10100000L
# might introduce memory leak without calling EVP_cleanup() on exit
# see https://wiki.openssl.org/index.php/Library_Initialization
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
#else
# NOOP
#endif
SV*
new_private_key(proto, key_string_SV, passphase_SV=&PL_sv_undef)
SV* proto;
SV* key_string_SV;
SV* passphase_SV;
CODE:
RETVAL = make_rsa_obj(
proto, _load_rsa_key(key_string_SV, PEM_read_bio_PrivateKey, passphase_SV));
OUTPUT:
RETVAL
SV*
RETVAL
void
DESTROY(p_rsa)
rsaData* p_rsa;
CODE:
EVP_PKEY_free(p_rsa->rsa);
Safefree(p_rsa);
SV*
get_private_key_string(p_rsa, passphase_SV=&PL_sv_undef, cipher_name_SV=&PL_sv_undef)
rsaData* p_rsa;
SV* passphase_SV;
SV* cipher_name_SV;
PREINIT:
BIO* stringBIO;
char* passphase = NULL;
STRLEN passphaseLength = 0;
char* cipher_name;
const EVP_CIPHER* enc = NULL;
CODE:
pV/9iVvswnnSsxEanoLchzA1bAaDNa9vkIU/BrFwQO9ctw+RQbHrvc/5KPbZoGsq
bfQ/wOXUnQJBAMs/ZGlziX19lOEGfziugMR33ybLxkBS7qcrpBebAED/8etijASp
LgMEOKeRz11WAVJJ5A4wi1yxD4fnBxp44xkCQG4RejNbPVByYQdlJPeD5Aijxta6
nBWGVuKNPuC80XjHpz6Yj9lDt5wH+EkJhA1ZaJKztWNbRoZ5e4x4PcubYXECQHA0
KubcVcblkU85Gvrbu1K7KoJsdKIGJqI7QXeWpmk74v4jhVD9ZN1dczlvEZ9hX5Fi
IXiD7Cvbw8svC4jdu+ECQQCw1ZlQPz2rGE+pFQiKOFPprH+pT+zkINh1d83jeMYd
GG7hKgfQB5J/B0u8/XzEtGnCq8m0xTADx2eplIoKhAFi
-----END RSA PRIVATE KEY-----
EOF
my ( $private_key, $public_key, $private_key2 );
ok( $private_key = Crypt::OpenSSL::RSA->new_private_key($PRIVATE_KEY_STRING) );
ok( $PRIVATE_KEY_STRING eq $private_key->get_private_key_string() );
ok( $PUBLIC_KEY_PKCS1_STRING eq $private_key->get_public_key_string() );
ok( $PUBLIC_KEY_X509_STRING eq $private_key->get_public_key_x509_string() );
ok( $public_key = Crypt::OpenSSL::RSA->new_public_key($PUBLIC_KEY_PKCS1_STRING) );
ok( $PUBLIC_KEY_PKCS1_STRING eq $public_key->get_public_key_string() );
ok( $PUBLIC_KEY_X509_STRING eq $public_key->get_public_key_x509_string() );
ok( $public_key = Crypt::OpenSSL::RSA->new_public_key($PUBLIC_KEY_X509_STRING) );
ok( $PUBLIC_KEY_PKCS1_STRING eq $public_key->get_public_key_string() );
ok( $PUBLIC_KEY_X509_STRING eq $public_key->get_public_key_x509_string() );
my $passphase = '123456';
ok( $private_key = Crypt::OpenSSL::RSA->new_private_key( $ENCRYPT_PRIVATE_KEY_STRING, $passphase ) );
ok( $DECRYPT_PRIVATE_KEY_STRING eq $private_key->get_private_key_string() );
ok( $private_key = Crypt::OpenSSL::RSA->new_private_key($DECRYPT_PRIVATE_KEY_STRING) );
ok( $private_key2 = Crypt::OpenSSL::RSA->new_private_key( $private_key->get_private_key_string($passphase), $passphase ) );
ok( $DECRYPT_PRIVATE_KEY_STRING eq $private_key2->get_private_key_string() );
ok( $private_key2 = Crypt::OpenSSL::RSA->new_private_key( $private_key->get_private_key_string( $passphase, 'des3' ), $passphase ) );
ok( $DECRYPT_PRIVATE_KEY_STRING eq $private_key2->get_private_key_string() );
ok( $private_key2 = Crypt::OpenSSL::RSA->new_private_key( $private_key->get_private_key_string( $passphase, 'aes-128-cbc' ), $passphase ) );
ok( $DECRYPT_PRIVATE_KEY_STRING eq $private_key2->get_private_key_string() );
$rsa->use_no_padding();
_Test_Encrypt_And_Decrypt( $rsa->size(), $rsa, 1 );
$rsa->use_pkcs1_oaep_padding();
# private_encrypt does not work with pkcs1_oaep_padding
_Test_Encrypt_And_Decrypt( $rsa->size() - 42, $rsa, 0 );
#FIXME - use_sslv23_padding seems to fail on decryption. openssl bug?
my $private_key_string = $rsa->get_private_key_string();
my $public_key_string = $rsa->get_public_key_string();
ok( $private_key_string and $public_key_string );
my $plaintext = "The quick brown fox jumped over the lazy dog";
my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($private_key_string);
ok( $plaintext eq $rsa_priv->decrypt( $rsa_priv->encrypt($plaintext) ) );
my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($public_key_string);
$rsa->use_pkcs1_oaep_padding();
ok( $plaintext eq $rsa->decrypt( $rsa_pub->encrypt($plaintext) ) );
ok( $rsa_priv->is_private() );
ok( !$rsa_pub->is_private() );
_check_for_croak(
( run in 0.499 second using v1.01-cache-2.11-cpan-a5abf4f5562 )