Crypt::PK::RSA - Public key cryptography based on RSA
### OO interface #Encryption: Alice my $pub = Crypt::PK::RSA->new('Bob_pub_rsa1.der'); my $ct = $pub->encrypt("secret message"); # #Encryption: Bob (received ciphertext $ct) my $priv = Crypt::PK::RSA->new('Bob_priv_rsa1.der'); my $pt = $priv->decrypt($ct); #Signature: Alice my $priv = Crypt::PK::RSA->new('Alice_priv_rsa1.der'); my $sig = $priv->sign_message($message); # #Signature: Bob (received $message + $sig) my $pub = Crypt::PK::RSA->new('Alice_pub_rsa1.der'); $pub->verify_message($sig, $message) or die "ERROR"; #Key generation my $pk = Crypt::PK::RSA->new(); $pk->generate_key(256, 65537); my $private_der = $pk->export_key_der('private'); my $public_der = $pk->export_key_der('public'); my $private_pem = $pk->export_key_pem('private'); my $public_pem = $pk->export_key_pem('public'); ### Functional interface #Encryption: Alice my $ct = rsa_encrypt('Bob_pub_rsa1.der', "secret message"); #Encryption: Bob (received ciphertext $ct) my $pt = rsa_decrypt('Bob_priv_rsa1.der', $ct); #Signature: Alice my $sig = rsa_sign_message('Alice_priv_rsa1.der', $message); #Signature: Bob (received $message + $sig) rsa_verify_message('Alice_pub_rsa1.der', $sig, $message) or die "ERROR";
The module provides a full featured RSA implementation.
my $pk = Crypt::PK::RSA->new(); #or my $pk = Crypt::PK::RSA->new($priv_or_pub_key_filename); #or my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_or_pub_key);
Support for password protected PEM keys
my $pk = Crypt::PK::RSA->new($priv_pem_key_filename, $password); #or my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_pem_key, $password);
Uses Yarrow-based cryptographically strong random number generator seeded with random data taken from /dev/random (UNIX) or CryptGenRandom (Win32).
/dev/random
CryptGenRandom
$pk->generate_key($size, $e); # $size .. key size: 128-512 bytes (DEFAULT is 256) # $e ..... exponent: 3, 17, 257 or 65537 (DEFAULT is 65537)
Loads private or public key in DER or PEM format.
$pk->import_key($priv_or_pub_key_filename); #or $pk->import_key(\$buffer_containing_priv_or_pub_key);
$pk->import_key($pem_filename, $password); #or $pk->import_key(\$buffer_containing_pem_key, $password);
my $private_der = $pk->export_key_der('private'); #or my $public_der = $pk->export_key_der('public');
my $private_pem = $pk->export_key_pem('private'); #or my $public_pem = $pk->export_key_pem('public'); #or my $public_pem = $pk->export_key_pem('public_x509');
With parameter 'public' uses header and footer lines:
'public'
-----BEGIN RSA PUBLIC KEY------ -----END RSA PUBLIC KEY------
With parameter 'public_x509' uses header and footer lines:
'public_x509'
-----BEGIN PUBLIC KEY------ -----END PUBLIC KEY------
my $private_pem = $pk->export_key_pem('private', $password); #or my $private_pem = $pk->export_key_pem('private', $password, $cipher); # supported ciphers: 'DES-CBC' # 'DES-EDE3-CBC' # 'SEED-CBC' # 'CAMELLIA-128-CBC' # 'CAMELLIA-192-CBC' # 'CAMELLIA-256-CBC' # 'AES-128-CBC' # 'AES-192-CBC' # 'AES-256-CBC' (DEFAULT)
my $pk = Crypt::PK::RSA->new($pub_key_filename); my $ct = $pk->encrypt($message); #or my $ct = $pk->encrypt($message, $padding); #or my $ct = $pk->encrypt($message, 'oaep', $hash_name, $lparam); # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest # $lparam (only for oaep) ..... DEFAULT is empty string
my $pk = Crypt::PK::RSA->new($priv_key_filename); my $pt = $pk->decrypt($ciphertext); #or my $pt = $pk->decrypt($ciphertext, $padding); #or my $pt = $pk->decrypt($ciphertext, 'oaep', $hash_name, $lparam); # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest # $lparam (only for oaep) ..... DEFAULT is empty string
my $pk = Crypt::PK::RSA->new($priv_key_filename); my $signature = $priv->sign_message($message); #or my $signature = $priv->sign_message($message, $hash_name); #or my $signature = $priv->sign_message($message, $hash_name, $padding); #or my $signature = $priv->sign_message($message, $hash_name, 'pss', $saltlen); # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest # $padding ................. 'pss' (DEFAULT) or 'v1.5' # $saltlen (only for pss) .. DEFAULT is 12
my $pk = Crypt::PK::RSA->new($pub_key_filename); my $valid = $pub->verify_message($signature, $message); #or my $valid = $pub->verify_message($signature, $message, $hash_name); #or my $valid = $pub->verify_message($signature, $message, $hash_name, $padding); #or my $valid = $pub->verify_message($signature, $message, $hash_name, 'pss', $saltlen); # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest # $padding ................. 'pss' (DEFAULT) or 'v1.5' # $saltlen (only for pss) .. DEFAULT is 12
my $pk = Crypt::PK::RSA->new($priv_key_filename); my $signature = $priv->sign_hash($message_hash); #or my $signature = $priv->sign_hash($message_hash, $hash_name); #or my $signature = $priv->sign_hash($message_hash, $hash_name, $padding); #or my $signature = $priv->sign_hash($message_hash, $hash_name, 'pss', $saltlen); # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest # $padding ................. 'pss' (DEFAULT) or 'v1.5' # $saltlen (only for pss) .. DEFAULT is 12
my $pk = Crypt::PK::RSA->new($pub_key_filename); my $valid = $pub->verify_hash($signature, $message_hash); #or my $valid = $pub->verify_hash($signature, $message_hash, $hash_name); #or my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, $padding); #or my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, 'pss', $saltlen); # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest # $padding ................. 'pss' (DEFAULT) or 'v1.5' # $saltlen (only for pss) .. DEFAULT is 12
my $rv = $pk->is_private; # 1 .. private key loaded # 0 .. public key loaded # undef .. no key loaded
my $size = $pk->size; # returns key size in bytes or undef if no key loaded
my $hash = $pk->key2hash; # returns hash like this (or undef if no key loaded): { type => 1, # integer: 1 .. private, 0 .. public size => 256, # integer: key size in bytes # all the rest are hex strings e => "10001", #public exponent d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param }
RSA based encryption. See method "encrypt" below.
my $ct = rsa_encrypt($pub_key_filename, $message); #or my $ct = rsa_encrypt(\$buffer_containing_pub_key, $message); #or my $ct = rsa_encrypt($pub_key, $message, $padding); #or my $ct = rsa_encrypt($pub_key, $message, 'oaep', $hash_name, $lparam); # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest # $lparam (only for oaep) ..... DEFAULT is empty string
RSA based decryption. See method "decrypt" below.
my $pt = rsa_decrypt($priv_key_filename, $ciphertext); #or my $pt = rsa_decrypt(\$buffer_containing_priv_key, $ciphertext); #or my $pt = rsa_decrypt($priv_key, $ciphertext, $padding); #or my $pt = rsa_decrypt($priv_key, $ciphertext, 'oaep', $hash_name, $lparam); # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest # $lparam (only for oaep) ..... DEFAULT is empty string
Generate RSA signature. See method "sign_message" below.
my $sig = rsa_sign_message($priv_key_filename, $message); #or my $sig = rsa_sign_message(\$buffer_containing_priv_key, $message); #or my $sig = rsa_sign_message($priv_key, $message, $hash_name); #or my $sig = rsa_sign_message($priv_key, $message, $hash_name, $padding); #or my $sig = rsa_sign_message($priv_key, $message, $hash_name, 'pss', $saltlen); # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest # $padding ................. 'pss' (DEFAULT) or 'v1.5' # $saltlen (only for pss) .. DEFAULT is 12
Verify RSA signature. See method "verify_message" below.
rsa_verify_message($pub_key_filename, $signature, $message) or die "ERROR"; #or rsa_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR"; #or rsa_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR"; #or rsa_verify_message($pub_key, $signature, $message, $hash_name, $padding) or die "ERROR"; #or rsa_verify_message($pub_key, $signature, $message, $hash_name, 'pss', $saltlen) or die "ERROR"; # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest # $padding ................. 'pss' (DEFAULT) or 'v1.5' # $saltlen (only for pss) .. DEFAULT is 12
Generate RSA signature. See method "sign_hash" below.
my $sig = rsa_sign_hash($priv_key_filename, $message_hash); #or my $sig = rsa_sign_hash(\$buffer_containing_priv_key, $message_hash); #or my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name); #or my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, $padding); #or my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, 'pss', $saltlen); # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest # $padding ................. 'pss' (DEFAULT) or 'v1.5' # $saltlen (only for pss) .. DEFAULT is 12
Verify RSA signature. See method "verify_hash" below.
rsa_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR"; #or rsa_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR"; #or rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name) or die "ERROR"; #or rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, $padding) or die "ERROR"; #or rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, 'pss', $saltlen) or die "ERROR"; # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest # $padding ................. 'pss' (DEFAULT) or 'v1.5' # $saltlen (only for pss) .. DEFAULT is 12
### let's have: # RSA private key in PEM format - rsakey.priv.pem # RSA public key in PEM format - rsakey.pub.pem # data file to be signed or encrypted - input.data
Create encrypted file (from commandline):
openssl rsautl -encrypt -inkey rsakey.pub.pem -pubin -out input.encrypted.rsa -in input.data
Decrypt file (Perl code):
use Crypt::PK::RSA; use File::Slurp 'read_file'; my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem"); my $encfile = read_file("input.encrypted.rsa", binmode=>':raw'); my $plaintext = $pkrsa->decrypt($encfile, 'v1.5'); print $plaintext;
Create encrypted file (Perl code):
use Crypt::PK::RSA; use File::Slurp 'write_file'; my $plaintext = 'secret message'; my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem"); my $encrypted = $pkrsa->encrypt($plaintext, 'v1.5'); write_file("input.encrypted.rsa", {binmode=>':raw'}, $encrypted);
Decrypt file (from commandline):
openssl rsautl -decrypt -inkey rsakey.priv.pem -in input.encrypted.rsa
Create signature (from commandline):
openssl dgst -sha1 -sign rsakey.priv.pem -out input.sha1-rsa.sig input.data
Verify signature (Perl code):
use Crypt::PK::RSA; use Crypt::Digest 'digest_file'; use File::Slurp 'read_file'; my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem"); my $signature = read_file("input.sha1-rsa.sig", binmode=>':raw'); my $valid = $pkrsa->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5"); print $valid ? "SUCCESS" : "FAILURE";
Create signature (Perl code):
use Crypt::PK::RSA; use Crypt::Digest 'digest_file'; use File::Slurp 'write_file'; my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem"); my $signature = $pkrsa->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5"); write_file("input.sha1-rsa.sig", {binmode=>':raw'}, $signature);
Verify signature (from commandline):
openssl dgst -sha1 -verify rsakey.pub.pem -signature input.sha1-rsa.sig input.data
Generate keys (Perl code):
use Crypt::PK::RSA; use File::Slurp 'write_file'; my $pkrsa = Crypt::PK::RSA->new; $pkrsa->generate_key(256, 65537); write_file("rsakey.pub.der", {binmode=>':raw'}, $pkrsa->export_key_der('public')); write_file("rsakey.priv.der", {binmode=>':raw'}, $pkrsa->export_key_der('private')); write_file("rsakey.pub.pem", $pkrsa->export_key_pem('public_x509')); write_file("rsakey.priv.pem", $pkrsa->export_key_pem('private')); write_file("rsakey-passwd.priv.pem", $pkrsa->export_key_pem('private', 'secret'));
Use keys by OpenSSL:
openssl rsa -in rsakey.priv.der -text -inform der openssl rsa -in rsakey.priv.pem -text openssl rsa -in rsakey-passwd.priv.pem -text -inform pem -passin pass:secret openssl rsa -in rsakey.pub.der -pubin -text -inform der openssl rsa -in rsakey.pub.pem -pubin -text
Generate keys:
openssl genrsa -out rsakey.priv.pem 1024 openssl rsa -in rsakey.priv.pem -out rsakey.priv.der -outform der openssl rsa -in rsakey.priv.pem -out rsakey.pub.pem -pubout openssl rsa -in rsakey.priv.pem -out rsakey.pub.der -outform der -pubout openssl rsa -in rsakey.priv.pem -passout pass:secret -des3 -out rsakey-passwd.priv.pem
Load keys (Perl code):
use Crypt::PK::RSA; use File::Slurp 'write_file'; my $pkrsa = Crypt::PK::RSA->new; $pkrsa->import_key("rsakey.pub.der"); $pkrsa->import_key("rsakey.priv.der"); $pkrsa->import_key("rsakey.pub.pem"); $pkrsa->import_key("rsakey.priv.pem"); $pkrsa->import_key("rsakey-passwd.priv.pem", "secret");
https://en.wikipedia.org/wiki/RSA_%28algorithm%29
To install CryptX, copy and paste the appropriate command in to your terminal.
cpanm
cpanm CryptX
CPAN shell
perl -MCPAN -e shell install CryptX
For more information on module installation, please visit the detailed CPAN module installation guide.