KevinSchoenmayer/GseTDDUebungKCLR
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
Riley Schneider
2025-12-03 16:38:10 +01:00
parent c5e26bf594
commit b732d8d4b5
17680 changed files with 5977495 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

482
database/perl/vendor/lib/Crypt/PK/DH.pm vendored Normal file
View File

@@ -0,0 +1,482 @@
package Crypt::PK::DH;
use strict;
use warnings;
our $VERSION = '0.069';
require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
our %EXPORT_TAGS = ( all => [qw( dh_shared_secret )] );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
our @EXPORT = qw();
use Carp;
use CryptX;
use Crypt::Digest 'digest_data';
use Crypt::Misc qw(read_rawfile pem_to_der);
my %DH_PARAMS = (
ike768 => { g => 2, p => 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1'.
'29024E088A67CC74020BBEA63B139B22514A08798E3404DD'.
'EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245'.
'E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF'
},
ike1024 => { g => 2, p => 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1'.
'29024E088A67CC74020BBEA63B139B22514A08798E3404DD'.
'EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245'.
'E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED'.
'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381'.
'FFFFFFFFFFFFFFFF'
},
ike1536 => { g => 2, p => 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1'.
'29024E088A67CC74020BBEA63B139B22514A08798E3404DD'.
'EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245'.
'E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED'.
'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D'.
'C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F'.
'83655D23DCA3AD961C62F356208552BB9ED529077096966D'.
'670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF'
},
ike2048 => { g => 2, p => 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1'.
'29024E088A67CC74020BBEA63B139B22514A08798E3404DD'.
'EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245'.
'E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED'.
'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D'.
'C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F'.
'83655D23DCA3AD961C62F356208552BB9ED529077096966D'.
'670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B'.
'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9'.
'DE2BCBF6955817183995497CEA956AE515D2261898FA0510'.
'15728E5A8AACAA68FFFFFFFFFFFFFFFF'
},
ike3072 => { g => 2, p => 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1'.
'29024E088A67CC74020BBEA63B139B22514A08798E3404DD'.
'EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245'.
'E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED'.
'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D'.
'C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F'.
'83655D23DCA3AD961C62F356208552BB9ED529077096966D'.
'670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B'.
'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9'.
'DE2BCBF6955817183995497CEA956AE515D2261898FA0510'.
'15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64'.
'ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7'.
'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B'.
'F12FFA06D98A0864D87602733EC86A64521F2B18177B200C'.
'BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31'.
'43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF'
},
ike4096 => { g => 2, p => 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1'.
'29024E088A67CC74020BBEA63B139B22514A08798E3404DD'.
'EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245'.
'E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED'.
'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D'.
'C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F'.
'83655D23DCA3AD961C62F356208552BB9ED529077096966D'.
'670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B'.
'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9'.
'DE2BCBF6955817183995497CEA956AE515D2261898FA0510'.
'15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64'.
'ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7'.
'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B'.
'F12FFA06D98A0864D87602733EC86A64521F2B18177B200C'.
'BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31'.
'43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7'.
'88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA'.
'2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6'.
'287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED'.
'1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9'.
'93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199'.
'FFFFFFFFFFFFFFFF'
},
ike6144 => { g => 2, p => 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1'.
'29024E088A67CC74020BBEA63B139B22514A08798E3404DD'.
'EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245'.
'E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED'.
'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D'.
'C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F'.
'83655D23DCA3AD961C62F356208552BB9ED529077096966D'.
'670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B'.
'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9'.
'DE2BCBF6955817183995497CEA956AE515D2261898FA0510'.
'15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64'.
'ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7'.
'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B'.
'F12FFA06D98A0864D87602733EC86A64521F2B18177B200C'.
'BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31'.
'43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7'.
'88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA'.
'2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6'.
'287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED'.
'1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9'.
'93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492'.
'36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD'.
'F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831'.
'179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B'.
'DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF'.
'5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6'.
'D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3'.
'23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA'.
'CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328'.
'06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C'.
'DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE'.
'12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF'
},
ike8192 => { g => 2, p => 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1'.
'29024E088A67CC74020BBEA63B139B22514A08798E3404DD'.
'EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245'.
'E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED'.
'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D'.
'C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F'.
'83655D23DCA3AD961C62F356208552BB9ED529077096966D'.
'670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B'.
'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9'.
'DE2BCBF6955817183995497CEA956AE515D2261898FA0510'.
'15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64'.
'ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7'.
'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B'.
'F12FFA06D98A0864D87602733EC86A64521F2B18177B200C'.
'BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31'.
'43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7'.
'88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA'.
'2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6'.
'287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED'.
'1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9'.
'93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492'.
'36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD'.
'F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831'.
'179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B'.
'DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF'.
'5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6'.
'D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3'.
'23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA'.
'CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328'.
'06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C'.
'DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE'.
'12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4'.
'38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300'.
'741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568'.
'3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9'.
'22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B'.
'4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A'.
'062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36'.
'4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1'.
'B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92'.
'4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47'.
'9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71'.
'60C980DD98EDD3DFFFFFFFFFFFFFFFFF'
}
);
sub new {
my $self = shift->_new();
return @_ > 0 ? $self->import_key(@_) : $self;
}
sub import_key {
my ($self, $key) = @_;
croak "FATAL: undefined key" unless $key;
my $data;
if (ref($key) eq 'SCALAR') {
$data = $$key;
}
elsif (-f $key) {
$data = read_rawfile($key);
}
else {
croak "FATAL: non-existing file '$key'";
}
croak "FATAL: invalid key format" unless $data;
return $self->_import($data);
}
sub import_key_raw {
my ($self, $raw_bytes, $type, $param) = @_;
my ($g, $p, $x, $y);
if (ref $param eq 'HASH') {
$g = $param->{g} or croak "FATAL: 'g' param not specified";
$p = $param->{p} or croak "FATAL: 'p' param not specified";
$g =~ s/^0x//;
$p =~ s/^0x//;
} elsif (my $dhparam = $DH_PARAMS{$param}) {
$g = $dhparam->{g};
$p = $dhparam->{p};
} else {
croak "FATAL: invalid parameter";
}
if ($type eq 'private') {
$type = 1;
} elsif ($type eq 'public') {
$type = 0;
} else {
croak "FATAL: invalid key type '$type'";
}
my $rv = $self->_import_raw($raw_bytes, $type, $g, $p);
return $rv;
}
sub generate_key {
my ($self, $param) = @_;
if (!ref $param) {
# group name
return $self->_generate_key_gp($DH_PARAMS{$param}{g}, $DH_PARAMS{$param}{p}) if $DH_PARAMS{$param};
# size
return $self->_generate_key_size($param) if $param && $param =~ /^[0-9]+/;
}
elsif (ref $param eq 'SCALAR') {
my $data = $$param;
$data = pem_to_der($data) if $data =~ /-----BEGIN DH PARAMETERS-----\s*(.+)\s*-----END DH PARAMETERS-----/s;
return $self->_generate_key_dhparam($data);
}
elsif (ref $param eq 'HASH') {
my $g = $param->{g} or croak "FATAL: 'g' param not specified";
my $p = $param->{p} or croak "FATAL: 'p' param not specified";
$g =~ s/^0x//;
$p =~ s/^0x//;
return $self->_generate_key_gp($g, $p);
}
croak "FATAL: DH generate_key - invalid args";
}
### FUNCTIONS
sub dh_shared_secret {
my ($privkey, $pubkey) = @_;
$privkey = __PACKAGE__->new($privkey) unless ref $privkey;
$pubkey = __PACKAGE__->new($pubkey) unless ref $pubkey;
carp "FATAL: invalid 'privkey' param" unless ref($privkey) eq __PACKAGE__ && $privkey->is_private;
carp "FATAL: invalid 'pubkey' param" unless ref($pubkey) eq __PACKAGE__;
return $privkey->shared_secret($pubkey);
}
sub CLONE_SKIP { 1 } # prevent cloning
### DEPRECATED functions/methods
sub encrypt { croak "Crypt::DH::encrypt is deprecated (removed in v0.049)" }
sub decrypt { croak "Crypt::DH::decrypt is deprecated (removed in v0.049)" }
sub sign_message { croak "Crypt::DH::sign_message is deprecated (removed in v0.049)" }
sub verify_message { croak "Crypt::DH::verify_message is deprecated (removed in v0.049)" }
sub sign_hash { croak "Crypt::DH::sign_hash is deprecated (removed in v0.049)" }
sub verify_hash { croak "Crypt::DH::verify_hash is deprecated (removed in v0.049)" }
sub dh_encrypt { croak "Crypt::DH::dh_encrypt is deprecated (removed in v0.049)" }
sub dh_decrypt { croak "Crypt::DH::dh_decrypt is deprecated (removed in v0.049)" }
sub dh_sign_message { croak "Crypt::DH::dh_sign_message is deprecated (removed in v0.049)" }
sub dh_verify_message { croak "Crypt::DH::dh_verify_message is deprecated (removed in v0.049)" }
sub dh_sign_hash { croak "Crypt::DH::dh_sign_hash is deprecated (removed in v0.049)" }
sub dh_verify_hash { croak "Crypt::DH::dh_verify_hash is deprecated (removed in v0.049)" }
1;
=pod
=head1 NAME
Crypt::PK::DH - Public key cryptography based on Diffie-Hellman
=head1 SYNOPSIS
### OO interface
#Shared secret
my $priv = Crypt::PK::DH->new('Alice_priv_dh1.key');
my $pub = Crypt::PK::DH->new('Bob_pub_dh1.key');
my $shared_secret = $priv->shared_secret($pub);
#Key generation
my $pk = Crypt::PK::DH->new();
$pk->generate_key(128);
my $private = $pk->export_key('private');
my $public = $pk->export_key('public');
or
my $pk = Crypt::PK::DH->new();
$pk->generate_key('ike2048');
my $private = $pk->export_key('private');
my $public = $pk->export_key('public');
or
my $pk = Crypt::PK::DH->new();
$pk->generate_key({ p => $p, g => $g });
my $private = $pk->export_key('private');
my $public = $pk->export_key('public');
### Functional interface
#Shared secret
my $shared_secret = dh_shared_secret('Alice_priv_dh1.key', 'Bob_pub_dh1.key');
=head1 METHODS
=head2 new
my $pk = Crypt::PK::DH->new();
#or
my $pk = Crypt::PK::DH->new($priv_or_pub_key_filename);
#or
my $pk = Crypt::PK::DH->new(\$buffer_containing_priv_or_pub_key);
=head2 generate_key
Uses Yarrow-based cryptographically strong random number generator seeded with
random data taken from C</dev/random> (UNIX) or C<CryptGenRandom> (Win32).
$pk->generate_key($groupsize);
### $groupsize (in bytes) corresponds to DH parameters (p, g) predefined by libtomcrypt
# 96 => DH-768
# 128 => DH-1024
# 192 => DH-1536
# 256 => DH-2048
# 384 => DH-3072
# 512 => DH-4096
# 768 => DH-6144
# 1024 => DH-8192
The following variants are available since CryptX-0.032
$pk->generate_key($groupname)
### $groupname corresponds to values defined in RFC7296 and RFC3526
# 'ike768' => 768-bit MODP (Group 1)
# 'ike1024' => 1024-bit MODP (Group 2)
# 'ike1536' => 1536-bit MODP (Group 5)
# 'ike2048' => 2048-bit MODP (Group 14)
# 'ike3072' => 3072-bit MODP (Group 15)
# 'ike4096' => 4096-bit MODP (Group 16)
# 'ike6144' => 6144-bit MODP (Group 17)
# 'ike8192' => 8192-bit MODP (Group 18)
$pk->generate_key($param_hash)
# $param_hash is { g => $g, p => $p }
# where $g is the generator (base) in a hex string and $p is the prime in a hex string
$pk->generate_key(\$dh_param)
# $dh_param is the content of DER or PEM file with DH parameters
# e.g. openssl dhparam 2048
=head2 import_key
Loads private or public key (exported by L</export_key>).
$pk->import_key($filename);
#or
$pk->import_key(\$buffer_containing_key);
=head2 import_key_raw
I<Since: CryptX-0.032>
$pk->import_key_raw($raw_bytes, $type, $params)
### $raw_bytes is a binary string containing the key
### $type is either 'private' or 'public'
### $param is either a name ('ike2038') or hash containing the p,g values { g=>$g, p=>$p }
### in hex strings
=head2 export_key
B<BEWARE:> DH key format change - since v0.049 it is compatible with libtomcrypt 1.18.
my $private = $pk->export_key('private');
#or
my $public = $pk->export_key('public');
=head2 export_key_raw
I<Since: CryptX-0.032>
$raw_bytes = $dh->export_key_raw('public')
#or
$raw_bytes = $dh->export_key_raw('private')
=head2 shared_secret
# Alice having her priv key $pk and Bob's public key $pkb
my $pk = Crypt::PK::DH->new($priv_key_filename);
my $pkb = Crypt::PK::DH->new($pub_key_filename);
my $shared_secret = $pk->shared_secret($pkb);
# Bob having his priv key $pk and Alice's public key $pka
my $pk = Crypt::PK::DH->new($priv_key_filename);
my $pka = Crypt::PK::DH->new($pub_key_filename);
my $shared_secret = $pk->shared_secret($pka); # same value as computed by Alice
=head2 is_private
my $rv = $pk->is_private;
# 1 .. private key loaded
# 0 .. public key loaded
# undef .. no key loaded
=head2 size
my $size = $pk->size;
# returns key size in bytes or undef if no key loaded
=head2 key2hash
my $hash = $pk->key2hash;
# returns hash like this (or undef if no key loaded):
{
type => 0, # integer: 1 .. private, 0 .. public
size => 256, # integer: key size in bytes
x => "FBC1062F73B9A17BB8473A2F5A074911FA7F20D28FB...", #private key
y => "AB9AAA40774D3CD476B52F82E7EE2D8A8D40CD88BF4...", #public key
g => "2", # generator/base
p => "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80D...", # prime
}
=head2 params2hash
I<Since: CryptX-0.032>
my $params = $pk->params2hash;
# returns hash like this (or undef if no key loaded):
{
g => "2", # generator/base
p => "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80D...", # prime
}
=head1 FUNCTIONS
=head2 dh_shared_secret
DH based shared secret generation. See method L</shared_secret> below.
#on Alice side
my $shared_secret = dh_shared_secret('Alice_priv_dh1.key', 'Bob_pub_dh1.key');
#on Bob side
my $shared_secret = dh_shared_secret('Bob_priv_dh1.key', 'Alice_pub_dh1.key');
=head1 DEPRECATED INTERFACE
The following functions/methods were removed in removed in v0.049:
encrypt
decrypt
sign_message
verify_message
sign_hash
verify_hash
dh_encrypt
dh_decrypt
dh_sign_message
dh_verify_message
dh_sign_hash
dh_verify_hash
=head1 SEE ALSO
=over
=item * L<https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange|https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange>
=back
=cut

612
database/perl/vendor/lib/Crypt/PK/DSA.pm vendored Normal file
View File

@@ -0,0 +1,612 @@
package Crypt::PK::DSA;
use strict;
use warnings;
our $VERSION = '0.069';
require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
our %EXPORT_TAGS = ( all => [qw( dsa_encrypt dsa_decrypt dsa_sign_message dsa_verify_message dsa_sign_hash dsa_verify_hash )] );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
our @EXPORT = qw();
use Carp;
$Carp::Internal{(__PACKAGE__)}++;
use CryptX;
use Crypt::Digest 'digest_data';
use Crypt::Misc qw(read_rawfile encode_b64u decode_b64u encode_b64 decode_b64 pem_to_der der_to_pem);
use Crypt::PK;
sub new {
my $self = shift->_new();
return @_ > 0 ? $self->import_key(@_) : $self;
}
sub generate_key {
my $self = shift;
return $self->_generate_key_size(@_) if @_ == 2;
if (@_ == 1 && ref $_[0] eq 'HASH') {
my $param = shift;
my $p = $param->{p} or croak "FATAL: 'p' param not specified";
my $q = $param->{q} or croak "FATAL: 'q' param not specified";
my $g = $param->{g} or croak "FATAL: 'g' param not specified";
$p =~ s/^0x//;
$q =~ s/^0x//;
$g =~ s/^0x//;
return $self->_generate_key_pqg_hex($p, $q, $g);
}
elsif (@_ == 1 && ref $_[0] eq 'SCALAR') {
my $data = ${$_[0]};
$data = pem_to_der($data) if $data =~ /-----BEGIN DSA PARAMETERS-----\s*(.+)\s*-----END DSA PARAMETERS-----/s;
return $self->_generate_key_dsaparam($data);
}
croak "FATAL: DSA generate_key - invalid args";
}
sub export_key_pem {
my ($self, $type, $password, $cipher) = @_;
my $key = $self->export_key_der($type||'');
return unless $key;
return der_to_pem($key, "DSA PRIVATE KEY", $password, $cipher) if $type eq 'private';
return der_to_pem($key, "DSA PUBLIC KEY") if $type eq 'public';
return der_to_pem($key, "PUBLIC KEY") if $type eq 'public_x509';
}
sub import_key {
my ($self, $key, $password) = @_;
croak "FATAL: undefined key" unless $key;
# special case
if (ref($key) eq 'HASH') {
if ($key->{p} && $key->{q} && $key->{g} && $key->{y}) {
# hash exported via key2hash
return $self->_import_hex($key->{p}, $key->{q}, $key->{g}, $key->{x}, $key->{y});
}
}
my $data;
if (ref($key) eq 'SCALAR') {
$data = $$key;
}
elsif (-f $key) {
$data = read_rawfile($key);
}
else {
croak "FATAL: non-existing file '$key'";
}
croak "FATAL: invalid key data" unless $data;
if ($data =~ /-----BEGIN (DSA PRIVATE|DSA PUBLIC|PRIVATE|PUBLIC) KEY-----(.*?)-----END/sg) {
$data = pem_to_der($data, $password);
return $self->_import($data);
}
elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) {
$data = pem_to_der($data);
my ($typ, $p, $q, $g, $y) = Crypt::PK::_ssh_parse($data);
return $self->_import_hex(unpack('H*',$p), unpack('H*',$q), unpack('H*',$g), undef, unpack('H*',$y)) if $typ && $p && $q && $g && $y && $typ eq 'ssh-dss';
}
elsif ($data =~ /ssh-dss\s+(\S+)/) {
$data = decode_b64("$1");
my ($typ, $p, $q, $g, $y) = Crypt::PK::_ssh_parse($data);
return $self->_import_hex(unpack('H*',$p), unpack('H*',$q), unpack('H*',$g), undef, unpack('H*',$y)) if $typ && $p && $q && $g && $y && $typ eq 'ssh-dss';
}
else {
return $self->_import($data);
}
croak "FATAL: invalid or unsupported DSA key format";
}
### FUNCTIONS
sub dsa_encrypt {
my $key = shift;
local $SIG{__DIE__} = \&CryptX::_croak;
$key = __PACKAGE__->new($key) unless ref $key;
carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
return $key->encrypt(@_);
}
sub dsa_decrypt {
my $key = shift;
local $SIG{__DIE__} = \&CryptX::_croak;
$key = __PACKAGE__->new($key) unless ref $key;
carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
return $key->decrypt(@_);
}
sub dsa_sign_message {
my $key = shift;
local $SIG{__DIE__} = \&CryptX::_croak;
$key = __PACKAGE__->new($key) unless ref $key;
carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
return $key->sign_message(@_);
}
sub dsa_verify_message {
my $key = shift;
local $SIG{__DIE__} = \&CryptX::_croak;
$key = __PACKAGE__->new($key) unless ref $key;
carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
return $key->verify_message(@_);
}
sub dsa_sign_hash {
my $key = shift;
local $SIG{__DIE__} = \&CryptX::_croak;
$key = __PACKAGE__->new($key) unless ref $key;
carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
return $key->sign_hash(@_);
}
sub dsa_verify_hash {
my $key = shift;
local $SIG{__DIE__} = \&CryptX::_croak;
$key = __PACKAGE__->new($key) unless ref $key;
carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
return $key->verify_hash(@_);
}
sub CLONE_SKIP { 1 } # prevent cloning
1;
=pod
=head1 NAME
Crypt::PK::DSA - Public key cryptography based on DSA
=head1 SYNOPSIS
### OO interface
#Encryption: Alice
my $pub = Crypt::PK::DSA->new('Bob_pub_dsa1.der');
my $ct = $pub->encrypt("secret message");
#
#Encryption: Bob (received ciphertext $ct)
my $priv = Crypt::PK::DSA->new('Bob_priv_dsa1.der');
my $pt = $priv->decrypt($ct);
#Signature: Alice
my $priv = Crypt::PK::DSA->new('Alice_priv_dsa1.der');
my $sig = $priv->sign_message($message);
#
#Signature: Bob (received $message + $sig)
my $pub = Crypt::PK::DSA->new('Alice_pub_dsa1.der');
$pub->verify_message($sig, $message) or die "ERROR";
#Key generation
my $pk = Crypt::PK::DSA->new();
$pk->generate_key(30, 256);
my $private_der = $pk->export_key_der('private');
my $public_der = $pk->export_key_der('public');
my $private_pem = $pk->export_key_pem('private');
my $public_pem = $pk->export_key_pem('public');
### Functional interface
#Encryption: Alice
my $ct = dsa_encrypt('Bob_pub_dsa1.der', "secret message");
#Encryption: Bob (received ciphertext $ct)
my $pt = dsa_decrypt('Bob_priv_dsa1.der', $ct);
#Signature: Alice
my $sig = dsa_sign_message('Alice_priv_dsa1.der', $message);
#Signature: Bob (received $message + $sig)
dsa_verify_message('Alice_pub_dsa1.der', $sig, $message) or die "ERROR";
=head1 METHODS
=head2 new
my $pk = Crypt::PK::DSA->new();
#or
my $pk = Crypt::PK::DSA->new($priv_or_pub_key_filename);
#or
my $pk = Crypt::PK::DSA->new(\$buffer_containing_priv_or_pub_key);
Support for password protected PEM keys
my $pk = Crypt::PK::DSA->new($priv_pem_key_filename, $password);
#or
my $pk = Crypt::PK::DSA->new(\$buffer_containing_priv_pem_key, $password);
=head2 generate_key
Uses Yarrow-based cryptographically strong random number generator seeded with
random data taken from C</dev/random> (UNIX) or C<CryptGenRandom> (Win32).
$pk->generate_key($group_size, $modulus_size);
# $group_size ... in bytes .. 15 < $group_size < 1024
# $modulus_size .. in bytes .. ($modulus_size - $group_size) < 512
### Bits of Security according to libtomcrypt documentation
# 80 bits => generate_key(20, 128)
# 120 bits => generate_key(30, 256)
# 140 bits => generate_key(35, 384)
# 160 bits => generate_key(40, 512)
### Sizes according section 4.2 of FIPS 186-4
# (L and N are the bit lengths of p and q respectively)
# L = 1024, N = 160 => generate_key(20, 128)
# L = 2048, N = 224 => generate_key(28, 256)
# L = 2048, N = 256 => generate_key(32, 256)
# L = 3072, N = 256 => generate_key(32, 384)
$pk->generate_key($param_hash)
# $param_hash is { d => $d, p => $p, q => $q }
# where $d, $p, $q are hex strings
$pk->generate_key(\$dsa_param)
# $dsa_param is the content of DER or PEM file with DSA params
# e.g. openssl dsaparam 2048
=head2 import_key
Loads private or public key in DER or PEM format.
$pk->import_key($filename);
#or
$pk->import_key(\$buffer_containing_key);
Support for password protected PEM keys
$pk->import_key($pem_filename, $password);
#or
$pk->import_key(\$buffer_containing_pem_key, $password);
Loading private or public keys form perl hash:
$pk->import_key($hashref);
# where $hashref is a key exported via key2hash
$pk->import_key({
p => "AAF839A764E04D80824B79FA1F0496C093...", #prime modulus
q => "D05C4CB45F29D353442F1FEC43A6BE2BE8...", #prime divisor
g => "847E8896D12C9BF18FE283AE7AD58ED7F3...", #generator of a subgroup of order q in GF(p)
x => "6C801901AC74E2DC714D75A9F6969483CF...", #private key, random 0 < x < q
y => "8F7604D77FA62C7539562458A63C7611B7...", #public key, where y = g^x mod p
});
Supported key formats:
=over
=item * DSA public keys
-----BEGIN PUBLIC KEY-----
MIIBtjCCASsGByqGSM44BAEwggEeAoGBAJKyu+puNMGLpGIhbD1IatnwlI79ePr4
YHe2KBhRkheKxWUZRpN1Vd/+usS2IHSJ9op5cSWETiP05d7PMtJaitklw7jhudq3
GxNvV/GRdCQm3H6d76FHP88dms4vcDYc6ry6wKERGfNEtZ+4BAKrMZK+gDYsF4Aw
U6WVR969kYZhAhUA6w25FgSRmJ8W4XkvC60n8Wv3DpMCgYA4ZFE+3tLOM24PZj9Z
rxuqUzZZdR+kIzrsIYpWN9ustbmdKLKwsqIaUIxc5zxHEhbAjAIf8toPD+VEQIpY
7vgJgDhXuPq45BgN19iLTzOJwIhAFXPZvnAdIo9D/AnMw688gT6g6U8QCZwX2XYg
ICiVcriYVNcjVKHSFY/X0Oi7CgOBhAACgYB4ZTn4OYT/pjUd6tNhGPtOS3CE1oaj
5ScbetXg4ZDpceEyQi8VG+/ZTbs8var8X77JdEdeQA686cAxpOaVgW8V4odvcmfA
BfueiGnPXjqGfppiHAyL1Ngyd+EsXKmKVXZYAVFVI0WuJKiZBSVURU7+ByxOfpGa
fZhibr0SggWixQ==
-----END PUBLIC KEY-----
=item * DSA private keys
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQCSsrvqbjTBi6RiIWw9SGrZ8JSO/Xj6+GB3tigYUZIXisVlGUaT
dVXf/rrEtiB0ifaKeXElhE4j9OXezzLSWorZJcO44bnatxsTb1fxkXQkJtx+ne+h
Rz/PHZrOL3A2HOq8usChERnzRLWfuAQCqzGSvoA2LBeAMFOllUfevZGGYQIVAOsN
uRYEkZifFuF5LwutJ/Fr9w6TAoGAOGRRPt7SzjNuD2Y/Wa8bqlM2WXUfpCM67CGK
VjfbrLW5nSiysLKiGlCMXOc8RxIWwIwCH/LaDw/lRECKWO74CYA4V7j6uOQYDdfY
i08zicCIQBVz2b5wHSKPQ/wJzMOvPIE+oOlPEAmcF9l2ICAolXK4mFTXI1Sh0hWP
19DouwoCgYB4ZTn4OYT/pjUd6tNhGPtOS3CE1oaj5ScbetXg4ZDpceEyQi8VG+/Z
Tbs8var8X77JdEdeQA686cAxpOaVgW8V4odvcmfABfueiGnPXjqGfppiHAyL1Ngy
d+EsXKmKVXZYAVFVI0WuJKiZBSVURU7+ByxOfpGafZhibr0SggWixQIVAL7Sia03
8bvANjjL9Sitk8slrM6P
-----END DSA PRIVATE KEY-----
=item * DSA private keys in password protected PEM format:
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,227ADC3AA0299491
UISxBYAxPQMl2eK9LMAeHsssF6IxO+4G2ta2Jn8VE+boJrrH3iSTKeMXGjGaXl0z
DwcLGV+KMR70y+cxtTb34rFy+uSpBy10dOQJhxALDbe1XfCDQIUfaXRfMNA3um2I
JdZixUD/zcxBOUzao+MCr0V9XlJDgqBhJ5EEr53XHH07Eo5fhiBfbbR9NzdUPFrQ
p2ASyZtFh7RXoIBUCQgg21oeLddcNWV7gd/Y46kghO9s0JbJ8C+IsuWEPRSq502h
tSoDN6B0sxbVvOUICLLbQaxt7yduTAhRxVIJZ1PWATTVD7CZBVz9uIDZ7LOv+er2
1q3vkwb8E9spPsA240+BnfD571XEop4jrawxC0VKQZ+3cPVLc6jhIsxvzzFQUt67
g66v8GUgt7KF3KhVV7qEtntybQWDWb+K/uTIH9Ra8nP820d3Rnl61pPXDPlluteT
WSLOvEMN2zRmkaxQNv/tLdT0SYpQtdjw74G3A6T7+KnvinKrjtp1a/AXkCF9hNEx
DGbxOYo1UOmk8qdxWCrab34nO+Q8oQc9wjXHG+ZtRYIMoGMKREK8DeL4H1RPNkMf
rwXWk8scd8QFmJAb8De1VQ==
-----END DSA PRIVATE KEY-----
=item * SSH public DSA keys
ssh-dss AAAAB3NzaC1kc3MAAACBAKU8/avmk...4XOwuEssAVhmwA==
=item * SSH public DSA keys (RFC-4716 format)
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "1024-bit DSA, converted from OpenSSH"
AAAAB3NzaC1kc3MAAACBAKU8/avmkFeGnSqwYG7dZnQlG+01QNaxu3F5v0NcL/SRUW7Idp
Uq8t14siK0mA6yjphLhOf5t8gugTEVBllP86ANSbFigH7WN3v6ydJWqm60pNhNHN//50cn
NtIsXbxeq3VtsI64pkH1OJqeZDHLmu73k4T0EKOzsylSfF/wtVBJAAAAFQChpubLHViwPB
+jSvUb8e4THS7PBQAAAIAJD1PMCiTCQa1xyD/NCWOajCufTOIzKAhm6l+nlBVPiKI+262X
pYt127Ke4mPL8XJBizoTjSQN08uHMg/8L6W/cdO2aZ+mhkBnS1xAm83DAwqLrDraR1w/4Q
RFxr5Vbyy8qnejrPjTJobBN1BGsv84wHkjmoCn6pFIfkGYeATlJgAAAIAHYPU1zMVBTDWr
u7SNC4G2UyWGWYYLjLytBVHfQmBa51CmqrSs2kCfGLGA1ynfYENsxcJq9nsXrb4i17H5BH
JFkH0g7BUDpeBeLr8gsK3WgfqWwtZsDkltObw9chUD/siK6q/dk/fSIB2Ho0inev7k68Z5
ZkNI4XOwuEssAVhmwA==
---- END SSH2 PUBLIC KEY ----
=back
=head2 export_key_der
my $private_der = $pk->export_key_der('private');
#or
my $public_der = $pk->export_key_der('public');
=head2 export_key_pem
my $private_pem = $pk->export_key_pem('private');
#or
my $public_pem = $pk->export_key_pem('public');
#or
my $public_pem = $pk->export_key_pem('public_x509');
With parameter C<'public'> uses header and footer lines:
-----BEGIN DSA PUBLIC KEY------
-----END DSA PUBLIC KEY------
With parameter C<'public_x509'> uses header and footer lines:
-----BEGIN PUBLIC KEY------
-----END PUBLIC KEY------
Support for password protected PEM keys
my $private_pem = $pk->export_key_pem('private', $password);
#or
my $private_pem = $pk->export_key_pem('private', $password, $cipher);
# supported ciphers: 'DES-CBC'
# 'DES-EDE3-CBC'
# 'SEED-CBC'
# 'CAMELLIA-128-CBC'
# 'CAMELLIA-192-CBC'
# 'CAMELLIA-256-CBC'
# 'AES-128-CBC'
# 'AES-192-CBC'
# 'AES-256-CBC' (DEFAULT)
=head2 encrypt
my $pk = Crypt::PK::DSA->new($pub_key_filename);
my $ct = $pk->encrypt($message);
#or
my $ct = $pk->encrypt($message, $hash_name);
#NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
=head2 decrypt
my $pk = Crypt::PK::DSA->new($priv_key_filename);
my $pt = $pk->decrypt($ciphertext);
=head2 sign_message
my $pk = Crypt::PK::DSA->new($priv_key_filename);
my $signature = $priv->sign_message($message);
#or
my $signature = $priv->sign_message($message, $hash_name);
#NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
=head2 verify_message
my $pk = Crypt::PK::DSA->new($pub_key_filename);
my $valid = $pub->verify_message($signature, $message)
#or
my $valid = $pub->verify_message($signature, $message, $hash_name);
#NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
=head2 sign_hash
my $pk = Crypt::PK::DSA->new($priv_key_filename);
my $signature = $priv->sign_hash($message_hash);
=head2 verify_hash
my $pk = Crypt::PK::DSA->new($pub_key_filename);
my $valid = $pub->verify_hash($signature, $message_hash);
=head2 is_private
my $rv = $pk->is_private;
# 1 .. private key loaded
# 0 .. public key loaded
# undef .. no key loaded
=head2 size
my $size = $pk->size;
# returns key size (length of the prime p) in bytes or undef if key not loaded
=head2 size_q
my $size = $pk->size_q;
# returns length of the prime q in bytes or undef if key not loaded
=head2 key2hash
my $hash = $pk->key2hash;
# returns hash like this (or undef if no key loaded):
{
type => 1, # integer: 1 .. private, 0 .. public
size => 256, # integer: key size in bytes
# all the rest are hex strings
p => "AAF839A764E04D80824B79FA1F0496C093...", #prime modulus
q => "D05C4CB45F29D353442F1FEC43A6BE2BE8...", #prime divisor
g => "847E8896D12C9BF18FE283AE7AD58ED7F3...", #generator of a subgroup of order q in GF(p)
x => "6C801901AC74E2DC714D75A9F6969483CF...", #private key, random 0 < x < q
y => "8F7604D77FA62C7539562458A63C7611B7...", #public key, where y = g^x mod p
}
=head1 FUNCTIONS
=head2 dsa_encrypt
DSA based encryption as implemented by libtomcrypt. See method L</encrypt> below.
my $ct = dsa_encrypt($pub_key_filename, $message);
#or
my $ct = dsa_encrypt(\$buffer_containing_pub_key, $message);
#or
my $ct = dsa_encrypt($pub_key_filename, $message, $hash_name);
#NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
Encryption works similar to the L<Crypt::PK::ECC> encryption whereas shared DSA key is computed, and
the hash of the shared key XOR'ed against the plaintext forms the ciphertext.
=head2 dsa_decrypt
DSA based decryption as implemented by libtomcrypt. See method L</decrypt> below.
my $pt = dsa_decrypt($priv_key_filename, $ciphertext);
#or
my $pt = dsa_decrypt(\$buffer_containing_priv_key, $ciphertext);
=head2 dsa_sign_message
Generate DSA signature. See method L</sign_message> below.
my $sig = dsa_sign_message($priv_key_filename, $message);
#or
my $sig = dsa_sign_message(\$buffer_containing_priv_key, $message);
#or
my $sig = dsa_sign_message($priv_key, $message, $hash_name);
=head2 dsa_verify_message
Verify DSA signature. See method L</verify_message> below.
dsa_verify_message($pub_key_filename, $signature, $message) or die "ERROR";
#or
dsa_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR";
#or
dsa_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";
=head2 dsa_sign_hash
Generate DSA signature. See method L</sign_hash> below.
my $sig = dsa_sign_hash($priv_key_filename, $message_hash);
#or
my $sig = dsa_sign_hash(\$buffer_containing_priv_key, $message_hash);
=head2 dsa_verify_hash
Verify DSA signature. See method L</verify_hash> below.
dsa_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR";
#or
dsa_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";
=head1 OpenSSL interoperability
### let's have:
# DSA private key in PEM format - dsakey.priv.pem
# DSA public key in PEM format - dsakey.pub.pem
# data file to be signed - input.data
=head2 Sign by OpenSSL, verify by Crypt::PK::DSA
Create signature (from commandline):
openssl dgst -sha1 -sign dsakey.priv.pem -out input.sha1-dsa.sig input.data
Verify signature (Perl code):
use Crypt::PK::DSA;
use Crypt::Digest 'digest_file';
use Crypt::Misc 'read_rawfile';
my $pkdsa = Crypt::PK::DSA->new("dsakey.pub.pem");
my $signature = read_rawfile("input.sha1-dsa.sig");
my $valid = $pkdsa->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5");
print $valid ? "SUCCESS" : "FAILURE";
=head2 Sign by Crypt::PK::DSA, verify by OpenSSL
Create signature (Perl code):
use Crypt::PK::DSA;
use Crypt::Digest 'digest_file';
use Crypt::Misc 'write_rawfile';
my $pkdsa = Crypt::PK::DSA->new("dsakey.priv.pem");
my $signature = $pkdsa->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5");
write_rawfile("input.sha1-dsa.sig", $signature);
Verify signature (from commandline):
openssl dgst -sha1 -verify dsakey.pub.pem -signature input.sha1-dsa.sig input.data
=head2 Keys generated by Crypt::PK::DSA
Generate keys (Perl code):
use Crypt::PK::DSA;
use Crypt::Misc 'write_rawfile';
my $pkdsa = Crypt::PK::DSA->new;
$pkdsa->generate_key(20, 128);
write_rawfile("dsakey.pub.der", $pkdsa->export_key_der('public'));
write_rawfile("dsakey.priv.der", $pkdsa->export_key_der('private'));
write_rawfile("dsakey.pub.pem", $pkdsa->export_key_pem('public_x509'));
write_rawfile("dsakey.priv.pem", $pkdsa->export_key_pem('private'));
write_rawfile("dsakey-passwd.priv.pem", $pkdsa->export_key_pem('private', 'secret'));
Use keys by OpenSSL:
openssl dsa -in dsakey.priv.der -text -inform der
openssl dsa -in dsakey.priv.pem -text
openssl dsa -in dsakey-passwd.priv.pem -text -inform pem -passin pass:secret
openssl dsa -in dsakey.pub.der -pubin -text -inform der
openssl dsa -in dsakey.pub.pem -pubin -text
=head2 Keys generated by OpenSSL
Generate keys:
openssl dsaparam -genkey -out dsakey.priv.pem 1024
openssl dsa -in dsakey.priv.pem -out dsakey.priv.der -outform der
openssl dsa -in dsakey.priv.pem -out dsakey.pub.pem -pubout
openssl dsa -in dsakey.priv.pem -out dsakey.pub.der -outform der -pubout
openssl dsa -in dsakey.priv.pem -passout pass:secret -des3 -out dsakey-passwd.priv.pem
Load keys (Perl code):
use Crypt::PK::DSA;
my $pkdsa = Crypt::PK::DSA->new;
$pkdsa->import_key("dsakey.pub.der");
$pkdsa->import_key("dsakey.priv.der");
$pkdsa->import_key("dsakey.pub.pem");
$pkdsa->import_key("dsakey.priv.pem");
$pkdsa->import_key("dsakey-passwd.priv.pem", "secret");
=head1 SEE ALSO
=over
=item * L<https://en.wikipedia.org/wiki/Digital_Signature_Algorithm|https://en.wikipedia.org/wiki/Digital_Signature_Algorithm>
=back
=cut

1120
database/perl/vendor/lib/Crypt/PK/ECC.pm vendored Normal file
View File

File diff suppressed because it is too large Load Diff

435
database/perl/vendor/lib/Crypt/PK/Ed25519.pm vendored Normal file
View File

@@ -0,0 +1,435 @@
package Crypt::PK::Ed25519;
use strict;
use warnings;
our $VERSION = '0.069';
require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
our %EXPORT_TAGS = ( all => [qw( )] );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
our @EXPORT = qw();
use Carp;
$Carp::Internal{(__PACKAGE__)}++;
use CryptX;
use Crypt::PK;
use Crypt::Misc qw(read_rawfile encode_b64u decode_b64u encode_b64 decode_b64 pem_to_der der_to_pem);
sub new {
my $self = shift->_new();
return @_ > 0 ? $self->import_key(@_) : $self;
}
sub import_key_raw {
my ($self, $key, $type) = @_;
croak "FATAL: undefined key" unless $key;
croak "FATAL: invalid key" unless length($key) == 32;
croak "FATAL: undefined type" unless $type;
return $self->_import_raw($key, 1) if $type eq 'private';
return $self->_import_raw($key, 0) if $type eq 'public';
croak "FATAL: invalid key type '$type'";
}
sub import_key {
my ($self, $key, $password) = @_;
local $SIG{__DIE__} = \&CryptX::_croak;
croak "FATAL: undefined key" unless $key;
# special case
if (ref($key) eq 'HASH') {
if ($key->{kty} && $key->{kty} eq "OKP" && $key->{crv} && $key->{crv} eq 'Ed25519') {
# JWK-like structure e.g.
# {"kty":"OKP","crv":"Ed25519","d":"...","x":"..."}
return $self->_import_raw(decode_b64u($key->{d}), 1) if $key->{d}; # private
return $self->_import_raw(decode_b64u($key->{x}), 0) if $key->{x}; # public
}
if ($key->{curve} && $key->{curve} eq "ed25519" && ($key->{priv} || $key->{pub})) {
# hash exported via key2hash
return $self->_import_raw(pack("H*", $key->{priv}), 1) if $key->{priv};
return $self->_import_raw(pack("H*", $key->{pub}), 0) if $key->{pub};
}
croak "FATAL: unexpected Ed25519 key hash";
}
my $data;
if (ref($key) eq 'SCALAR') {
$data = $$key;
}
elsif (-f $key) {
$data = read_rawfile($key);
}
else {
croak "FATAL: non-existing file '$key'";
}
croak "FATAL: invalid key data" unless $data;
if ($data =~ /-----BEGIN PUBLIC KEY-----(.*?)-----END/sg) {
$data = pem_to_der($data, $password);
return $self->_import($data);
}
elsif ($data =~ /-----BEGIN PRIVATE KEY-----(.*?)-----END/sg) {
$data = pem_to_der($data, $password);
return $self->_import_pkcs8($data, $password);
}
elsif ($data =~ /-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END/sg) {
$data = pem_to_der($data, $password);
return $self->_import_pkcs8($data, $password);
}
elsif ($data =~ /-----BEGIN ED25519 PRIVATE KEY-----(.*?)-----END/sg) {
$data = pem_to_der($data, $password);
return $self->_import_pkcs8($data, $password);
}
elsif ($data =~ /^\s*(\{.*?\})\s*$/s) { # JSON
my $h = CryptX::_decode_json("$1");
if ($h->{kty} && $h->{kty} eq "OKP" && $h->{crv} && $h->{crv} eq 'Ed25519') {
return $self->_import_raw(decode_b64u($h->{d}), 1) if $h->{d}; # private
return $self->_import_raw(decode_b64u($h->{x}), 0) if $h->{x}; # public
}
}
elsif ($data =~ /-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----/sg) {
$data = pem_to_der($data);
return $self->_import_x509($data);
}
elsif ($data =~ /-----BEGIN OPENSSH PRIVATE KEY-----(.*?)-----END/sg) {
#XXX-FIXME-TODO
# https://crypto.stackexchange.com/questions/71789/openssh-ed2215-private-key-format
# https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD
croak "FATAL: OPENSSH PRIVATE KEY not supported";
}
elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) {
$data = pem_to_der($data);
my ($typ, $pubkey) = Crypt::PK::_ssh_parse($data);
return $self->_import_raw($pubkey, 0) if $typ eq 'ssh-ed25519' && length($pubkey) == 32;
}
elsif ($data =~ /(ssh-ed25519)\s+(\S+)/) {
$data = decode_b64("$2");
my ($typ, $pubkey) = Crypt::PK::_ssh_parse($data);
return $self->_import_raw($pubkey, 0) if $typ eq 'ssh-ed25519' && length($pubkey) == 32;
}
elsif (length($data) == 32) {
croak "FATAL: use import_key_raw() to load raw (32 bytes) Ed25519 key";
}
else {
my $rv = eval { $self->_import($data) } ||
eval { $self->_import_pkcs8($data, $password) } ||
eval { $self->_import_x509($data) };
return $rv if $rv;
}
croak "FATAL: invalid or unsupported Ed25519 key format";
}
sub export_key_pem {
my ($self, $type, $password, $cipher) = @_;
local $SIG{__DIE__} = \&CryptX::_croak;
my $key = $self->export_key_der($type||'');
return unless $key;
return der_to_pem($key, "ED25519 PRIVATE KEY", $password, $cipher) if substr($type, 0, 7) eq 'private';
return der_to_pem($key, "PUBLIC KEY") if substr($type,0, 6) eq 'public';
}
sub export_key_jwk {
my ($self, $type, $wanthash) = @_;
local $SIG{__DIE__} = \&CryptX::_croak;
my $kh = $self->key2hash;
return unless $kh;
my $hash = { kty => "OKP", crv => "Ed25519" };
$hash->{x} = encode_b64u(pack("H*", $kh->{pub}));
$hash->{d} = encode_b64u(pack("H*", $kh->{priv})) if $type && $type eq 'private' && $kh->{priv};
return $wanthash ? $hash : CryptX::_encode_json($hash);
}
sub CLONE_SKIP { 1 } # prevent cloning
1;
=pod
=head1 NAME
Crypt::PK::Ed25519 - Digital signature based on Ed25519
=head1 SYNOPSIS
use Crypt::PK::Ed25519;
#Signature: Alice
my $priv = Crypt::PK::Ed25519->new('Alice_priv_ed25519.der');
my $sig = $priv->sign_message($message);
#Signature: Bob (received $message + $sig)
my $pub = Crypt::PK::Ed25519->new('Alice_pub_ed25519.der');
$pub->verify_message($sig, $message) or die "ERROR";
#Load key
my $pk = Crypt::PK::Ed25519->new;
my $pk_hex = "A05D1AEA5830AC9A65CDFB384660D497E3697C46B419CF2CEC85DE8BD245459D";
$pk->import_key_raw(pack("H*", $pk_hex), "public");
my $sk = Crypt::PK::Ed25519->new;
my $sk_hex = "45C109BA6FD24E8B67D23EFB6B92D99CD457E2137172C0D749FE2B5A0C142DAD";
$sk->import_key_raw(pack("H*", $sk_hex), "private");
#Key generation
my $pk = Crypt::PK::Ed25519->new->generate_key;
my $private_der = $pk->export_key_der('private');
my $public_der = $pk->export_key_der('public');
my $private_pem = $pk->export_key_pem('private');
my $public_pem = $pk->export_key_pem('public');
my $private_raw = $pk->export_key_raw('private');
my $public_raw = $pk->export_key_raw('public');
my $private_jwk = $pk->export_key_jwk('private');
my $public_jwk = $pk->export_key_jwk('public');
=head1 DESCRIPTION
I<Since: CryptX-0.067>
=head1 METHODS
=head2 new
my $pk = Crypt::PK::Ed25519->new();
#or
my $pk = Crypt::PK::Ed25519->new($priv_or_pub_key_filename);
#or
my $pk = Crypt::PK::Ed25519->new(\$buffer_containing_priv_or_pub_key);
Support for password protected PEM keys
my $pk = Crypt::PK::Ed25519->new($priv_pem_key_filename, $password);
#or
my $pk = Crypt::PK::Ed25519->new(\$buffer_containing_priv_pem_key, $password);
=head2 generate_key
Uses Yarrow-based cryptographically strong random number generator seeded with
random data taken from C</dev/random> (UNIX) or C<CryptGenRandom> (Win32).
$pk->generate_key;
=head2 import_key
Loads private or public key in DER or PEM format.
$pk->import_key($filename);
#or
$pk->import_key(\$buffer_containing_key);
Support for password protected PEM keys:
$pk->import_key($filename, $password);
#or
$pk->import_key(\$buffer_containing_key, $password);
Loading private or public keys form perl hash:
$pk->import_key($hashref);
# the $hashref is either a key exported via key2hash
$pk->import_key({
curve => "ed25519",
pub => "A05D1AEA5830AC9A65CDFB384660D497E3697C46B419CF2CEC85DE8BD245459D",
priv => "45C109BA6FD24E8B67D23EFB6B92D99CD457E2137172C0D749FE2B5A0C142DAD",
});
# or a hash with items corresponding to JWK (JSON Web Key)
$pk->import_key({
kty => "OKP",
crv => "Ed25519",
d => "RcEJum_STotn0j77a5LZnNRX4hNxcsDXSf4rWgwULa0",
x => "oF0a6lgwrJplzfs4RmDUl-NpfEa0Gc8s7IXei9JFRZ0",
});
Supported key formats:
# all formats can be loaded from a file
my $pk = Crypt::PK::Ed25519->new($filename);
# or from a buffer containing the key
my $pk = Crypt::PK::Ed25519->new(\$buffer_with_key);
=over
=item * Ed25519 private keys in PEM format
-----BEGIN ED25519 PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEXBCbpv0k6LZ9I++2uS2ZzUV+ITcXLA10n+K1oMFC2t
-----END ED25519 PRIVATE KEY-----
=item * Ed25519 private keys in password protected PEM format
-----BEGIN ED25519 PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,6A64D756D49C1EFF
8xQ7OyfQ10IITNEKcJGZA53Z1yk+NJQU7hrKqXwChZtgWNInhMBJRl9pozLKDSkH
v7u6EOve8NY=
-----END ED25519 PRIVATE KEY-----
=item * PKCS#8 private keys
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEXBCbpv0k6LZ9I++2uS2ZzUV+ITcXLA10n+K1oMFC2t
-----END PRIVATE KEY-----
=item * PKCS#8 encrypted private keys
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIGHMEsGCSqGSIb3DQEFDTA+MCkGCSqGSIb3DQEFDDAcBAjPx9JkdpRH2QICCAAw
DAYIKoZIhvcNAgkFADARBgUrDgMCBwQIWWieQojaWTcEOGj43SxqHUys4Eb2M27N
AkhqpmhosOxKrpGi0L3h8m8ipHE8EwI94NeOMsjfVw60aJuCrssY5vKN
-----END ENCRYPTED PRIVATE KEY-----
=item * Ed25519 public keys in PEM format
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAoF0a6lgwrJplzfs4RmDUl+NpfEa0Gc8s7IXei9JFRZ0=
-----END PUBLIC KEY-----
=item * Ed25519 public key from X509 certificate
-----BEGIN CERTIFICATE-----
MIIBODCB66ADAgECAhRWDU9FZBBUZ7KTdX8f7Bco8jsoaTAFBgMrZXAwETEPMA0G
A1UEAwwGQ3J5cHRYMCAXDTIwMDExOTEzMDIwMloYDzIyOTMxMTAyMTMwMjAyWjAR
MQ8wDQYDVQQDDAZDcnlwdFgwKjAFBgMrZXADIQCgXRrqWDCsmmXN+zhGYNSX42l8
RrQZzyzshd6L0kVFnaNTMFEwHQYDVR0OBBYEFHCGFtVibAxxWYyRt5wazMpqSZDV
MB8GA1UdIwQYMBaAFHCGFtVibAxxWYyRt5wazMpqSZDVMA8GA1UdEwEB/wQFMAMB
Af8wBQYDK2VwA0EAqG/+98smzqF/wmFX3zHXSaA67as202HnBJod1Tiurw1f+lr3
BX6OMtsDpgRq9O77IF1Qyx/MdJEwwErczOIbAA==
-----END CERTIFICATE-----
=item * SSH public Ed25519 keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0XsiFcRDp6Hpsoak8OdiiBMJhM2UKszNTxoGS7dJ++
=item * SSH public Ed25519 keys (RFC-4716 format)
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "256-bit ED25519, converted from OpenSSH"
AAAAC3NzaC1lZDI1NTE5AAAAIL0XsiFcRDp6Hpsoak8OdiiBMJhM2UKszNTxoGS7dJ++
---- END SSH2 PUBLIC KEY ----
=item * Ed25519 private keys in JSON Web Key (JWK) format
See L<https://tools.ietf.org/html/rfc8037>
{
"kty":"OKP",
"crv":"Ed25519",
"x":"oF0a6lgwrJplzfs4RmDUl-NpfEa0Gc8s7IXei9JFRZ0",
"d":"RcEJum_STotn0j77a5LZnNRX4hNxcsDXSf4rWgwULa0",
}
B<BEWARE:> For JWK support you need to have L<JSON::PP>, L<JSON::XS> or L<Cpanel::JSON::XS> module.
=item * Ed25519 public keys in JSON Web Key (JWK) format
{
"kty":"OKP",
"crv":"Ed25519",
"x":"oF0a6lgwrJplzfs4RmDUl-NpfEa0Gc8s7IXei9JFRZ0",
}
B<BEWARE:> For JWK support you need to have L<JSON::PP>, L<JSON::XS> or L<Cpanel::JSON::XS> module.
=back
=head2 import_key_raw
Import raw public/private key - can load raw key data exported by L</export_key_raw>.
$pk->import_key_raw($key, 'public');
$pk->import_key_raw($key, 'private');
=head2 export_key_der
my $private_der = $pk->export_key_der('private');
#or
my $public_der = $pk->export_key_der('public');
=head2 export_key_pem
my $private_pem = $pk->export_key_pem('private');
#or
my $public_pem = $pk->export_key_pem('public');
Support for password protected PEM keys
my $private_pem = $pk->export_key_pem('private', $password);
#or
my $private_pem = $pk->export_key_pem('private', $password, $cipher);
# supported ciphers: 'DES-CBC'
# 'DES-EDE3-CBC'
# 'SEED-CBC'
# 'CAMELLIA-128-CBC'
# 'CAMELLIA-192-CBC'
# 'CAMELLIA-256-CBC'
# 'AES-128-CBC'
# 'AES-192-CBC'
# 'AES-256-CBC' (DEFAULT)
=head2 export_key_jwk
Exports public/private keys as a JSON Web Key (JWK).
my $private_json_text = $pk->export_key_jwk('private');
#or
my $public_json_text = $pk->export_key_jwk('public');
Also exports public/private keys as a perl HASH with JWK structure.
my $jwk_hash = $pk->export_key_jwk('private', 1);
#or
my $jwk_hash = $pk->export_key_jwk('public', 1);
B<BEWARE:> For JWK support you need to have L<JSON::PP>, L<JSON::XS> or L<Cpanel::JSON::XS> module.
=head2 export_key_raw
Export raw public/private key
my $private_bytes = $pk->export_key_raw('private');
#or
my $public_bytes = $pk->export_key_raw('public');
=head2 sign_message
my $signature = $priv->sign_message($message);
=head2 verify_message
my $valid = $pub->verify_message($signature, $message)
=head2 is_private
my $rv = $pk->is_private;
# 1 .. private key loaded
# 0 .. public key loaded
# undef .. no key loaded
=head2 key2hash
my $hash = $pk->key2hash;
# returns hash like this (or undef if no key loaded):
{
curve => "ed25519",
# raw public key as a hexadecimal string
pub => "A05D1AEA5830AC9A65CDFB384660D497E3697C46B419CF2CEC85DE8BD245459D",
# raw private key as a hexadecimal string. undef if key is public only
priv => "45C109BA6FD24E8B67D23EFB6B92D99CD457E2137172C0D749FE2B5A0C142DAD",
}
=head1 SEE ALSO
=over
=item * L<https://en.wikipedia.org/wiki/EdDSA#Ed25519>
=item * L<https://en.wikipedia.org/wiki/Curve25519>
=item * L<https://tools.ietf.org/html/rfc8032>
=back
=cut

921
database/perl/vendor/lib/Crypt/PK/RSA.pm vendored Normal file
View File

@@ -0,0 +1,921 @@
package Crypt::PK::RSA;
use strict;
use warnings;
our $VERSION = '0.069';
require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
our %EXPORT_TAGS = ( all => [qw(rsa_encrypt rsa_decrypt rsa_sign_message rsa_verify_message rsa_sign_hash rsa_verify_hash)] );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
our @EXPORT = qw();
use Carp;
$Carp::Internal{(__PACKAGE__)}++;
use CryptX;
use Crypt::Digest qw(digest_data digest_data_b64u);
use Crypt::Misc qw(read_rawfile encode_b64u decode_b64u encode_b64 decode_b64 pem_to_der der_to_pem);
use Crypt::PK;
sub new {
my $self = shift->_new();
return @_ > 0 ? $self->import_key(@_) : $self;
}
sub export_key_pem {
my ($self, $type, $password, $cipher) = @_;
local $SIG{__DIE__} = \&CryptX::_croak;
my $key = $self->export_key_der($type||'');
return unless $key;
# PKCS#1 RSAPrivateKey** (PEM header: BEGIN RSA PRIVATE KEY)
# PKCS#8 PrivateKeyInfo* (PEM header: BEGIN PRIVATE KEY)
# PKCS#8 EncryptedPrivateKeyInfo** (PEM header: BEGIN ENCRYPTED PRIVATE KEY)
return der_to_pem($key, "RSA PRIVATE KEY", $password, $cipher) if $type eq 'private';
# PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY)
return der_to_pem($key, "RSA PUBLIC KEY") if $type eq 'public';
# X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY)
return der_to_pem($key, "PUBLIC KEY") if $type eq 'public_x509';
}
sub export_key_jwk {
my ($self, $type, $wanthash) = @_;
local $SIG{__DIE__} = \&CryptX::_croak;
my $kh = $self->key2hash;
if ($type eq 'private') {
return unless $kh->{N} && $kh->{e} && $kh->{d} && $kh->{p} && $kh->{q} && $kh->{dP} && $kh->{dQ} && $kh->{qP};
for (qw/N e d p q dP dQ qP/) {
$kh->{$_} = "0$kh->{$_}" if length($kh->{$_}) % 2;
}
my $hash = {
kty => "RSA",
n => encode_b64u(pack("H*", $kh->{N})),
e => encode_b64u(pack("H*", $kh->{e})),
d => encode_b64u(pack("H*", $kh->{d})),
p => encode_b64u(pack("H*", $kh->{p})),
q => encode_b64u(pack("H*", $kh->{q})),
dp => encode_b64u(pack("H*", $kh->{dP})),
dq => encode_b64u(pack("H*", $kh->{dQ})),
qi => encode_b64u(pack("H*", $kh->{qP})),
};
return $wanthash ? $hash : CryptX::_encode_json($hash);
}
elsif ($type eq 'public') {
return unless $kh->{N} && $kh->{e};
for (qw/N e/) {
$kh->{$_} = "0$kh->{$_}" if length($kh->{$_}) % 2;
}
my $hash = {
kty => "RSA",
n => encode_b64u(pack("H*", $kh->{N})),
e => encode_b64u(pack("H*", $kh->{e})),
};
return $wanthash ? $hash : CryptX::_encode_json($hash);
}
}
sub export_key_jwk_thumbprint {
my ($self, $hash_name) = @_;
local $SIG{__DIE__} = \&CryptX::_croak;
$hash_name ||= 'SHA256';
my $h = $self->export_key_jwk('public', 1);
my $json = CryptX::_encode_json({kty=>$h->{kty}, n=>$h->{n}, e=>$h->{e}});
return digest_data_b64u($hash_name, $json);
}
sub import_key {
my ($self, $key, $password) = @_;
local $SIG{__DIE__} = \&CryptX::_croak;
croak "FATAL: undefined key" unless $key;
# special case
if (ref($key) eq 'HASH') {
if ($key->{N} && $key->{e}) {
# hash exported via key2hash
return $self->_import_hex($key->{N}, $key->{e}, $key->{d}, $key->{p}, $key->{q}, $key->{dP}, $key->{dQ}, $key->{qP});
}
if ($key->{n} && $key->{e} && $key->{kty} && $key->{kty} eq "RSA") {
$key = {%$key}; #make a copy so that the modifications below stay local
# hash with items corresponding to JSON Web Key (JWK)
for (qw/n e d p q dp dq qi/) {
$key->{$_} = eval { unpack("H*", decode_b64u($key->{$_})) } if exists $key->{$_};
}
return $self->_import_hex($key->{n}, $key->{e}, $key->{d}, $key->{p}, $key->{q}, $key->{dp}, $key->{dq}, $key->{qi});
}
croak "FATAL: unexpected RSA key hash";
}
my $data;
if (ref($key) eq 'SCALAR') {
$data = $$key;
}
elsif (-f $key) {
$data = read_rawfile($key);
}
else {
croak "FATAL: non-existing file '$key'";
}
croak "FATAL: invalid key data" unless $data;
if ($data =~ /-----BEGIN (RSA PRIVATE|RSA PUBLIC|PUBLIC) KEY-----(.*?)-----END/sg) {
# PKCS#1 RSAPublicKey (PEM header: BEGIN RSA PUBLIC KEY)
# PKCS#1 RSAPrivateKey (PEM header: BEGIN RSA PRIVATE KEY)
# X.509 SubjectPublicKeyInfo (PEM header: BEGIN PUBLIC KEY)
$data = pem_to_der($data, $password);
return $self->_import($data) if $data;
}
elsif ($data =~ /-----BEGIN PRIVATE KEY-----(.*?)-----END/sg) {
# PKCS#8 PrivateKeyInfo (PEM header: BEGIN PRIVATE KEY)
$data = pem_to_der($data, $password);
return $self->_import_pkcs8($data, $password);
}
elsif ($data =~ /-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END/sg) {
# PKCS#8 PrivateKeyInfo (PEM header: BEGIN ENCRYPTED PRIVATE KEY)
$data = pem_to_der($data, $password);
return $self->_import_pkcs8($data, $password);
}
elsif ($data =~ /^\s*(\{.*?\})\s*$/s) {
# JSON Web Key (JWK) - http://tools.ietf.org/html/draft-ietf-jose-json-web-key
my $json = "$1";
my $h = CryptX::_decode_json($json);
if ($h && $h->{kty} eq "RSA") {
for (qw/n e d p q dp dq qi/) {
$h->{$_} = eval { unpack("H*", decode_b64u($h->{$_})) } if exists $h->{$_};
}
return $self->_import_hex($h->{n}, $h->{e}, $h->{d}, $h->{p}, $h->{q}, $h->{dp}, $h->{dq}, $h->{qi}) if $h->{n} && $h->{e};
}
}
elsif ($data =~ /-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----/sg) {
$data = pem_to_der($data);
return $self->_import_x509($data);
}
elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) {
$data = pem_to_der($data);
my ($typ, $N, $e) = Crypt::PK::_ssh_parse($data);
return $self->_import_hex(unpack("H*", $e), unpack("H*", $N)) if $typ && $e && $N && $typ eq 'ssh-rsa';
}
elsif ($data =~ /ssh-rsa\s+(\S+)/) {
$data = decode_b64("$1");
my ($typ, $N, $e) = Crypt::PK::_ssh_parse($data);
return $self->_import_hex(unpack("H*", $e), unpack("H*", $N)) if $typ && $e && $N && $typ eq 'ssh-rsa';
}
else {
# DER format
my $rv = eval { $self->_import($data) } || eval { $self->_import_pkcs8($data, $password) } || eval { $self->_import_x509($data) };
return $rv if $rv;
}
croak "FATAL: invalid or unsupported RSA key format";
}
### FUNCTIONS
sub rsa_encrypt {
my $key = shift;
local $SIG{__DIE__} = \&CryptX::_croak;
$key = __PACKAGE__->new($key) unless ref $key;
carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
return $key->encrypt(@_);
}
sub rsa_decrypt {
my $key = shift;
local $SIG{__DIE__} = \&CryptX::_croak;
$key = __PACKAGE__->new($key) unless ref $key;
carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
return $key->decrypt(@_);
}
sub rsa_sign_hash {
my $key = shift;
local $SIG{__DIE__} = \&CryptX::_croak;
$key = __PACKAGE__->new($key) unless ref $key;
carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
return $key->sign_hash(@_);
}
sub rsa_verify_hash {
my $key = shift;
local $SIG{__DIE__} = \&CryptX::_croak;
$key = __PACKAGE__->new($key) unless ref $key;
carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
return $key->verify_hash(@_);
}
sub rsa_sign_message {
my $key = shift;
local $SIG{__DIE__} = \&CryptX::_croak;
$key = __PACKAGE__->new($key) unless ref $key;
carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
return $key->sign_message(@_);
}
sub rsa_verify_message {
my $key = shift;
local $SIG{__DIE__} = \&CryptX::_croak;
$key = __PACKAGE__->new($key) unless ref $key;
carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
return $key->verify_message(@_);
}
sub CLONE_SKIP { 1 } # prevent cloning
1;
=pod
=head1 NAME
Crypt::PK::RSA - Public key cryptography based on RSA
=head1 SYNOPSIS
### OO interface
#Encryption: Alice
my $pub = Crypt::PK::RSA->new('Bob_pub_rsa1.der');
my $ct = $pub->encrypt("secret message");
#
#Encryption: Bob (received ciphertext $ct)
my $priv = Crypt::PK::RSA->new('Bob_priv_rsa1.der');
my $pt = $priv->decrypt($ct);
#Signature: Alice
my $priv = Crypt::PK::RSA->new('Alice_priv_rsa1.der');
my $sig = $priv->sign_message($message);
#
#Signature: Bob (received $message + $sig)
my $pub = Crypt::PK::RSA->new('Alice_pub_rsa1.der');
$pub->verify_message($sig, $message) or die "ERROR";
#Key generation
my $pk = Crypt::PK::RSA->new();
$pk->generate_key(256, 65537);
my $private_der = $pk->export_key_der('private');
my $public_der = $pk->export_key_der('public');
my $private_pem = $pk->export_key_pem('private');
my $public_pem = $pk->export_key_pem('public');
### Functional interface
#Encryption: Alice
my $ct = rsa_encrypt('Bob_pub_rsa1.der', "secret message");
#Encryption: Bob (received ciphertext $ct)
my $pt = rsa_decrypt('Bob_priv_rsa1.der', $ct);
#Signature: Alice
my $sig = rsa_sign_message('Alice_priv_rsa1.der', $message);
#Signature: Bob (received $message + $sig)
rsa_verify_message('Alice_pub_rsa1.der', $sig, $message) or die "ERROR";
=head1 DESCRIPTION
The module provides a full featured RSA implementation.
=head1 METHODS
=head2 new
my $pk = Crypt::PK::RSA->new();
#or
my $pk = Crypt::PK::RSA->new($priv_or_pub_key_filename);
#or
my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_or_pub_key);
Support for password protected PEM keys
my $pk = Crypt::PK::RSA->new($priv_pem_key_filename, $password);
#or
my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_pem_key, $password);
=head2 generate_key
Uses Yarrow-based cryptographically strong random number generator seeded with
random data taken from C</dev/random> (UNIX) or C<CryptGenRandom> (Win32).
$pk->generate_key($size, $e);
# $size .. key size: 128-512 bytes (DEFAULT is 256)
# $e ..... exponent: 3, 17, 257 or 65537 (DEFAULT is 65537)
=head2 import_key
Loads private or public key in DER or PEM format.
$pk->import_key($priv_or_pub_key_filename);
#or
$pk->import_key(\$buffer_containing_priv_or_pub_key);
Support for password protected PEM keys
$pk->import_key($pem_filename, $password);
#or
$pk->import_key(\$buffer_containing_pem_key, $password);
Loading private or public keys form perl hash:
$pk->import_key($hashref);
# the $hashref is either a key exported via key2hash
$pk->import_key({
e => "10001", #public exponent
d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param
dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param
});
# or a hash with items corresponding to JWK (JSON Web Key)
$pk->import_key({
{
kty => "RSA",
n => "0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
e => "AQAB",
d => "X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
p => "83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
q => "3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
dp => "G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
dq => "s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
qi => "GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
});
Supported key formats:
# all formats can be loaded from a file
my $pk = Crypt::PK::RSA->new($filename);
# or from a buffer containing the key
my $pk = Crypt::PK::RSA->new(\$buffer_with_key);
=over
=item * RSA public keys
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5
vEzAXpUOL9tDtdPUl96brIbbdMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7Vvb
VUjAn/2HHDDL0U1utqqlMJhaffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfK
B2uzcNq60sMIfp6siQIDAQAB
-----END PUBLIC KEY-----
=item * RSA private keys
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5vEzAXpUOL9tDtdPUl96brIbb
dMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7VvbVUjAn/2HHDDL0U1utqqlMJha
ffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfKB2uzcNq60sMIfp6siQIDAQAB
AoGBAI5+GgNcGQDYw9uF+t7FwxZM5sGZRJrbbEPyuvL+sDxKKW6voKCyHi4EJzaF
9jRZMDqgVJcsmUwjPPuMGBHHJ+MI5Zb3L0jbZkyx8u+U5gf88oy9eZmfGOjmHcMB
oCgzyoLmJETuyADg2onLanuY3jggFb3tq/jimKjO8xM2R6zhAkEA7uXWWyJI9cCN
zrVt5R5v6oosjZ4r5VILGMqBRLrzfTvH+WDMK6Rl/2MHE+YDeLajzunaM8qY2456
GTYEXQsIdQJBANXfMEtXocSdPtoVj3ME8Do/0r+ApgTdcDPCwXOzkmkEJW/UFMSn
b8CYF5G6sZQN9L5z3s2nvi55PaFV8Q0LMUUCQBh9GvIQm6YFbQPpeTBpZFOIgnSp
6BoDxPtvlryy5U7LF/6qO4OlwIbjYdBaXbS8FCKbujBg7jZjboSzEtNu1BkCQDGT
w0Yz0jQZn3A+fzpScr2N/fSWheWqz0+wXdfMUKw3YdZCe236wlUK7KvDc1a2xX1A
ru1NbTCoujikC3TSm2ECQQDKQshchJlZJmFv9vCFQlGCA/EX+4406xvOOiixbPYC
pIB4Ee2cmvEdAqSaOjrvgs5zvaCCFBO0MecPStCAxUX6
-----END RSA PRIVATE KEY-----
=item * RSA private keys in password protected PEM format
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,4D697440FF5AEF18
C09H49Gn99o8b8O2r4+Hqao4r3udvC+QSSfsk20sXatyuZSEmbhyqKAB+13NRj+3
KIsRTqnL9VkeibIGgLHuekOFKAqeSVZ0PmR4bGWEFxUPAYUvg9N9pIa6hGtNZG+y
TEpOAfFITb1pbHQhp3j8y7qmKc5kY5LrZSFE8WwA24NTG773E07wJgRxKDkXNGOl
kki6oYArNEps0DdtHFxzgdRg0+yaotXuFJRuC5V4YzKGG/oSRcgYyXKTwCndb3xt
aHgI2WprQAPg+qOpLABzoi7bEjCqbHWrwkvnAngylbim2Uyvw1e1xKnzlgIHU7pv
e/J+s00pTItfqW1IpY2mh4C9nkfkfVKBKaAv7jO0s6aPySATqsdlrzv2kpF6Ub4J
kgaZDOfZ4K3qkyAYVLWcQeDqg4glv9Ah2J05bTm4qrIMmthYnThyQlGvcjUfCMXs
0t+mEQbsRY7xKt0o6HzzvQlJ+JsFlLORoslAubJX9iLqpEdnlrj1lD9bo6uIClZ5
5+aoLcAyz1D4OsauuP5i8VFu+Is+QG4SN/vHVuArjkqi3VpLwSAjNDY+KWbq042l
CqlM2mwm6FIGUZQFxiLHJD7WDmk1xmae++m+XG9CEDTfrUQ5v+l0O6BTrl80XUfU
w3gzAWbSjz3UK0FpKeABVFPE9fjNP9fTcS6qL5YJWBPflwxCAbVgsBOW4bOMpDGK
BJDQTeShWn4BlYCe/vgThI9ERdgZhRz4NcFeDgVA/CqQzVqptvz4PSqH46fqUN2n
4PtJgKE5cASYUBuAjlD71FecSVVM/OTzL1uxYzXBilzvVn2vSHgo9g==
-----END RSA PRIVATE KEY-----
=item * PKCS#8 encoded private keys
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANPN17xW4EkH5PXG
1i/i3rE1EXFcCHyxmz95VRBDs1p3MuYf9mxntbfYAmuzS3KrRWh3IyX/Eh80N/v9
OXPlwZbVqSTX+L3pCEJtRtsWn0zmswGThjMZiwle0oWuap63L35F1QN8EDaSPSBC
yGELNRr6rwVYq0w5b+LOcaCZ+/H1AgMBAAECgYEApfu3aGpww+rC3HUhX0+ckyTy
cXLdV9LbxidwqRlVEb0+DyfXNucjelp2sy5EHy3na9GJovo8mmWSxhCRGKliRkQ6
XgrEMZdCSaWI2AazuHAGlUJRFEVkvdla3AuBAn6y0YdDp/3kbg0yahmKyD8Gq74z
nUYbDL3R5JtR2Ad/KlUCQQDvSEICTHbO/BF7hVmlKRYZSNHKEPrv8X/OlppS14Kv
QRwc+CZ5+l6T1Y+l5cHJQUXrXZoWS1K741TXdUhjjUd7AkEA4pod804Ex8sttdWi
pHMfeyj+IbPAk5XnBc91jT7AYIeL8ccjtfl99xhMsGFaxrh3wA/4SGEvwzWkbxcq
H8G5TwJAKNG+0P2SVwURRm0dOdukdXPCtiHnbP9Zujhe4zr4hEUrMpXymmRntfh8
pORpBpgoAVraams3Fe5WDttnGfSD+QJAOOC6V9HjfUrQhG3FT0XeRwm5EDiQQ/tC
a8DxHqz7mL8tL1ju68ReC+G7jiJBqNOwqzLW/UP3uyYByiikWChGHQJAHUau7jIM
45ErO096n94Vh95p76ANxOroWszOt39TyvJOykIfoPwFagLrBWV9Jjos2/D54KE+
fyoy4t3yHT+/nw==
-----END PRIVATE KEY-----
=item * PKCS#8 encrypted private keys - password protected keys (supported since: CryptX-0.062)
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICojAcBgoqhkiG9w0BDAEDMA4ECCQk+Rr1yzzcAgIIAASCAoD/mgpUFjxxM/Ty
Yt+NeT0Fo4echgoGksqs6+rYhO16oshG664emZfkuNoFGGzJ38X6GVuqIXhlPnYQ
biKvL37dN/KnoGytFHq9Wnk8dDwjGHPtwajhW5WuIV3NuhW/AO1PF/cRZKFjWrPt
NWY5CrpfH6t6zojoe+5uyXpH29lQy4OqvSRdPIt/12UcB+tzV7XzSWEuXh8HAi8a
sYUu6tuCFnq4GrD2ffM4KWFmL5GqBAwN6m0KkyrNni9XT+RaA6zEhv/lVcwg2esa
4/EzRs0ixzzZDKaml8oCMl9RHtFAbQmdlfV7Ip4rGK9BwY6UFiDMIVru6HynOVQK
vvZ+j//bgO+3ubrv7psX+vC9Fy/MoH2Tc7MIwDN/QVTciPZlzjWBnBNxMfeFKtEn
d7NFiapgfLuRQIiDTMrW/clcqvO54NphxhrcgUEoxos4twKZARntqPZHtf8nEM2x
2sEF5kI65aEF/5Yy16qvP0vZAA2B1kcIdXZ8XLZCp4c3olhkIrmgUpo1gyFXdCoC
7dT5Cz7/YLkq5hkcFrtp4V9BZMR24fSttc4p24N5xuZ+JneGnGkLX6B+nJAtm9vw
bZA6P+23GI0qeMzL3HJXwCOTSsWfm/H9W5+2Zmw851aAmE+pZLni/pk3e3iNSWgs
946x/doA5O0uCFsU7oxme+WAIp2SjhxGoe808Lf1CCFMPboFi1O/E0NsX8SIEX+i
U+UHi4kxZqVkr3Q5SB/9kiSv8K1bE787yueQOT/dsTYYaMsjAbkEZo0o/47F32T6
A2ioXHOV/pr5zNHqE5tL+qKEcLYbAUF1O+WvmdqYz+vHQjRQBatAqTmncvLDYr/j
1HPwZX2d
-----END ENCRYPTED PRIVATE KEY-----
=item * RSA public key from X509 certificate
-----BEGIN CERTIFICATE-----
MIIC8zCCAdugAwIBAgIJAPi+LvMU3uGWMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV
BAMMBXBva3VzMB4XDTE3MDcxNDE0MTAyMFoXDTIwMDQwOTE0MTAyMFowEDEOMAwG
A1UEAwwFcG9rdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQima
SUIMIdz5uVevzcScbcj06xs1OLaFKUoPJ8v+xP6Ut61BQhAvc8GYuw2uRx223hZC
r3HYLfSdWIfmOIAtlL8cPYPVoSivJtpSGE6fBG1tlBjVgXWRmJGR/oxx6Y5QDwcB
Q4GZKga8TtHQoY5idZuatYOFZGfMIcIUC0Uoda+YSypnw7A90F/JvlpcTUh3Fnem
VinqEA6XOegU9dCZk/29sXqauBjbdGihh8DvpklOhY16eQoiR3909AywQ0KUmI+R
Sa9E8oIsmUDetFuXEvana+sD3y42tU+cd2nhBPRETbSXPcum0B3uF4yKgweuJy5D
cvtVQIFVkkh4+AWNAgMBAAGjUDBOMB0GA1UdDgQWBBSS6V5PVGyN92NoB0AVLcOb
pzR3SzAfBgNVHSMEGDAWgBSS6V5PVGyN92NoB0AVLcObpzR3SzAMBgNVHRMEBTAD
AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBIszrBjoJ39axsS6Btbvwvo8vAmgiSWsav
7AmjXOAwknHPaCcDmrdOys5POD0DNRwNeRsnxFiZ/UL8Vmj2JGDLgAw+/v32MwfX
Ig7m+oIbO8KqDzlYvS5kd3suJ5C21hHy1/JUtfofZLovZH7ZRzhTAoRvCYaodW90
2o8ZqmyCdcXPzjFmoJ2xYzs/Sf8/E1cHfb+4HjOpeRnKxDvG0gwWzcsXpUrw2pNO
Oztj6Rd0THNrf/anIeYVtAHX4aqZA8Kbv2TyJd+9g78usFw1cn+8vfmilm6Pn0DQ
a+I5GyGd7BJI8wYuWqIStzvrJHbQQaNrSk7hgjWYiYlcsPh6w2QP
-----END CERTIFICATE-----
=item * SSH public RSA keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQA...6mdYs5iJNGu/ltUdc=
=item * SSH public RSA keys (RFC-4716 format)
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "768-bit RSA, converted from OpenSSH"
AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6x
D/DzKem8761GdCpqsLrGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+
L26mdYs5iJNGu/ltUdc=
---- END SSH2 PUBLIC KEY ----
=item * RSA private keys in JSON Web Key (JWK) format
See L<http://tools.ietf.org/html/draft-ietf-jose-json-web-key>
{
"kty":"RSA",
"n":"0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
"e":"AQAB",
"d":"X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
"p":"83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
"q":"3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
"dp":"G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
"dq":"s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
"qi":"GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
}
B<BEWARE:> For JWK support you need to have L<JSON::PP>, L<JSON::XS> or L<Cpanel::JSON::XS> module.
=item * RSA public keys in JSON Web Key (JWK) format
{
"kty":"RSA",
"n": "0vx7agoebGcQSuuPiLJXZp...tN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECP",
"e":"AQAB",
}
B<BEWARE:> For JWK support you need to have L<JSON::PP>, L<JSON::XS> or L<Cpanel::JSON::XS> module.
=back
=head2 export_key_der
my $private_der = $pk->export_key_der('private');
#or
my $public_der = $pk->export_key_der('public');
=head2 export_key_pem
my $private_pem = $pk->export_key_pem('private');
#or
my $public_pem = $pk->export_key_pem('public');
#or
my $public_pem = $pk->export_key_pem('public_x509');
With parameter C<'public'> uses header and footer lines:
-----BEGIN RSA PUBLIC KEY------
-----END RSA PUBLIC KEY------
With parameter C<'public_x509'> uses header and footer lines:
-----BEGIN PUBLIC KEY------
-----END PUBLIC KEY------
Support for password protected PEM keys
my $private_pem = $pk->export_key_pem('private', $password);
#or
my $private_pem = $pk->export_key_pem('private', $password, $cipher);
# supported ciphers: 'DES-CBC'
# 'DES-EDE3-CBC'
# 'SEED-CBC'
# 'CAMELLIA-128-CBC'
# 'CAMELLIA-192-CBC'
# 'CAMELLIA-256-CBC'
# 'AES-128-CBC'
# 'AES-192-CBC'
# 'AES-256-CBC' (DEFAULT)
=head2 export_key_jwk
I<Since: CryptX-0.022>
Exports public/private keys as a JSON Web Key (JWK).
my $private_json_text = $pk->export_key_jwk('private');
#or
my $public_json_text = $pk->export_key_jwk('public');
Also exports public/private keys as a perl HASH with JWK structure.
my $jwk_hash = $pk->export_key_jwk('private', 1);
#or
my $jwk_hash = $pk->export_key_jwk('public', 1);
B<BEWARE:> For JWK support you need to have L<JSON::PP>, L<JSON::XS> or L<Cpanel::JSON::XS> module.
=head2 export_key_jwk_thumbprint
I<Since: CryptX-0.031>
Exports the key's JSON Web Key Thumbprint as a string.
If you don't know what this is, see RFC 7638 L<https://tools.ietf.org/html/rfc7638>.
my $thumbprint = $pk->export_key_jwk_thumbprint('SHA256');
=head2 encrypt
my $pk = Crypt::PK::RSA->new($pub_key_filename);
my $ct = $pk->encrypt($message);
#or
my $ct = $pk->encrypt($message, $padding);
#or
my $ct = $pk->encrypt($message, 'oaep', $hash_name, $lparam);
# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
# $lparam (only for oaep) ..... DEFAULT is empty string
=head2 decrypt
my $pk = Crypt::PK::RSA->new($priv_key_filename);
my $pt = $pk->decrypt($ciphertext);
#or
my $pt = $pk->decrypt($ciphertext, $padding);
#or
my $pt = $pk->decrypt($ciphertext, 'oaep', $hash_name, $lparam);
# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
# $lparam (only for oaep) ..... DEFAULT is empty string
=head2 sign_message
my $pk = Crypt::PK::RSA->new($priv_key_filename);
my $signature = $priv->sign_message($message);
#or
my $signature = $priv->sign_message($message, $hash_name);
#or
my $signature = $priv->sign_message($message, $hash_name, $padding);
#or
my $signature = $priv->sign_message($message, $hash_name, 'pss', $saltlen);
# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
# $saltlen (only for pss) .. DEFAULT is 12
=head2 verify_message
my $pk = Crypt::PK::RSA->new($pub_key_filename);
my $valid = $pub->verify_message($signature, $message);
#or
my $valid = $pub->verify_message($signature, $message, $hash_name);
#or
my $valid = $pub->verify_message($signature, $message, $hash_name, $padding);
#or
my $valid = $pub->verify_message($signature, $message, $hash_name, 'pss', $saltlen);
# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
# $saltlen (only for pss) .. DEFAULT is 12
=head2 sign_hash
my $pk = Crypt::PK::RSA->new($priv_key_filename);
my $signature = $priv->sign_hash($message_hash);
#or
my $signature = $priv->sign_hash($message_hash, $hash_name);
#or
my $signature = $priv->sign_hash($message_hash, $hash_name, $padding);
#or
my $signature = $priv->sign_hash($message_hash, $hash_name, 'pss', $saltlen);
# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
# $saltlen (only for pss) .. DEFAULT is 12
=head2 verify_hash
my $pk = Crypt::PK::RSA->new($pub_key_filename);
my $valid = $pub->verify_hash($signature, $message_hash);
#or
my $valid = $pub->verify_hash($signature, $message_hash, $hash_name);
#or
my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, $padding);
#or
my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, 'pss', $saltlen);
# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
# $saltlen (only for pss) .. DEFAULT is 12
=head2 is_private
my $rv = $pk->is_private;
# 1 .. private key loaded
# 0 .. public key loaded
# undef .. no key loaded
=head2 size
my $size = $pk->size;
# returns key size in bytes or undef if no key loaded
=head2 key2hash
my $hash = $pk->key2hash;
# returns hash like this (or undef if no key loaded):
{
type => 1, # integer: 1 .. private, 0 .. public
size => 256, # integer: key size in bytes
# all the rest are hex strings
e => "10001", #public exponent
d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param
dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param
}
=head1 FUNCTIONS
=head2 rsa_encrypt
RSA based encryption. See method L</encrypt> below.
my $ct = rsa_encrypt($pub_key_filename, $message);
#or
my $ct = rsa_encrypt(\$buffer_containing_pub_key, $message);
#or
my $ct = rsa_encrypt($pub_key, $message, $padding);
#or
my $ct = rsa_encrypt($pub_key, $message, 'oaep', $hash_name, $lparam);
# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
# $lparam (only for oaep) ..... DEFAULT is empty string
=head2 rsa_decrypt
RSA based decryption. See method L</decrypt> below.
my $pt = rsa_decrypt($priv_key_filename, $ciphertext);
#or
my $pt = rsa_decrypt(\$buffer_containing_priv_key, $ciphertext);
#or
my $pt = rsa_decrypt($priv_key, $ciphertext, $padding);
#or
my $pt = rsa_decrypt($priv_key, $ciphertext, 'oaep', $hash_name, $lparam);
# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
# $lparam (only for oaep) ..... DEFAULT is empty string
=head2 rsa_sign_message
Generate RSA signature. See method L</sign_message> below.
my $sig = rsa_sign_message($priv_key_filename, $message);
#or
my $sig = rsa_sign_message(\$buffer_containing_priv_key, $message);
#or
my $sig = rsa_sign_message($priv_key, $message, $hash_name);
#or
my $sig = rsa_sign_message($priv_key, $message, $hash_name, $padding);
#or
my $sig = rsa_sign_message($priv_key, $message, $hash_name, 'pss', $saltlen);
# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
# $saltlen (only for pss) .. DEFAULT is 12
=head2 rsa_verify_message
Verify RSA signature. See method L</verify_message> below.
rsa_verify_message($pub_key_filename, $signature, $message) or die "ERROR";
#or
rsa_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR";
#or
rsa_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";
#or
rsa_verify_message($pub_key, $signature, $message, $hash_name, $padding) or die "ERROR";
#or
rsa_verify_message($pub_key, $signature, $message, $hash_name, 'pss', $saltlen) or die "ERROR";
# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
# $saltlen (only for pss) .. DEFAULT is 12
=head2 rsa_sign_hash
Generate RSA signature. See method L</sign_hash> below.
my $sig = rsa_sign_hash($priv_key_filename, $message_hash);
#or
my $sig = rsa_sign_hash(\$buffer_containing_priv_key, $message_hash);
#or
my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name);
#or
my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, $padding);
#or
my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, 'pss', $saltlen);
# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
# $saltlen (only for pss) .. DEFAULT is 12
=head2 rsa_verify_hash
Verify RSA signature. See method L</verify_hash> below.
rsa_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR";
#or
rsa_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";
#or
rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name) or die "ERROR";
#or
rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, $padding) or die "ERROR";
#or
rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, 'pss', $saltlen) or die "ERROR";
# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
# $saltlen (only for pss) .. DEFAULT is 12
=head1 OpenSSL interoperability
### let's have:
# RSA private key in PEM format - rsakey.priv.pem
# RSA public key in PEM format - rsakey.pub.pem
# data file to be signed or encrypted - input.data
=head2 Encrypt by OpenSSL, decrypt by Crypt::PK::RSA
Create encrypted file (from commandline):
openssl rsautl -encrypt -inkey rsakey.pub.pem -pubin -out input.encrypted.rsa -in input.data
Decrypt file (Perl code):
use Crypt::PK::RSA;
use Crypt::Misc 'read_rawfile';
my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem");
my $encfile = read_rawfile("input.encrypted.rsa");
my $plaintext = $pkrsa->decrypt($encfile, 'v1.5');
print $plaintext;
=head2 Encrypt by Crypt::PK::RSA, decrypt by OpenSSL
Create encrypted file (Perl code):
use Crypt::PK::RSA;
use Crypt::Misc 'write_rawfile';
my $plaintext = 'secret message';
my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem");
my $encrypted = $pkrsa->encrypt($plaintext, 'v1.5');
write_rawfile("input.encrypted.rsa", $encrypted);
Decrypt file (from commandline):
openssl rsautl -decrypt -inkey rsakey.priv.pem -in input.encrypted.rsa
=head2 Sign by OpenSSL, verify by Crypt::PK::RSA
Create signature (from commandline):
openssl dgst -sha1 -sign rsakey.priv.pem -out input.sha1-rsa.sig input.data
Verify signature (Perl code):
use Crypt::PK::RSA;
use Crypt::Digest 'digest_file';
use Crypt::Misc 'read_rawfile';
my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem");
my $signature = read_rawfile("input.sha1-rsa.sig");
my $valid = $pkrsa->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5");
print $valid ? "SUCCESS" : "FAILURE";
=head2 Sign by Crypt::PK::RSA, verify by OpenSSL
Create signature (Perl code):
use Crypt::PK::RSA;
use Crypt::Digest 'digest_file';
use Crypt::Misc 'write_rawfile';
my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem");
my $signature = $pkrsa->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5");
write_rawfile("input.sha1-rsa.sig", $signature);
Verify signature (from commandline):
openssl dgst -sha1 -verify rsakey.pub.pem -signature input.sha1-rsa.sig input.data
=head2 Keys generated by Crypt::PK::RSA
Generate keys (Perl code):
use Crypt::PK::RSA;
use Crypt::Misc 'write_rawfile';
my $pkrsa = Crypt::PK::RSA->new;
$pkrsa->generate_key(256, 65537);
write_rawfile("rsakey.pub.der", $pkrsa->export_key_der('public'));
write_rawfile("rsakey.priv.der", $pkrsa->export_key_der('private'));
write_rawfile("rsakey.pub.pem", $pkrsa->export_key_pem('public_x509'));
write_rawfile("rsakey.priv.pem", $pkrsa->export_key_pem('private'));
write_rawfile("rsakey-passwd.priv.pem", $pkrsa->export_key_pem('private', 'secret'));
Use keys by OpenSSL:
openssl rsa -in rsakey.priv.der -text -inform der
openssl rsa -in rsakey.priv.pem -text
openssl rsa -in rsakey-passwd.priv.pem -text -inform pem -passin pass:secret
openssl rsa -in rsakey.pub.der -pubin -text -inform der
openssl rsa -in rsakey.pub.pem -pubin -text
=head2 Keys generated by OpenSSL
Generate keys:
openssl genrsa -out rsakey.priv.pem 1024
openssl rsa -in rsakey.priv.pem -out rsakey.priv.der -outform der
openssl rsa -in rsakey.priv.pem -out rsakey.pub.pem -pubout
openssl rsa -in rsakey.priv.pem -out rsakey.pub.der -outform der -pubout
openssl rsa -in rsakey.priv.pem -passout pass:secret -des3 -out rsakey-passwd.priv.pem
Load keys (Perl code):
use Crypt::PK::RSA;
my $pkrsa = Crypt::PK::RSA->new;
$pkrsa->import_key("rsakey.pub.der");
$pkrsa->import_key("rsakey.priv.der");
$pkrsa->import_key("rsakey.pub.pem");
$pkrsa->import_key("rsakey.priv.pem");
$pkrsa->import_key("rsakey-passwd.priv.pem", "secret");
=head1 SEE ALSO
=over
=item * L<https://en.wikipedia.org/wiki/RSA_%28algorithm%29|https://en.wikipedia.org/wiki/RSA_%28algorithm%29>
=back
=cut

391
database/perl/vendor/lib/Crypt/PK/X25519.pm vendored Normal file
View File

@@ -0,0 +1,391 @@
package Crypt::PK::X25519;
use strict;
use warnings;
our $VERSION = '0.069';
require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
our %EXPORT_TAGS = ( all => [qw( )] );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
our @EXPORT = qw();
use Carp;
$Carp::Internal{(__PACKAGE__)}++;
use CryptX;
use Crypt::PK;
use Crypt::Misc qw(read_rawfile encode_b64u decode_b64u encode_b64 decode_b64 pem_to_der der_to_pem);
sub new {
my $self = shift->_new();
return @_ > 0 ? $self->import_key(@_) : $self;
}
sub import_key_raw {
my ($self, $key, $type) = @_;
croak "FATAL: undefined key" unless $key;
croak "FATAL: invalid key" unless length($key) == 32;
croak "FATAL: undefined type" unless $type;
return $self->_import_raw($key, 1) if $type eq 'private';
return $self->_import_raw($key, 0) if $type eq 'public';
croak "FATAL: invalid key type '$type'";
}
sub import_key {
my ($self, $key, $password) = @_;
local $SIG{__DIE__} = \&CryptX::_croak;
croak "FATAL: undefined key" unless $key;
# special case
if (ref($key) eq 'HASH') {
if ($key->{kty} && $key->{kty} eq "OKP" && $key->{crv} && $key->{crv} eq 'X25519') {
# JWK-like structure e.g.
# {"kty":"OKP","crv":"X25519","d":"...","x":"..."}
return $self->_import_raw(decode_b64u($key->{d}), 1) if $key->{d}; # private
return $self->_import_raw(decode_b64u($key->{x}), 0) if $key->{x}; # public
}
if ($key->{curve} && $key->{curve} eq "x25519" && ($key->{priv} || $key->{pub})) {
# hash exported via key2hash
return $self->_import_raw(pack("H*", $key->{priv}), 1) if $key->{priv};
return $self->_import_raw(pack("H*", $key->{pub}), 0) if $key->{pub};
}
croak "FATAL: unexpected X25519 key hash";
}
my $data;
if (ref($key) eq 'SCALAR') {
$data = $$key;
}
elsif (-f $key) {
$data = read_rawfile($key);
}
else {
croak "FATAL: non-existing file '$key'";
}
croak "FATAL: invalid key data" unless $data;
if ($data =~ /-----BEGIN PUBLIC KEY-----(.*?)-----END/sg) {
$data = pem_to_der($data, $password);
return $self->_import($data);
}
elsif ($data =~ /-----BEGIN PRIVATE KEY-----(.*?)-----END/sg) {
$data = pem_to_der($data, $password);
return $self->_import_pkcs8($data, $password);
}
elsif ($data =~ /-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END/sg) {
$data = pem_to_der($data, $password);
return $self->_import_pkcs8($data, $password);
}
elsif ($data =~ /-----BEGIN X25519 PRIVATE KEY-----(.*?)-----END/sg) {
$data = pem_to_der($data, $password);
return $self->_import_pkcs8($data, $password);
}
elsif ($data =~ /^\s*(\{.*?\})\s*$/s) { # JSON
my $h = CryptX::_decode_json("$1");
if ($h->{kty} && $h->{kty} eq "OKP" && $h->{crv} && $h->{crv} eq 'X25519') {
return $self->_import_raw(decode_b64u($h->{d}), 1) if $h->{d}; # private
return $self->_import_raw(decode_b64u($h->{x}), 0) if $h->{x}; # public
}
}
elsif (length($data) == 32) {
croak "FATAL: use import_key_raw() to load raw (32 bytes) X25519 key";
}
else {
my $rv = eval { $self->_import($data) } ||
eval { $self->_import_pkcs8($data, $password) } ||
eval { $self->_import_x509($data) };
return $rv if $rv;
}
croak "FATAL: invalid or unsupported X25519 key format";
}
sub export_key_pem {
my ($self, $type, $password, $cipher) = @_;
local $SIG{__DIE__} = \&CryptX::_croak;
my $key = $self->export_key_der($type||'');
return unless $key;
return der_to_pem($key, "X25519 PRIVATE KEY", $password, $cipher) if substr($type, 0, 7) eq 'private';
return der_to_pem($key, "PUBLIC KEY") if substr($type,0, 6) eq 'public';
}
sub export_key_jwk {
my ($self, $type, $wanthash) = @_;
local $SIG{__DIE__} = \&CryptX::_croak;
my $kh = $self->key2hash;
return unless $kh;
my $hash = { kty => "OKP", crv => "X25519" };
$hash->{x} = encode_b64u(pack("H*", $kh->{pub}));
$hash->{d} = encode_b64u(pack("H*", $kh->{priv})) if $type && $type eq 'private' && $kh->{priv};
return $wanthash ? $hash : CryptX::_encode_json($hash);
}
sub CLONE_SKIP { 1 } # prevent cloning
1;
=pod
=head1 NAME
Crypt::PK::X25519 - Asymmetric cryptography based on X25519
=head1 SYNOPSIS
use Crypt::PK::X25519;
#Shared secret
my $priv = Crypt::PK::X25519->new('Alice_priv_x25519.der');
my $pub = Crypt::PK::X25519->new('Bob_pub_x25519.der');
my $shared_secret = $priv->shared_secret($pub);
#Load key
my $pk = Crypt::PK::X25519->new;
my $pk_hex = "EA7806F721A8570512C8F6EFB4E8D620C49A529E4DF5EAA77DEC646FB1E87E41";
$pk->import_key_raw(pack("H*", $pk_hex), "public");
my $sk = Crypt::PK::X25519->new;
my $sk_hex = "002F93D10BA5728D8DD8E9527721DABA3261C0BB1BEFDE7B4BBDAC631D454651";
$sk->import_key_raw(pack("H*", $sk_hex), "private");
#Key generation
my $pk = Crypt::PK::X25519->new->generate_key;
my $private_der = $pk->export_key_der('private');
my $public_der = $pk->export_key_der('public');
my $private_pem = $pk->export_key_pem('private');
my $public_pem = $pk->export_key_pem('public');
my $private_raw = $pk->export_key_raw('private');
my $public_raw = $pk->export_key_raw('public');
my $private_jwk = $pk->export_key_jwk('private');
my $public_jwk = $pk->export_key_jwk('public');
=head1 DESCRIPTION
I<Since: CryptX-0.067>
=head1 METHODS
=head2 new
my $pk = Crypt::PK::X25519->new();
#or
my $pk = Crypt::PK::X25519->new($priv_or_pub_key_filename);
#or
my $pk = Crypt::PK::X25519->new(\$buffer_containing_priv_or_pub_key);
Support for password protected PEM keys
my $pk = Crypt::PK::X25519->new($priv_pem_key_filename, $password);
#or
my $pk = Crypt::PK::X25519->new(\$buffer_containing_priv_pem_key, $password);
=head2 generate_key
Uses Yarrow-based cryptographically strong random number generator seeded with
random data taken from C</dev/random> (UNIX) or C<CryptGenRandom> (Win32).
$pk->generate_key;
=head2 import_key
Loads private or public key in DER or PEM format.
$pk->import_key($filename);
#or
$pk->import_key(\$buffer_containing_key);
Support for password protected PEM keys:
$pk->import_key($filename, $password);
#or
$pk->import_key(\$buffer_containing_key, $password);
Loading private or public keys form perl hash:
$pk->import_key($hashref);
# the $hashref is either a key exported via key2hash
$pk->import_key({
curve => "x25519",
pub => "EA7806F721A8570512C8F6EFB4E8D620C49A529E4DF5EAA77DEC646FB1E87E41",
priv => "002F93D10BA5728D8DD8E9527721DABA3261C0BB1BEFDE7B4BBDAC631D454651",
});
# or a hash with items corresponding to JWK (JSON Web Key)
$pk->import_key({
kty => "OKP",
crv => "X25519",
d => "AC-T0Qulco2N2OlSdyHaujJhwLsb7957S72sYx1FRlE",
x => "6ngG9yGoVwUSyPbvtOjWIMSaUp5N9eqnfexkb7HofkE",
});
Supported key formats:
# all formats can be loaded from a file
my $pk = Crypt::PK::X25519->new($filename);
# or from a buffer containing the key
my $pk = Crypt::PK::X25519->new(\$buffer_with_key);
=over
=item * X25519 private keys in PEM format
-----BEGIN X25519 PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIAAvk9ELpXKNjdjpUnch2royYcC7G+/ee0u9rGMdRUZR
-----END X25519 PRIVATE KEY-----
=item * X25519 private keys in password protected PEM format
-----BEGIN X25519 PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,DEEFD3D6B714E75A
dfFWP5bKn49aZ993NVAhQQPdFWgsTb4j8CWhRjGBVTPl6ITstAL17deBIRBwZb7h
pAyIka81Kfs=
-----END X25519 PRIVATE KEY-----
=item * X25519 public keys in PEM format
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VuAyEA6ngG9yGoVwUSyPbvtOjWIMSaUp5N9eqnfexkb7HofkE=
-----END PUBLIC KEY-----
=item * PKCS#8 private keys
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIAAvk9ELpXKNjdjpUnch2royYcC7G+/ee0u9rGMdRUZR
-----END PRIVATE KEY-----
=item * PKCS#8 encrypted private keys
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIGHMEsGCSqGSIb3DQEFDTA+MCkGCSqGSIb3DQEFDDAcBAiS0NOFZmjJswICCAAw
DAYIKoZIhvcNAgkFADARBgUrDgMCBwQIGd40Hdso8Y4EONSRCTrqvftl9hl3zbH9
2QmHF1KJ4HDMdLDRxD7EynonCw2SV7BO+XNRHzw2yONqiTybfte7nk9t
-----END ENCRYPTED PRIVATE KEY-----
=item * X25519 private keys in JSON Web Key (JWK) format
See L<https://tools.ietf.org/html/rfc8037>
{
"kty":"OKP",
"crv":"X25519",
"x":"6ngG9yGoVwUSyPbvtOjWIMSaUp5N9eqnfexkb7HofkE",
"d":"AC-T0Qulco2N2OlSdyHaujJhwLsb7957S72sYx1FRlE",
}
B<BEWARE:> For JWK support you need to have L<JSON::PP>, L<JSON::XS> or L<Cpanel::JSON::XS> module.
=item * X25519 public keys in JSON Web Key (JWK) format
{
"kty":"OKP",
"crv":"X25519",
"x":"6ngG9yGoVwUSyPbvtOjWIMSaUp5N9eqnfexkb7HofkE",
}
B<BEWARE:> For JWK support you need to have L<JSON::PP>, L<JSON::XS> or L<Cpanel::JSON::XS> module.
=back
=head2 import_key_raw
Import raw public/private key - can load raw key data exported by L</export_key_raw>.
$pk->import_key_raw($key, 'public');
$pk->import_key_raw($key, 'private');
=head2 export_key_der
my $private_der = $pk->export_key_der('private');
#or
my $public_der = $pk->export_key_der('public');
=head2 export_key_pem
my $private_pem = $pk->export_key_pem('private');
#or
my $public_pem = $pk->export_key_pem('public');
Support for password protected PEM keys
my $private_pem = $pk->export_key_pem('private', $password);
#or
my $private_pem = $pk->export_key_pem('private', $password, $cipher);
# supported ciphers: 'DES-CBC'
# 'DES-EDE3-CBC'
# 'SEED-CBC'
# 'CAMELLIA-128-CBC'
# 'CAMELLIA-192-CBC'
# 'CAMELLIA-256-CBC'
# 'AES-128-CBC'
# 'AES-192-CBC'
# 'AES-256-CBC' (DEFAULT)
=head2 export_key_jwk
Exports public/private keys as a JSON Web Key (JWK).
my $private_json_text = $pk->export_key_jwk('private');
#or
my $public_json_text = $pk->export_key_jwk('public');
Also exports public/private keys as a perl HASH with JWK structure.
my $jwk_hash = $pk->export_key_jwk('private', 1);
#or
my $jwk_hash = $pk->export_key_jwk('public', 1);
B<BEWARE:> For JWK support you need to have L<JSON::PP>, L<JSON::XS> or L<Cpanel::JSON::XS> module.
=head2 export_key_raw
Export raw public/private key
my $private_bytes = $pk->export_key_raw('private');
#or
my $public_bytes = $pk->export_key_raw('public');
=head2 shared_secret
# Alice having her priv key $pk and Bob's public key $pkb
my $pk = Crypt::PK::X25519->new($priv_key_filename);
my $pkb = Crypt::PK::X25519->new($pub_key_filename);
my $shared_secret = $pk->shared_secret($pkb);
# Bob having his priv key $pk and Alice's public key $pka
my $pk = Crypt::PK::X25519->new($priv_key_filename);
my $pka = Crypt::PK::X25519->new($pub_key_filename);
my $shared_secret = $pk->shared_secret($pka); # same value as computed by Alice
=head2 is_private
my $rv = $pk->is_private;
# 1 .. private key loaded
# 0 .. public key loaded
# undef .. no key loaded
=head2 key2hash
my $hash = $pk->key2hash;
# returns hash like this (or undef if no key loaded):
{
curve => "x25519",
# raw public key as a hexadecimal string
pub => "EA7806F721A8570512C8F6EFB4E8D620C49A529E4DF5EAA77DEC646FB1E87E41",
# raw private key as a hexadecimal string. undef if key is public only
priv => "002F93D10BA5728D8DD8E9527721DABA3261C0BB1BEFDE7B4BBDAC631D454651",
}
=head1 SEE ALSO
=over
=item * L<https://en.wikipedia.org/wiki/Curve25519>
=item * L<https://tools.ietf.org/html/rfc7748>
=back
=cut