File Coverage

blib/lib/Crypt/PK/RSA.pm

Criterion	Covered	Total	%
statement	81	118	68.6
branch	41	88	46.5
condition	7	58	12.0
subroutine	16	19	84.2
pod	11	11	100.0
total	156	294	53.0

line	stmt	bran	cond	sub	pod	time	code
1							package Crypt::PK::RSA;
2
3	7			7		682363	use strict;
	7					46
	7					364
4	7			7		69	use warnings;
	7					14
	7					1240
5							our $VERSION = '0.087';
6
7							require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
8							our %EXPORT_TAGS = ( all => [qw(rsa_encrypt rsa_decrypt rsa_sign_message rsa_verify_message rsa_sign_hash rsa_verify_hash)] );
9							our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
10							our @EXPORT = qw();
11
12	7			7		48	use Carp;
	7					14
	7					683
13							$Carp::Internal{(__PACKAGE__)}++;
14	7			7		2640	use CryptX;
	7					18
	7					318
15	7			7		2844	use Crypt::Digest qw(digest_data digest_data_b64u);
	7					16
	7					606
16	7			7		2847	use Crypt::Misc qw(read_rawfile encode_b64u decode_b64u encode_b64 decode_b64 pem_to_der der_to_pem);
	7					20
	7					782
17	7			7		2482	use Crypt::PK;
	7					20
	7					20666
18
19							sub new {
20	107			107	1	1874514	my $self = shift->_new();
21	107	100				1567	return @_ > 0 ? $self->import_key(@_) : $self;
22							}
23
24							sub export_key_pem {
25	3			3	1	427107	my ($self, $type, $password, $cipher) = @_;
26	3					21	local $SIG{__DIE__} = \&CryptX::_croak;
27	3		50			286	my $key = $self->export_key_der($type\|\|'');
28	3	50				12	return unless $key;
29
30							# PKCS#1 RSAPrivateKey** (PEM header: BEGIN RSA PRIVATE KEY)
31							# PKCS#8 PrivateKeyInfo* (PEM header: BEGIN PRIVATE KEY)
32							# PKCS#8 EncryptedPrivateKeyInfo** (PEM header: BEGIN ENCRYPTED PRIVATE KEY)
33	3	100				16	return der_to_pem($key, "RSA PRIVATE KEY", $password, $cipher) if $type eq 'private';
34
35							# PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY)
36	2	100				11	return der_to_pem($key, "RSA PUBLIC KEY") if $type eq 'public';
37							# X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY)
38	1	50				8	return der_to_pem($key, "PUBLIC KEY") if $type eq 'public_x509';
39							}
40
41							sub export_key_jwk {
42	0			0	1	0	my ($self, $type, $wanthash) = @_;
43	0					0	local $SIG{__DIE__} = \&CryptX::_croak;
44	0					0	my $kh = $self->key2hash;
45	0	0				0	if ($type eq 'private') {
		0
46	0	0	0			0	return unless $kh->{N} && $kh->{e} && $kh->{d} && $kh->{p} && $kh->{q} && $kh->{dP} && $kh->{dQ} && $kh->{qP};
			0
			0
			0
			0
			0
			0
47	0					0	for (qw/N e d p q dP dQ qP/) {
48	0	0				0	$kh->{$_} = "0$kh->{$_}" if length($kh->{$_}) % 2;
49							}
50							my $hash = {
51							kty => "RSA",
52							n => encode_b64u(pack("H*", $kh->{N})),
53							e => encode_b64u(pack("H*", $kh->{e})),
54							d => encode_b64u(pack("H*", $kh->{d})),
55							p => encode_b64u(pack("H*", $kh->{p})),
56							q => encode_b64u(pack("H*", $kh->{q})),
57							dp => encode_b64u(pack("H*", $kh->{dP})),
58							dq => encode_b64u(pack("H*", $kh->{dQ})),
59	0					0	qi => encode_b64u(pack("H*", $kh->{qP})),
60							};
61	0	0				0	return $wanthash ? $hash : CryptX::_encode_json($hash);
62							}
63							elsif ($type eq 'public') {
64	0	0	0			0	return unless $kh->{N} && $kh->{e};
65	0					0	for (qw/N e/) {
66	0	0				0	$kh->{$_} = "0$kh->{$_}" if length($kh->{$_}) % 2;
67							}
68							my $hash = {
69							kty => "RSA",
70							n => encode_b64u(pack("H*", $kh->{N})),
71	0					0	e => encode_b64u(pack("H*", $kh->{e})),
72							};
73	0	0				0	return $wanthash ? $hash : CryptX::_encode_json($hash);
74							}
75							}
76
77							sub export_key_jwk_thumbprint {
78	0			0	1	0	my ($self, $hash_name) = @_;
79	0					0	local $SIG{__DIE__} = \&CryptX::_croak;
80	0		0			0	$hash_name \|\|= 'SHA256';
81	0					0	my $h = $self->export_key_jwk('public', 1);
82	0					0	my $json = CryptX::_encode_json({kty=>$h->{kty}, n=>$h->{n}, e=>$h->{e}});
83	0					0	return digest_data_b64u($hash_name, $json);
84							}
85
86							sub import_key {
87	168			168	1	336138	my ($self, $key, $password) = @_;
88	168					1132	local $SIG{__DIE__} = \&CryptX::_croak;
89	168	50				720	croak "FATAL: undefined key" unless $key;
90
91							# special case
92	168	100				582	if (ref($key) eq 'HASH') {
93	1	50	33			8	if ($key->{N} && $key->{e}) {
94							# hash exported via key2hash
95	1					962	return $self->_import_hex($key->{N}, $key->{e}, $key->{d}, $key->{p}, $key->{q}, $key->{dP}, $key->{dQ}, $key->{qP});
96							}
97	0	0	0			0	if ($key->{n} && $key->{e} && $key->{kty} && $key->{kty} eq "RSA") {
			0
			0
98	0					0	$key = {%$key}; #make a copy so that the modifications below stay local
99
100							# hash with items corresponding to JSON Web Key (JWK)
101	0					0	for (qw/n e d p q dp dq qi/) {
102	0	0				0	$key->{$_} = eval { unpack("H*", decode_b64u($key->{$_})) } if exists $key->{$_};
	0					0
103							}
104	0					0	return $self->_import_hex($key->{n}, $key->{e}, $key->{d}, $key->{p}, $key->{q}, $key->{dp}, $key->{dq}, $key->{qi});
105							}
106	0					0	croak "FATAL: unexpected RSA key hash";
107							}
108
109	167					358	my $data;
110	167	100				3005	if (ref($key) eq 'SCALAR') {
		50
111	72					193	$data = $$key;
112							}
113							elsif (-f $key) {
114	95					471	$data = read_rawfile($key);
115							}
116							else {
117	0					0	croak "FATAL: non-existing file '$key'";
118							}
119	167	50				611	croak "FATAL: invalid key data" unless $data;
120
121	167	100				2428	if ($data =~ /-----BEGIN (RSA PUBLIC\|RSA PRIVATE\|PUBLIC\|PRIVATE\|ENCRYPTED PRIVATE) KEY-----(.+?)-----END (RSA PUBLIC\|RSA PRIVATE\|PUBLIC\|PRIVATE\|ENCRYPTED PRIVATE) KEY-----/s) {
		100
		100
		100
		50
		100
122	53					67129	return $self->_import_pem($data, $password);
123							}
124							elsif ($data =~ /-----BEGIN CERTIFICATE-----(.+?)-----END CERTIFICATE-----/s) {
125	1					101	return $self->_import_pem($data, undef);
126							}
127							elsif ($data =~ /-----BEGIN OPENSSH PRIVATE KEY-----(.+?)-----END OPENSSH PRIVATE KEY-----/s) {
128	12					1407059	return $self->_import_openssh($data, $password);
129							}
130							elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.+?)---- END SSH2 PUBLIC KEY ----/s) {
131	6					845	return $self->_import_openssh($data, undef);
132							}
133							elsif ($data =~ /^\s(\{.?\})\s*$/s) {
134							# JSON Web Key (JWK) - http://tools.ietf.org/html/draft-ietf-jose-json-web-key
135	0					0	my $json = "$1";
136	0					0	my $h = CryptX::_decode_json($json);
137	0	0	0			0	if ($h && $h->{kty} eq "RSA") {
138	0					0	for (qw/n e d p q dp dq qi/) {
139	0	0				0	$h->{$_} = eval { unpack("H*", decode_b64u($h->{$_})) } if exists $h->{$_};
	0					0
140							}
141	0	0	0			0	return $self->_import_hex($h->{n}, $h->{e}, $h->{d}, $h->{p}, $h->{q}, $h->{dp}, $h->{dq}, $h->{qi}) if $h->{n} && $h->{e};
142							}
143							}
144							elsif ($data =~ /ssh-rsa\s+(\S+)/) {
145	6					103	$data = decode_b64("$1");
146	6					109	my ($typ, $N, $e) = Crypt::PK::_ssh_parse($data);
147	6	50	33			2556	return $self->_import_hex(unpack("H", $e), unpack("H", $N)) if $typ && $e && $N && $typ eq 'ssh-rsa';
			33
			33
148							}
149							else {
150							# DER format
151	89		66			195	my $rv = eval { $self->_import($data) } \|\| eval { $self->_import_pkcs8($data, $password) } \|\| eval { $self->_import_x509($data) };
152	89	50				764	return $rv if $rv;
153							}
154
155	0					0	croak "FATAL: invalid or unsupported RSA key format";
156							}
157
158							### FUNCTIONS
159
160							sub rsa_encrypt {
161	1			1	1	1372	my $key = shift;
162	1					9	local $SIG{__DIE__} = \&CryptX::_croak;
163	1	50				9	$key = __PACKAGE__->new($key) unless ref $key;
164	1	50				7	carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
165	1					330	return $key->encrypt(@_);
166							}
167
168							sub rsa_decrypt {
169	1			1	1	409	my $key = shift;
170	1					7	local $SIG{__DIE__} = \&CryptX::_croak;
171	1	50				12	$key = __PACKAGE__->new($key) unless ref $key;
172	1	50				11	carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
173	1					9152	return $key->decrypt(@_);
174							}
175
176							sub rsa_sign_hash {
177	1			1	1	1499	my $key = shift;
178	1					7	local $SIG{__DIE__} = \&CryptX::_croak;
179	1	50				13	$key = __PACKAGE__->new($key) unless ref $key;
180	1	50				7	carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
181	1					9887	return $key->sign_hash(@_);
182							}
183
184							sub rsa_verify_hash {
185	1			1	1	628	my $key = shift;
186	1					8	local $SIG{__DIE__} = \&CryptX::_croak;
187	1	50				13	$key = __PACKAGE__->new($key) unless ref $key;
188	1	50				8	carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
189	1					417	return $key->verify_hash(@_);
190							}
191
192							sub rsa_sign_message {
193	1			1	1	1136	my $key = shift;
194	1					7	local $SIG{__DIE__} = \&CryptX::_croak;
195	1	50				16	$key = __PACKAGE__->new($key) unless ref $key;
196	1	50				6	carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
197	1					9286	return $key->sign_message(@_);
198							}
199
200							sub rsa_verify_message {
201	1			1	1	2594	my $key = shift;
202	1					9	local $SIG{__DIE__} = \&CryptX::_croak;
203	1	50				15	$key = __PACKAGE__->new($key) unless ref $key;
204	1	50				6	carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
205	1					429	return $key->verify_message(@_);
206							}
207
208	0			0			sub CLONE_SKIP { 1 } # prevent cloning
209
210							1;
211
212							=pod
213
214							=head1 NAME
215
216							Crypt::PK::RSA - Public key cryptography based on RSA
217
218							=head1 SYNOPSIS
219
220							### OO interface
221
222							#Encryption: Alice
223							my $pub = Crypt::PK::RSA->new('Bob_pub_rsa1.der');
224							my $ct = $pub->encrypt("secret message");
225							#
226							#Encryption: Bob (received ciphertext $ct)
227							my $priv = Crypt::PK::RSA->new('Bob_priv_rsa1.der');
228							my $pt = $priv->decrypt($ct);
229
230							#Signature: Alice
231							my $priv = Crypt::PK::RSA->new('Alice_priv_rsa1.der');
232							my $sig = $priv->sign_message($message);
233							#
234							#Signature: Bob (received $message + $sig)
235							my $pub = Crypt::PK::RSA->new('Alice_pub_rsa1.der');
236							$pub->verify_message($sig, $message) or die "ERROR";
237
238							#Key generation
239							my $pk = Crypt::PK::RSA->new();
240							$pk->generate_key(256, 65537);
241							my $private_der = $pk->export_key_der('private');
242							my $public_der = $pk->export_key_der('public');
243							my $private_pem = $pk->export_key_pem('private');
244							my $public_pem = $pk->export_key_pem('public');
245
246							### Functional interface
247
248							#Encryption: Alice
249							my $ct = rsa_encrypt('Bob_pub_rsa1.der', "secret message");
250							#Encryption: Bob (received ciphertext $ct)
251							my $pt = rsa_decrypt('Bob_priv_rsa1.der', $ct);
252
253							#Signature: Alice
254							my $sig = rsa_sign_message('Alice_priv_rsa1.der', $message);
255							#Signature: Bob (received $message + $sig)
256							rsa_verify_message('Alice_pub_rsa1.der', $sig, $message) or die "ERROR";
257
258							=head1 DESCRIPTION
259
260							The module provides a full featured RSA implementation.
261
262							=head1 METHODS
263
264							=head2 new
265
266							my $pk = Crypt::PK::RSA->new();
267							#or
268							my $pk = Crypt::PK::RSA->new($priv_or_pub_key_filename);
269							#or
270							my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_or_pub_key);
271
272							Support for password protected PEM keys
273
274							my $pk = Crypt::PK::RSA->new($priv_pem_key_filename, $password);
275							#or
276							my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_pem_key, $password);
277
278							=head2 generate_key
279
280							Uses Yarrow-based cryptographically strong random number generator seeded with
281							random data taken from C (UNIX) or C (Win32).
282
283							$pk->generate_key($size, $e);
284							# $size .. key size: 128-512 bytes (DEFAULT is 256)
285							# $e ..... exponent: 3, 17, 257 or 65537 (DEFAULT is 65537)
286
287							=head2 import_key
288
289							Loads private or public key in DER or PEM format.
290
291							$pk->import_key($priv_or_pub_key_filename);
292							#or
293							$pk->import_key(\$buffer_containing_priv_or_pub_key);
294
295							Support for password protected PEM keys
296
297							$pk->import_key($pem_filename, $password);
298							#or
299							$pk->import_key(\$buffer_containing_pem_key, $password);
300
301							Loading private or public keys form perl hash:
302
303							$pk->import_key($hashref);
304
305							# the $hashref is either a key exported via key2hash
306							$pk->import_key({
307							e => "10001", #public exponent
308							d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
309							N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
310							p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
311							q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
312							qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
313							dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param
314							dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param
315							});
316
317							# or a hash with items corresponding to JWK (JSON Web Key)
318							$pk->import_key({
319							{
320							kty => "RSA",
321							n => "0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
322							e => "AQAB",
323							d => "X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
324							p => "83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
325							q => "3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
326							dp => "G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
327							dq => "s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
328							qi => "GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
329							});
330
331							Supported key formats:
332
333							# all formats can be loaded from a file
334							my $pk = Crypt::PK::RSA->new($filename);
335
336							# or from a buffer containing the key
337							my $pk = Crypt::PK::RSA->new(\$buffer_with_key);
338
339							=over
340
341							=item * RSA public keys
342
343							-----BEGIN PUBLIC KEY-----
344							MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5
345							vEzAXpUOL9tDtdPUl96brIbbdMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7Vvb
346							VUjAn/2HHDDL0U1utqqlMJhaffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfK
347							B2uzcNq60sMIfp6siQIDAQAB
348							-----END PUBLIC KEY-----
349
350							=item * RSA private keys
351
352							-----BEGIN RSA PRIVATE KEY-----
353							MIICXQIBAAKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5vEzAXpUOL9tDtdPUl96brIbb
354							dMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7VvbVUjAn/2HHDDL0U1utqqlMJha
355							ffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfKB2uzcNq60sMIfp6siQIDAQAB
356							AoGBAI5+GgNcGQDYw9uF+t7FwxZM5sGZRJrbbEPyuvL+sDxKKW6voKCyHi4EJzaF
357							9jRZMDqgVJcsmUwjPPuMGBHHJ+MI5Zb3L0jbZkyx8u+U5gf88oy9eZmfGOjmHcMB
358							oCgzyoLmJETuyADg2onLanuY3jggFb3tq/jimKjO8xM2R6zhAkEA7uXWWyJI9cCN
359							zrVt5R5v6oosjZ4r5VILGMqBRLrzfTvH+WDMK6Rl/2MHE+YDeLajzunaM8qY2456
360							GTYEXQsIdQJBANXfMEtXocSdPtoVj3ME8Do/0r+ApgTdcDPCwXOzkmkEJW/UFMSn
361							b8CYF5G6sZQN9L5z3s2nvi55PaFV8Q0LMUUCQBh9GvIQm6YFbQPpeTBpZFOIgnSp
362							6BoDxPtvlryy5U7LF/6qO4OlwIbjYdBaXbS8FCKbujBg7jZjboSzEtNu1BkCQDGT
363							w0Yz0jQZn3A+fzpScr2N/fSWheWqz0+wXdfMUKw3YdZCe236wlUK7KvDc1a2xX1A
364							ru1NbTCoujikC3TSm2ECQQDKQshchJlZJmFv9vCFQlGCA/EX+4406xvOOiixbPYC
365							pIB4Ee2cmvEdAqSaOjrvgs5zvaCCFBO0MecPStCAxUX6
366							-----END RSA PRIVATE KEY-----
367
368							=item * RSA private keys in password protected PEM format
369
370							-----BEGIN RSA PRIVATE KEY-----
371							Proc-Type: 4,ENCRYPTED
372							DEK-Info: DES-EDE3-CBC,4D697440FF5AEF18
373
374							C09H49Gn99o8b8O2r4+Hqao4r3udvC+QSSfsk20sXatyuZSEmbhyqKAB+13NRj+3
375							KIsRTqnL9VkeibIGgLHuekOFKAqeSVZ0PmR4bGWEFxUPAYUvg9N9pIa6hGtNZG+y
376							TEpOAfFITb1pbHQhp3j8y7qmKc5kY5LrZSFE8WwA24NTG773E07wJgRxKDkXNGOl
377							kki6oYArNEps0DdtHFxzgdRg0+yaotXuFJRuC5V4YzKGG/oSRcgYyXKTwCndb3xt
378							aHgI2WprQAPg+qOpLABzoi7bEjCqbHWrwkvnAngylbim2Uyvw1e1xKnzlgIHU7pv
379							e/J+s00pTItfqW1IpY2mh4C9nkfkfVKBKaAv7jO0s6aPySATqsdlrzv2kpF6Ub4J
380							kgaZDOfZ4K3qkyAYVLWcQeDqg4glv9Ah2J05bTm4qrIMmthYnThyQlGvcjUfCMXs
381							0t+mEQbsRY7xKt0o6HzzvQlJ+JsFlLORoslAubJX9iLqpEdnlrj1lD9bo6uIClZ5
382							5+aoLcAyz1D4OsauuP5i8VFu+Is+QG4SN/vHVuArjkqi3VpLwSAjNDY+KWbq042l
383							CqlM2mwm6FIGUZQFxiLHJD7WDmk1xmae++m+XG9CEDTfrUQ5v+l0O6BTrl80XUfU
384							w3gzAWbSjz3UK0FpKeABVFPE9fjNP9fTcS6qL5YJWBPflwxCAbVgsBOW4bOMpDGK
385							BJDQTeShWn4BlYCe/vgThI9ERdgZhRz4NcFeDgVA/CqQzVqptvz4PSqH46fqUN2n
386							4PtJgKE5cASYUBuAjlD71FecSVVM/OTzL1uxYzXBilzvVn2vSHgo9g==
387							-----END RSA PRIVATE KEY-----
388
389							=item * PKCS#8 encoded private keys
390
391							-----BEGIN PRIVATE KEY-----
392							MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANPN17xW4EkH5PXG
393							1i/i3rE1EXFcCHyxmz95VRBDs1p3MuYf9mxntbfYAmuzS3KrRWh3IyX/Eh80N/v9
394							OXPlwZbVqSTX+L3pCEJtRtsWn0zmswGThjMZiwle0oWuap63L35F1QN8EDaSPSBC
395							yGELNRr6rwVYq0w5b+LOcaCZ+/H1AgMBAAECgYEApfu3aGpww+rC3HUhX0+ckyTy
396							cXLdV9LbxidwqRlVEb0+DyfXNucjelp2sy5EHy3na9GJovo8mmWSxhCRGKliRkQ6
397							XgrEMZdCSaWI2AazuHAGlUJRFEVkvdla3AuBAn6y0YdDp/3kbg0yahmKyD8Gq74z
398							nUYbDL3R5JtR2Ad/KlUCQQDvSEICTHbO/BF7hVmlKRYZSNHKEPrv8X/OlppS14Kv
399							QRwc+CZ5+l6T1Y+l5cHJQUXrXZoWS1K741TXdUhjjUd7AkEA4pod804Ex8sttdWi
400							pHMfeyj+IbPAk5XnBc91jT7AYIeL8ccjtfl99xhMsGFaxrh3wA/4SGEvwzWkbxcq
401							H8G5TwJAKNG+0P2SVwURRm0dOdukdXPCtiHnbP9Zujhe4zr4hEUrMpXymmRntfh8
402							pORpBpgoAVraams3Fe5WDttnGfSD+QJAOOC6V9HjfUrQhG3FT0XeRwm5EDiQQ/tC
403							a8DxHqz7mL8tL1ju68ReC+G7jiJBqNOwqzLW/UP3uyYByiikWChGHQJAHUau7jIM
404							45ErO096n94Vh95p76ANxOroWszOt39TyvJOykIfoPwFagLrBWV9Jjos2/D54KE+
405							fyoy4t3yHT+/nw==
406							-----END PRIVATE KEY-----
407
408							=item * PKCS#8 encrypted private keys - password protected keys (supported since: CryptX-0.062)
409
410							-----BEGIN ENCRYPTED PRIVATE KEY-----
411							MIICojAcBgoqhkiG9w0BDAEDMA4ECCQk+Rr1yzzcAgIIAASCAoD/mgpUFjxxM/Ty
412							Yt+NeT0Fo4echgoGksqs6+rYhO16oshG664emZfkuNoFGGzJ38X6GVuqIXhlPnYQ
413							biKvL37dN/KnoGytFHq9Wnk8dDwjGHPtwajhW5WuIV3NuhW/AO1PF/cRZKFjWrPt
414							NWY5CrpfH6t6zojoe+5uyXpH29lQy4OqvSRdPIt/12UcB+tzV7XzSWEuXh8HAi8a
415							sYUu6tuCFnq4GrD2ffM4KWFmL5GqBAwN6m0KkyrNni9XT+RaA6zEhv/lVcwg2esa
416							4/EzRs0ixzzZDKaml8oCMl9RHtFAbQmdlfV7Ip4rGK9BwY6UFiDMIVru6HynOVQK
417							vvZ+j//bgO+3ubrv7psX+vC9Fy/MoH2Tc7MIwDN/QVTciPZlzjWBnBNxMfeFKtEn
418							d7NFiapgfLuRQIiDTMrW/clcqvO54NphxhrcgUEoxos4twKZARntqPZHtf8nEM2x
419							2sEF5kI65aEF/5Yy16qvP0vZAA2B1kcIdXZ8XLZCp4c3olhkIrmgUpo1gyFXdCoC
420							7dT5Cz7/YLkq5hkcFrtp4V9BZMR24fSttc4p24N5xuZ+JneGnGkLX6B+nJAtm9vw
421							bZA6P+23GI0qeMzL3HJXwCOTSsWfm/H9W5+2Zmw851aAmE+pZLni/pk3e3iNSWgs
422							946x/doA5O0uCFsU7oxme+WAIp2SjhxGoe808Lf1CCFMPboFi1O/E0NsX8SIEX+i
423							U+UHi4kxZqVkr3Q5SB/9kiSv8K1bE787yueQOT/dsTYYaMsjAbkEZo0o/47F32T6
424							A2ioXHOV/pr5zNHqE5tL+qKEcLYbAUF1O+WvmdqYz+vHQjRQBatAqTmncvLDYr/j
425							1HPwZX2d
426							-----END ENCRYPTED PRIVATE KEY-----
427
428							=item * RSA public key from X509 certificate
429
430							-----BEGIN CERTIFICATE-----
431							MIIC8zCCAdugAwIBAgIJAPi+LvMU3uGWMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV
432							BAMMBXBva3VzMB4XDTE3MDcxNDE0MTAyMFoXDTIwMDQwOTE0MTAyMFowEDEOMAwG
433							A1UEAwwFcG9rdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQima
434							SUIMIdz5uVevzcScbcj06xs1OLaFKUoPJ8v+xP6Ut61BQhAvc8GYuw2uRx223hZC
435							r3HYLfSdWIfmOIAtlL8cPYPVoSivJtpSGE6fBG1tlBjVgXWRmJGR/oxx6Y5QDwcB
436							Q4GZKga8TtHQoY5idZuatYOFZGfMIcIUC0Uoda+YSypnw7A90F/JvlpcTUh3Fnem
437							VinqEA6XOegU9dCZk/29sXqauBjbdGihh8DvpklOhY16eQoiR3909AywQ0KUmI+R
438							Sa9E8oIsmUDetFuXEvana+sD3y42tU+cd2nhBPRETbSXPcum0B3uF4yKgweuJy5D
439							cvtVQIFVkkh4+AWNAgMBAAGjUDBOMB0GA1UdDgQWBBSS6V5PVGyN92NoB0AVLcOb
440							pzR3SzAfBgNVHSMEGDAWgBSS6V5PVGyN92NoB0AVLcObpzR3SzAMBgNVHRMEBTAD
441							AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBIszrBjoJ39axsS6Btbvwvo8vAmgiSWsav
442							7AmjXOAwknHPaCcDmrdOys5POD0DNRwNeRsnxFiZ/UL8Vmj2JGDLgAw+/v32MwfX
443							Ig7m+oIbO8KqDzlYvS5kd3suJ5C21hHy1/JUtfofZLovZH7ZRzhTAoRvCYaodW90
444							2o8ZqmyCdcXPzjFmoJ2xYzs/Sf8/E1cHfb+4HjOpeRnKxDvG0gwWzcsXpUrw2pNO
445							Oztj6Rd0THNrf/anIeYVtAHX4aqZA8Kbv2TyJd+9g78usFw1cn+8vfmilm6Pn0DQ
446							a+I5GyGd7BJI8wYuWqIStzvrJHbQQaNrSk7hgjWYiYlcsPh6w2QP
447							-----END CERTIFICATE-----
448
449							=item * SSH public RSA keys
450
451							ssh-rsa AAAAB3NzaC1yc2EAAAADAQA...6mdYs5iJNGu/ltUdc=
452
453							=item * SSH public RSA keys (RFC-4716 format)
454
455							---- BEGIN SSH2 PUBLIC KEY ----
456							Comment: "768-bit RSA, converted from OpenSSH"
457							AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6x
458							D/DzKem8761GdCpqsLrGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+
459							L26mdYs5iJNGu/ltUdc=
460							---- END SSH2 PUBLIC KEY ----
461
462							=item * RSA private keys in JSON Web Key (JWK) format
463
464							See L
465
466							{
467							"kty":"RSA",
468							"n":"0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
469							"e":"AQAB",
470							"d":"X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
471							"p":"83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
472							"q":"3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
473							"dp":"G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
474							"dq":"s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
475							"qi":"GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
476							}
477
478							B For JWK support you need to have L module installed.
479
480							=item * RSA public keys in JSON Web Key (JWK) format
481
482							{
483							"kty":"RSA",
484							"n": "0vx7agoebGcQSuuPiLJXZp...tN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECP",
485							"e":"AQAB",
486							}
487
488							B For JWK support you need to have L module installed.
489
490							=back
491
492							=head2 export_key_der
493
494							my $private_der = $pk->export_key_der('private');
495							#or
496							my $public_der = $pk->export_key_der('public');
497
498							=head2 export_key_pem
499
500							my $private_pem = $pk->export_key_pem('private');
501							#or
502							my $public_pem = $pk->export_key_pem('public');
503							#or
504							my $public_pem = $pk->export_key_pem('public_x509');
505
506							With parameter C<'public'> uses header and footer lines:
507
508							-----BEGIN RSA PUBLIC KEY------
509							-----END RSA PUBLIC KEY------
510
511							With parameter C<'public_x509'> uses header and footer lines:
512
513							-----BEGIN PUBLIC KEY------
514							-----END PUBLIC KEY------
515
516							Support for password protected PEM keys
517
518							my $private_pem = $pk->export_key_pem('private', $password);
519							#or
520							my $private_pem = $pk->export_key_pem('private', $password, $cipher);
521
522							# supported ciphers: 'DES-CBC'
523							# 'DES-EDE3-CBC'
524							# 'SEED-CBC'
525							# 'CAMELLIA-128-CBC'
526							# 'CAMELLIA-192-CBC'
527							# 'CAMELLIA-256-CBC'
528							# 'AES-128-CBC'
529							# 'AES-192-CBC'
530							# 'AES-256-CBC' (DEFAULT)
531
532							=head2 export_key_jwk
533
534							I
535
536							Exports public/private keys as a JSON Web Key (JWK).
537
538							my $private_json_text = $pk->export_key_jwk('private');
539							#or
540							my $public_json_text = $pk->export_key_jwk('public');
541
542							Also exports public/private keys as a perl HASH with JWK structure.
543
544							my $jwk_hash = $pk->export_key_jwk('private', 1);
545							#or
546							my $jwk_hash = $pk->export_key_jwk('public', 1);
547
548							B For JWK support you need to have L module installed.
549
550							=head2 export_key_jwk_thumbprint
551
552							I
553
554							Exports the key's JSON Web Key Thumbprint as a string.
555
556							If you don't know what this is, see RFC 7638 L.
557
558							my $thumbprint = $pk->export_key_jwk_thumbprint('SHA256');
559
560							=head2 encrypt
561
562							my $pk = Crypt::PK::RSA->new($pub_key_filename);
563							my $ct = $pk->encrypt($message);
564							#or
565							my $ct = $pk->encrypt($message, $padding);
566							#or
567							my $ct = $pk->encrypt($message, 'oaep', $hash_name, $lparam);
568
569							# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
570							# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
571							# $lparam (only for oaep) ..... DEFAULT is empty string
572
573							=head2 decrypt
574
575							my $pk = Crypt::PK::RSA->new($priv_key_filename);
576							my $pt = $pk->decrypt($ciphertext);
577							#or
578							my $pt = $pk->decrypt($ciphertext, $padding);
579							#or
580							my $pt = $pk->decrypt($ciphertext, 'oaep', $hash_name, $lparam);
581
582							# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
583							# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
584							# $lparam (only for oaep) ..... DEFAULT is empty string
585
586							=head2 sign_message
587
588							my $pk = Crypt::PK::RSA->new($priv_key_filename);
589							my $signature = $priv->sign_message($message);
590							#or
591							my $signature = $priv->sign_message($message, $hash_name);
592							#or
593							my $signature = $priv->sign_message($message, $hash_name, $padding);
594							#or
595							my $signature = $priv->sign_message($message, $hash_name, 'pss', $saltlen);
596
597							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
598							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
599							# $saltlen (only for pss) .. DEFAULT is 12
600
601							=head2 verify_message
602
603							my $pk = Crypt::PK::RSA->new($pub_key_filename);
604							my $valid = $pub->verify_message($signature, $message);
605							#or
606							my $valid = $pub->verify_message($signature, $message, $hash_name);
607							#or
608							my $valid = $pub->verify_message($signature, $message, $hash_name, $padding);
609							#or
610							my $valid = $pub->verify_message($signature, $message, $hash_name, 'pss', $saltlen);
611
612							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
613							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
614							# $saltlen (only for pss) .. DEFAULT is 12
615
616							=head2 sign_hash
617
618							my $pk = Crypt::PK::RSA->new($priv_key_filename);
619							my $signature = $priv->sign_hash($message_hash);
620							#or
621							my $signature = $priv->sign_hash($message_hash, $hash_name);
622							#or
623							my $signature = $priv->sign_hash($message_hash, $hash_name, $padding);
624							#or
625							my $signature = $priv->sign_hash($message_hash, $hash_name, 'pss', $saltlen);
626
627							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
628							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
629							# $saltlen (only for pss) .. DEFAULT is 12
630
631							=head2 verify_hash
632
633							my $pk = Crypt::PK::RSA->new($pub_key_filename);
634							my $valid = $pub->verify_hash($signature, $message_hash);
635							#or
636							my $valid = $pub->verify_hash($signature, $message_hash, $hash_name);
637							#or
638							my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, $padding);
639							#or
640							my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, 'pss', $saltlen);
641
642							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
643							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
644							# $saltlen (only for pss) .. DEFAULT is 12
645
646							=head2 is_private
647
648							my $rv = $pk->is_private;
649							# 1 .. private key loaded
650							# 0 .. public key loaded
651							# undef .. no key loaded
652
653							=head2 size
654
655							my $size = $pk->size;
656							# returns key size in bytes or undef if no key loaded
657
658							=head2 key2hash
659
660							my $hash = $pk->key2hash;
661
662							# returns hash like this (or undef if no key loaded):
663							{
664							type => 1, # integer: 1 .. private, 0 .. public
665							size => 256, # integer: key size in bytes
666							# all the rest are hex strings
667							e => "10001", #public exponent
668							d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
669							N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
670							p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
671							q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
672							qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
673							dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param
674							dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param
675							}
676
677							=head1 FUNCTIONS
678
679							=head2 rsa_encrypt
680
681							RSA based encryption. See method L below.
682
683							my $ct = rsa_encrypt($pub_key_filename, $message);
684							#or
685							my $ct = rsa_encrypt(\$buffer_containing_pub_key, $message);
686							#or
687							my $ct = rsa_encrypt($pub_key, $message, $padding);
688							#or
689							my $ct = rsa_encrypt($pub_key, $message, 'oaep', $hash_name, $lparam);
690
691							# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
692							# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
693							# $lparam (only for oaep) ..... DEFAULT is empty string
694
695							=head2 rsa_decrypt
696
697							RSA based decryption. See method L below.
698
699							my $pt = rsa_decrypt($priv_key_filename, $ciphertext);
700							#or
701							my $pt = rsa_decrypt(\$buffer_containing_priv_key, $ciphertext);
702							#or
703							my $pt = rsa_decrypt($priv_key, $ciphertext, $padding);
704							#or
705							my $pt = rsa_decrypt($priv_key, $ciphertext, 'oaep', $hash_name, $lparam);
706
707							# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
708							# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
709							# $lparam (only for oaep) ..... DEFAULT is empty string
710
711							=head2 rsa_sign_message
712
713							Generate RSA signature. See method L below.
714
715							my $sig = rsa_sign_message($priv_key_filename, $message);
716							#or
717							my $sig = rsa_sign_message(\$buffer_containing_priv_key, $message);
718							#or
719							my $sig = rsa_sign_message($priv_key, $message, $hash_name);
720							#or
721							my $sig = rsa_sign_message($priv_key, $message, $hash_name, $padding);
722							#or
723							my $sig = rsa_sign_message($priv_key, $message, $hash_name, 'pss', $saltlen);
724
725							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
726							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
727							# $saltlen (only for pss) .. DEFAULT is 12
728
729							=head2 rsa_verify_message
730
731							Verify RSA signature. See method L below.
732
733							rsa_verify_message($pub_key_filename, $signature, $message) or die "ERROR";
734							#or
735							rsa_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR";
736							#or
737							rsa_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";
738							#or
739							rsa_verify_message($pub_key, $signature, $message, $hash_name, $padding) or die "ERROR";
740							#or
741							rsa_verify_message($pub_key, $signature, $message, $hash_name, 'pss', $saltlen) or die "ERROR";
742
743							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
744							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
745							# $saltlen (only for pss) .. DEFAULT is 12
746
747							=head2 rsa_sign_hash
748
749							Generate RSA signature. See method L below.
750
751							my $sig = rsa_sign_hash($priv_key_filename, $message_hash);
752							#or
753							my $sig = rsa_sign_hash(\$buffer_containing_priv_key, $message_hash);
754							#or
755							my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name);
756							#or
757							my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, $padding);
758							#or
759							my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, 'pss', $saltlen);
760
761							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
762							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
763							# $saltlen (only for pss) .. DEFAULT is 12
764
765							=head2 rsa_verify_hash
766
767							Verify RSA signature. See method L below.
768
769							rsa_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR";
770							#or
771							rsa_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";
772							#or
773							rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name) or die "ERROR";
774							#or
775							rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, $padding) or die "ERROR";
776							#or
777							rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, 'pss', $saltlen) or die "ERROR";
778
779							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
780							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
781							# $saltlen (only for pss) .. DEFAULT is 12
782
783							=head1 OpenSSL interoperability
784
785							### let's have:
786							# RSA private key in PEM format - rsakey.priv.pem
787							# RSA public key in PEM format - rsakey.pub.pem
788							# data file to be signed or encrypted - input.data
789
790							=head2 Encrypt by OpenSSL, decrypt by Crypt::PK::RSA
791
792							Create encrypted file (from commandline):
793
794							openssl rsautl -encrypt -inkey rsakey.pub.pem -pubin -out input.encrypted.rsa -in input.data
795
796							Decrypt file (Perl code):
797
798							use Crypt::PK::RSA;
799							use Crypt::Misc 'read_rawfile';
800
801							my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem");
802							my $encfile = read_rawfile("input.encrypted.rsa");
803							my $plaintext = $pkrsa->decrypt($encfile, 'v1.5');
804							print $plaintext;
805
806							=head2 Encrypt by Crypt::PK::RSA, decrypt by OpenSSL
807
808							Create encrypted file (Perl code):
809
810							use Crypt::PK::RSA;
811							use Crypt::Misc 'write_rawfile';
812
813							my $plaintext = 'secret message';
814							my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem");
815							my $encrypted = $pkrsa->encrypt($plaintext, 'v1.5');
816							write_rawfile("input.encrypted.rsa", $encrypted);
817
818							Decrypt file (from commandline):
819
820							openssl rsautl -decrypt -inkey rsakey.priv.pem -in input.encrypted.rsa
821
822							=head2 Sign by OpenSSL, verify by Crypt::PK::RSA
823
824							Create signature (from commandline):
825
826							openssl dgst -sha1 -sign rsakey.priv.pem -out input.sha1-rsa.sig input.data
827
828							Verify signature (Perl code):
829
830							use Crypt::PK::RSA;
831							use Crypt::Digest 'digest_file';
832							use Crypt::Misc 'read_rawfile';
833
834							my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem");
835							my $signature = read_rawfile("input.sha1-rsa.sig");
836							my $valid = $pkrsa->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5");
837							print $valid ? "SUCCESS" : "FAILURE";
838
839							=head2 Sign by Crypt::PK::RSA, verify by OpenSSL
840
841							Create signature (Perl code):
842
843							use Crypt::PK::RSA;
844							use Crypt::Digest 'digest_file';
845							use Crypt::Misc 'write_rawfile';
846
847							my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem");
848							my $signature = $pkrsa->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5");
849							write_rawfile("input.sha1-rsa.sig", $signature);
850
851							Verify signature (from commandline):
852
853							openssl dgst -sha1 -verify rsakey.pub.pem -signature input.sha1-rsa.sig input.data
854
855							=head2 Keys generated by Crypt::PK::RSA
856
857							Generate keys (Perl code):
858
859							use Crypt::PK::RSA;
860							use Crypt::Misc 'write_rawfile';
861
862							my $pkrsa = Crypt::PK::RSA->new;
863							$pkrsa->generate_key(256, 65537);
864							write_rawfile("rsakey.pub.der", $pkrsa->export_key_der('public'));
865							write_rawfile("rsakey.priv.der", $pkrsa->export_key_der('private'));
866							write_rawfile("rsakey.pub.pem", $pkrsa->export_key_pem('public_x509'));
867							write_rawfile("rsakey.priv.pem", $pkrsa->export_key_pem('private'));
868							write_rawfile("rsakey-passwd.priv.pem", $pkrsa->export_key_pem('private', 'secret'));
869
870							Use keys by OpenSSL:
871
872							openssl rsa -in rsakey.priv.der -text -inform der
873							openssl rsa -in rsakey.priv.pem -text
874							openssl rsa -in rsakey-passwd.priv.pem -text -inform pem -passin pass:secret
875							openssl rsa -in rsakey.pub.der -pubin -text -inform der
876							openssl rsa -in rsakey.pub.pem -pubin -text
877
878							=head2 Keys generated by OpenSSL
879
880							Generate keys:
881
882							openssl genrsa -out rsakey.priv.pem 1024
883							openssl rsa -in rsakey.priv.pem -out rsakey.priv.der -outform der
884							openssl rsa -in rsakey.priv.pem -out rsakey.pub.pem -pubout
885							openssl rsa -in rsakey.priv.pem -out rsakey.pub.der -outform der -pubout
886							openssl rsa -in rsakey.priv.pem -passout pass:secret -des3 -out rsakey-passwd.priv.pem
887
888							Load keys (Perl code):
889
890							use Crypt::PK::RSA;
891
892							my $pkrsa = Crypt::PK::RSA->new;
893							$pkrsa->import_key("rsakey.pub.der");
894							$pkrsa->import_key("rsakey.priv.der");
895							$pkrsa->import_key("rsakey.pub.pem");
896							$pkrsa->import_key("rsakey.priv.pem");
897							$pkrsa->import_key("rsakey-passwd.priv.pem", "secret");
898
899							=head1 SEE ALSO
900
901							=over
902
903							=item * L
904
905							=back
906
907							=cut