File Coverage

blib/lib/Crypt/PK/RSA.pm

Criterion	Covered	Total	%
statement	81	118	68.6
branch	41	88	46.5
condition	6	58	10.3
subroutine	16	19	84.2
pod	11	11	100.0
total	155	294	52.7

line	stmt	bran	cond	sub	pod	time	code
1							package Crypt::PK::RSA;
2
3	7			7		742283	use strict;
	7					17
	7					294
4	7			7		70	use warnings;
	7					14
	7					1278
5							our $VERSION = '0.087_001';
6
7							require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
8							our %EXPORT_TAGS = ( all => [qw(rsa_encrypt rsa_decrypt rsa_sign_message rsa_verify_message rsa_sign_hash rsa_verify_hash)] );
9							our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
10							our @EXPORT = qw();
11
12	7			7		55	use Carp;
	7					18
	7					684
13							$Carp::Internal{(__PACKAGE__)}++;
14	7			7		2903	use CryptX;
	7					18
	7					345
15	7			7		3180	use Crypt::Digest qw(digest_data digest_data_b64u);
	7					35
	7					567
16	7			7		2990	use Crypt::Misc qw(read_rawfile encode_b64u decode_b64u encode_b64 decode_b64 pem_to_der der_to_pem);
	7					23
	7					728
17	7			7		2592	use Crypt::PK;
	7					19
	7					15618
18
19							sub new {
20	107			107	1	1936264	my $self = shift->_new();
21	107	100				1561	return @_ > 0 ? $self->import_key(@_) : $self;
22							}
23
24							sub export_key_pem {
25	3			3	1	521346	my ($self, $type, $password, $cipher) = @_;
26	3					18	local $SIG{__DIE__} = \&CryptX::_croak;
27	3		50			310	my $key = $self->export_key_der($type\|\|'');
28	3	50				12	return unless $key;
29
30							# PKCS#1 RSAPrivateKey** (PEM header: BEGIN RSA PRIVATE KEY)
31							# PKCS#8 PrivateKeyInfo* (PEM header: BEGIN PRIVATE KEY)
32							# PKCS#8 EncryptedPrivateKeyInfo** (PEM header: BEGIN ENCRYPTED PRIVATE KEY)
33	3	100				16	return der_to_pem($key, "RSA PRIVATE KEY", $password, $cipher) if $type eq 'private';
34
35							# PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY)
36	2	100				12	return der_to_pem($key, "RSA PUBLIC KEY") if $type eq 'public';
37							# X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY)
38	1	50				7	return der_to_pem($key, "PUBLIC KEY") if $type eq 'public_x509';
39							}
40
41							sub export_key_jwk {
42	0			0	1	0	my ($self, $type, $wanthash) = @_;
43	0					0	local $SIG{__DIE__} = \&CryptX::_croak;
44	0					0	my $kh = $self->key2hash;
45	0	0				0	if ($type eq 'private') {
		0
46	0	0	0			0	return unless $kh->{N} && $kh->{e} && $kh->{d} && $kh->{p} && $kh->{q} && $kh->{dP} && $kh->{dQ} && $kh->{qP};
			0
			0
			0
			0
			0
			0
47	0					0	for (qw/N e d p q dP dQ qP/) {
48	0	0				0	$kh->{$_} = "0$kh->{$_}" if length($kh->{$_}) % 2;
49							}
50							my $hash = {
51							kty => "RSA",
52							n => encode_b64u(pack("H*", $kh->{N})),
53							e => encode_b64u(pack("H*", $kh->{e})),
54							d => encode_b64u(pack("H*", $kh->{d})),
55							p => encode_b64u(pack("H*", $kh->{p})),
56							q => encode_b64u(pack("H*", $kh->{q})),
57							dp => encode_b64u(pack("H*", $kh->{dP})),
58							dq => encode_b64u(pack("H*", $kh->{dQ})),
59	0					0	qi => encode_b64u(pack("H*", $kh->{qP})),
60							};
61	0	0				0	return $wanthash ? $hash : CryptX::_encode_json($hash);
62							}
63							elsif ($type eq 'public') {
64	0	0	0			0	return unless $kh->{N} && $kh->{e};
65	0					0	for (qw/N e/) {
66	0	0				0	$kh->{$_} = "0$kh->{$_}" if length($kh->{$_}) % 2;
67							}
68							my $hash = {
69							kty => "RSA",
70							n => encode_b64u(pack("H*", $kh->{N})),
71	0					0	e => encode_b64u(pack("H*", $kh->{e})),
72							};
73	0	0				0	return $wanthash ? $hash : CryptX::_encode_json($hash);
74							}
75							}
76
77							sub export_key_jwk_thumbprint {
78	0			0	1	0	my ($self, $hash_name) = @_;
79	0					0	local $SIG{__DIE__} = \&CryptX::_croak;
80	0		0			0	$hash_name \|\|= 'SHA256';
81	0					0	my $h = $self->export_key_jwk('public', 1);
82	0					0	my $json = CryptX::_encode_json({kty=>$h->{kty}, n=>$h->{n}, e=>$h->{e}});
83	0					0	return digest_data_b64u($hash_name, $json);
84							}
85
86							sub import_key {
87	168			168	1	362702	my ($self, $key, $password) = @_;
88	168					1109	local $SIG{__DIE__} = \&CryptX::_croak;
89	168	50				972	croak "FATAL: undefined key" unless $key;
90
91							# special case
92	168	100				624	if (ref($key) eq 'HASH') {
93	1	50	33			227	if ($key->{N} && $key->{e}) {
94							# hash exported via key2hash
95	1					182	return $self->_import_hex($key->{N}, $key->{e}, $key->{d}, $key->{p}, $key->{q}, $key->{dP}, $key->{dQ}, $key->{qP});
96							}
97	0	0	0			0	if ($key->{n} && $key->{e} && $key->{kty} && $key->{kty} eq "RSA") {
			0
			0
98	0					0	$key = {%$key}; #make a copy so that the modifications below stay local
99
100							# hash with items corresponding to JSON Web Key (JWK)
101	0					0	for (qw/n e d p q dp dq qi/) {
102	0	0				0	$key->{$_} = eval { unpack("H*", decode_b64u($key->{$_})) } if exists $key->{$_};
	0					0
103							}
104	0					0	return $self->_import_hex($key->{n}, $key->{e}, $key->{d}, $key->{p}, $key->{q}, $key->{dp}, $key->{dq}, $key->{qi});
105							}
106	0					0	croak "FATAL: unexpected RSA key hash";
107							}
108
109	167					340	my $data;
110	167	100				6681	if (ref($key) eq 'SCALAR') {
		50
111	72					190	$data = $$key;
112							}
113							elsif (-f $key) {
114	95					509	$data = read_rawfile($key);
115							}
116							else {
117	0					0	croak "FATAL: non-existing file '$key'";
118							}
119	167	50				673	croak "FATAL: invalid key data" unless $data;
120
121	167	100				2480	if ($data =~ /-----BEGIN (RSA PUBLIC\|RSA PRIVATE\|PUBLIC\|PRIVATE\|ENCRYPTED PRIVATE) KEY-----(.+?)-----END (RSA PUBLIC\|RSA PRIVATE\|PUBLIC\|PRIVATE\|ENCRYPTED PRIVATE) KEY-----/s) {
		100
		100
		100
		50
		100
122	53					75302	return $self->_import_pem($data, $password);
123							}
124							elsif ($data =~ /-----BEGIN CERTIFICATE-----(.+?)-----END CERTIFICATE-----/s) {
125	1					160	return $self->_import_pem($data, undef);
126							}
127							elsif ($data =~ /-----BEGIN OPENSSH PRIVATE KEY-----(.+?)-----END OPENSSH PRIVATE KEY-----/s) {
128	12					1360465	return $self->_import_openssh($data, $password);
129							}
130							elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.+?)---- END SSH2 PUBLIC KEY ----/s) {
131	6					761	return $self->_import_openssh($data, undef);
132							}
133							elsif ($data =~ /^\s(\{.?\})\s*$/s) {
134							# JSON Web Key (JWK) - http://tools.ietf.org/html/draft-ietf-jose-json-web-key
135	0					0	my $json = "$1";
136	0					0	my $h = CryptX::_decode_json($json);
137	0	0	0			0	if ($h && $h->{kty} eq "RSA") {
138	0					0	for (qw/n e d p q dp dq qi/) {
139	0	0				0	$h->{$_} = eval { unpack("H*", decode_b64u($h->{$_})) } if exists $h->{$_};
	0					0
140							}
141	0	0	0			0	return $self->_import_hex($h->{n}, $h->{e}, $h->{d}, $h->{p}, $h->{q}, $h->{dp}, $h->{dq}, $h->{qi}) if $h->{n} && $h->{e};
142							}
143							}
144							elsif ($data =~ /ssh-rsa\s+(\S+)/) {
145	6					98	$data = decode_b64("$1");
146	6					42	my ($typ, $N, $e) = Crypt::PK::_ssh_parse($data);
147	6	50	33			2601	return $self->_import_hex(unpack("H", $e), unpack("H", $N)) if $typ && $e && $N && $typ eq 'ssh-rsa';
			33
			33
148							}
149							else {
150							# DER format
151	89		33			212	my $rv = eval { $self->_import($data) } \|\| eval { $self->_import_pkcs8($data, $password) } \|\| eval { $self->_import_x509($data) };
152	89	50				857	return $rv if $rv;
153							}
154
155	0					0	croak "FATAL: invalid or unsupported RSA key format";
156							}
157
158							### FUNCTIONS
159
160							sub rsa_encrypt {
161	1			1	1	1283	my $key = shift;
162	1					8	local $SIG{__DIE__} = \&CryptX::_croak;
163	1	50				10	$key = __PACKAGE__->new($key) unless ref $key;
164	1	50				6	carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
165	1					346	return $key->encrypt(@_);
166							}
167
168							sub rsa_decrypt {
169	1			1	1	408	my $key = shift;
170	1					7	local $SIG{__DIE__} = \&CryptX::_croak;
171	1	50				12	$key = __PACKAGE__->new($key) unless ref $key;
172	1	50				6	carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
173	1					12660	return $key->decrypt(@_);
174							}
175
176							sub rsa_sign_hash {
177	1			1	1	433	my $key = shift;
178	1					7	local $SIG{__DIE__} = \&CryptX::_croak;
179	1	50				29	$key = __PACKAGE__->new($key) unless ref $key;
180	1	50				6	carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
181	1					10388	return $key->sign_hash(@_);
182							}
183
184							sub rsa_verify_hash {
185	1			1	1	1425	my $key = shift;
186	1					8	local $SIG{__DIE__} = \&CryptX::_croak;
187	1	50				23	$key = __PACKAGE__->new($key) unless ref $key;
188	1	50				13	carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
189	1					401	return $key->verify_hash(@_);
190							}
191
192							sub rsa_sign_message {
193	1			1	1	556	my $key = shift;
194	1					7	local $SIG{__DIE__} = \&CryptX::_croak;
195	1	50				15	$key = __PACKAGE__->new($key) unless ref $key;
196	1	50				8	carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
197	1					9505	return $key->sign_message(@_);
198							}
199
200							sub rsa_verify_message {
201	1			1	1	565	my $key = shift;
202	1					7	local $SIG{__DIE__} = \&CryptX::_croak;
203	1	50				14	$key = __PACKAGE__->new($key) unless ref $key;
204	1	50				6	carp "FATAL: invalid 'key' param" unless ref($key) eq __PACKAGE__;
205	1					447	return $key->verify_message(@_);
206							}
207
208	0			0			sub CLONE_SKIP { 1 } # prevent cloning
209
210							1;
211
212							=pod
213
214							=head1 NAME
215
216							Crypt::PK::RSA - Public key cryptography based on RSA
217
218							=head1 SYNOPSIS
219
220							### OO interface
221
222							#Encryption: Alice
223							my $pub = Crypt::PK::RSA->new('Bob_pub_rsa1.der');
224							my $ct = $pub->encrypt("secret message");
225							#
226							#Encryption: Bob (received ciphertext $ct)
227							my $priv = Crypt::PK::RSA->new('Bob_priv_rsa1.der');
228							my $pt = $priv->decrypt($ct);
229
230							#Signature: Alice
231							my $priv = Crypt::PK::RSA->new('Alice_priv_rsa1.der');
232							my $sig = $priv->sign_message($message);
233							#
234							#Signature: Bob (received $message + $sig)
235							my $pub = Crypt::PK::RSA->new('Alice_pub_rsa1.der');
236							$pub->verify_message($sig, $message) or die "ERROR";
237
238							#Key generation
239							my $pk = Crypt::PK::RSA->new();
240							$pk->generate_key(256, 65537);
241							my $private_der = $pk->export_key_der('private');
242							my $public_der = $pk->export_key_der('public');
243							my $private_pem = $pk->export_key_pem('private');
244							my $public_pem = $pk->export_key_pem('public');
245
246							### Functional interface
247
248							#Encryption: Alice
249							my $ct = rsa_encrypt('Bob_pub_rsa1.der', "secret message");
250							#Encryption: Bob (received ciphertext $ct)
251							my $pt = rsa_decrypt('Bob_priv_rsa1.der', $ct);
252
253							#Signature: Alice
254							my $sig = rsa_sign_message('Alice_priv_rsa1.der', $message);
255							#Signature: Bob (received $message + $sig)
256							rsa_verify_message('Alice_pub_rsa1.der', $sig, $message) or die "ERROR";
257
258							=head1 DESCRIPTION
259
260							The module provides a full featured RSA implementation.
261
262							=head1 METHODS
263
264							=head2 new
265
266							my $pk = Crypt::PK::RSA->new();
267							#or
268							my $pk = Crypt::PK::RSA->new($priv_or_pub_key_filename);
269							#or
270							my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_or_pub_key);
271
272							Support for password protected PEM keys
273
274							my $pk = Crypt::PK::RSA->new($priv_pem_key_filename, $password);
275							#or
276							my $pk = Crypt::PK::RSA->new(\$buffer_containing_priv_pem_key, $password);
277
278							=head2 generate_key
279
280							Uses Yarrow-based cryptographically strong random number generator seeded with
281							random data taken from C (UNIX) or C (Win32).
282
283							$pk->generate_key($size, $e);
284							# $size .. key size: 128-512 bytes (DEFAULT is 256)
285							# $e ..... exponent: 3, 17, 257 or 65537 (DEFAULT is 65537)
286
287							=head2 import_key
288
289							Loads private or public key in DER or PEM format.
290
291							$pk->import_key($priv_or_pub_key_filename);
292							#or
293							$pk->import_key(\$buffer_containing_priv_or_pub_key);
294
295							Support for password protected PEM keys
296
297							$pk->import_key($pem_filename, $password);
298							#or
299							$pk->import_key(\$buffer_containing_pem_key, $password);
300
301							Loading private or public keys form perl hash:
302
303							$pk->import_key($hashref);
304
305							# the $hashref is either a key exported via key2hash
306							$pk->import_key({
307							e => "10001", #public exponent
308							d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
309							N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
310							p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
311							q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
312							qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
313							dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param
314							dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param
315							});
316
317							# or a hash with items corresponding to JWK (JSON Web Key)
318							$pk->import_key({
319							{
320							kty => "RSA",
321							n => "0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
322							e => "AQAB",
323							d => "X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
324							p => "83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
325							q => "3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
326							dp => "G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
327							dq => "s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
328							qi => "GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
329							});
330
331							Supported key formats:
332
333							# all formats can be loaded from a file
334							my $pk = Crypt::PK::RSA->new($filename);
335
336							# or from a buffer containing the key
337							my $pk = Crypt::PK::RSA->new(\$buffer_with_key);
338
339							=over
340
341							=item * RSA public keys
342
343							-----BEGIN PUBLIC KEY-----
344							MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5
345							vEzAXpUOL9tDtdPUl96brIbbdMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7Vvb
346							VUjAn/2HHDDL0U1utqqlMJhaffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfK
347							B2uzcNq60sMIfp6siQIDAQAB
348							-----END PUBLIC KEY-----
349
350							=item * RSA private keys
351
352							-----BEGIN RSA PRIVATE KEY-----
353							MIICXQIBAAKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5vEzAXpUOL9tDtdPUl96brIbb
354							dMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7VvbVUjAn/2HHDDL0U1utqqlMJha
355							ffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfKB2uzcNq60sMIfp6siQIDAQAB
356							AoGBAI5+GgNcGQDYw9uF+t7FwxZM5sGZRJrbbEPyuvL+sDxKKW6voKCyHi4EJzaF
357							9jRZMDqgVJcsmUwjPPuMGBHHJ+MI5Zb3L0jbZkyx8u+U5gf88oy9eZmfGOjmHcMB
358							oCgzyoLmJETuyADg2onLanuY3jggFb3tq/jimKjO8xM2R6zhAkEA7uXWWyJI9cCN
359							zrVt5R5v6oosjZ4r5VILGMqBRLrzfTvH+WDMK6Rl/2MHE+YDeLajzunaM8qY2456
360							GTYEXQsIdQJBANXfMEtXocSdPtoVj3ME8Do/0r+ApgTdcDPCwXOzkmkEJW/UFMSn
361							b8CYF5G6sZQN9L5z3s2nvi55PaFV8Q0LMUUCQBh9GvIQm6YFbQPpeTBpZFOIgnSp
362							6BoDxPtvlryy5U7LF/6qO4OlwIbjYdBaXbS8FCKbujBg7jZjboSzEtNu1BkCQDGT
363							w0Yz0jQZn3A+fzpScr2N/fSWheWqz0+wXdfMUKw3YdZCe236wlUK7KvDc1a2xX1A
364							ru1NbTCoujikC3TSm2ECQQDKQshchJlZJmFv9vCFQlGCA/EX+4406xvOOiixbPYC
365							pIB4Ee2cmvEdAqSaOjrvgs5zvaCCFBO0MecPStCAxUX6
366							-----END RSA PRIVATE KEY-----
367
368							=item * RSA private keys in password protected PEM format
369
370							-----BEGIN RSA PRIVATE KEY-----
371							Proc-Type: 4,ENCRYPTED
372							DEK-Info: DES-EDE3-CBC,4D697440FF5AEF18
373
374							C09H49Gn99o8b8O2r4+Hqao4r3udvC+QSSfsk20sXatyuZSEmbhyqKAB+13NRj+3
375							KIsRTqnL9VkeibIGgLHuekOFKAqeSVZ0PmR4bGWEFxUPAYUvg9N9pIa6hGtNZG+y
376							TEpOAfFITb1pbHQhp3j8y7qmKc5kY5LrZSFE8WwA24NTG773E07wJgRxKDkXNGOl
377							kki6oYArNEps0DdtHFxzgdRg0+yaotXuFJRuC5V4YzKGG/oSRcgYyXKTwCndb3xt
378							aHgI2WprQAPg+qOpLABzoi7bEjCqbHWrwkvnAngylbim2Uyvw1e1xKnzlgIHU7pv
379							e/J+s00pTItfqW1IpY2mh4C9nkfkfVKBKaAv7jO0s6aPySATqsdlrzv2kpF6Ub4J
380							kgaZDOfZ4K3qkyAYVLWcQeDqg4glv9Ah2J05bTm4qrIMmthYnThyQlGvcjUfCMXs
381							0t+mEQbsRY7xKt0o6HzzvQlJ+JsFlLORoslAubJX9iLqpEdnlrj1lD9bo6uIClZ5
382							5+aoLcAyz1D4OsauuP5i8VFu+Is+QG4SN/vHVuArjkqi3VpLwSAjNDY+KWbq042l
383							CqlM2mwm6FIGUZQFxiLHJD7WDmk1xmae++m+XG9CEDTfrUQ5v+l0O6BTrl80XUfU
384							w3gzAWbSjz3UK0FpKeABVFPE9fjNP9fTcS6qL5YJWBPflwxCAbVgsBOW4bOMpDGK
385							BJDQTeShWn4BlYCe/vgThI9ERdgZhRz4NcFeDgVA/CqQzVqptvz4PSqH46fqUN2n
386							4PtJgKE5cASYUBuAjlD71FecSVVM/OTzL1uxYzXBilzvVn2vSHgo9g==
387							-----END RSA PRIVATE KEY-----
388
389							=item * PKCS#8 encoded private keys
390
391							-----BEGIN PRIVATE KEY-----
392							MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANPN17xW4EkH5PXG
393							1i/i3rE1EXFcCHyxmz95VRBDs1p3MuYf9mxntbfYAmuzS3KrRWh3IyX/Eh80N/v9
394							OXPlwZbVqSTX+L3pCEJtRtsWn0zmswGThjMZiwle0oWuap63L35F1QN8EDaSPSBC
395							yGELNRr6rwVYq0w5b+LOcaCZ+/H1AgMBAAECgYEApfu3aGpww+rC3HUhX0+ckyTy
396							cXLdV9LbxidwqRlVEb0+DyfXNucjelp2sy5EHy3na9GJovo8mmWSxhCRGKliRkQ6
397							XgrEMZdCSaWI2AazuHAGlUJRFEVkvdla3AuBAn6y0YdDp/3kbg0yahmKyD8Gq74z
398							nUYbDL3R5JtR2Ad/KlUCQQDvSEICTHbO/BF7hVmlKRYZSNHKEPrv8X/OlppS14Kv
399							QRwc+CZ5+l6T1Y+l5cHJQUXrXZoWS1K741TXdUhjjUd7AkEA4pod804Ex8sttdWi
400							pHMfeyj+IbPAk5XnBc91jT7AYIeL8ccjtfl99xhMsGFaxrh3wA/4SGEvwzWkbxcq
401							H8G5TwJAKNG+0P2SVwURRm0dOdukdXPCtiHnbP9Zujhe4zr4hEUrMpXymmRntfh8
402							pORpBpgoAVraams3Fe5WDttnGfSD+QJAOOC6V9HjfUrQhG3FT0XeRwm5EDiQQ/tC
403							a8DxHqz7mL8tL1ju68ReC+G7jiJBqNOwqzLW/UP3uyYByiikWChGHQJAHUau7jIM
404							45ErO096n94Vh95p76ANxOroWszOt39TyvJOykIfoPwFagLrBWV9Jjos2/D54KE+
405							fyoy4t3yHT+/nw==
406							-----END PRIVATE KEY-----
407
408							=item * PKCS#8 encrypted private keys - password protected keys (supported since: CryptX-0.062)
409
410							-----BEGIN ENCRYPTED PRIVATE KEY-----
411							MIICojAcBgoqhkiG9w0BDAEDMA4ECCQk+Rr1yzzcAgIIAASCAoD/mgpUFjxxM/Ty
412							Yt+NeT0Fo4echgoGksqs6+rYhO16oshG664emZfkuNoFGGzJ38X6GVuqIXhlPnYQ
413							biKvL37dN/KnoGytFHq9Wnk8dDwjGHPtwajhW5WuIV3NuhW/AO1PF/cRZKFjWrPt
414							NWY5CrpfH6t6zojoe+5uyXpH29lQy4OqvSRdPIt/12UcB+tzV7XzSWEuXh8HAi8a
415							sYUu6tuCFnq4GrD2ffM4KWFmL5GqBAwN6m0KkyrNni9XT+RaA6zEhv/lVcwg2esa
416							4/EzRs0ixzzZDKaml8oCMl9RHtFAbQmdlfV7Ip4rGK9BwY6UFiDMIVru6HynOVQK
417							vvZ+j//bgO+3ubrv7psX+vC9Fy/MoH2Tc7MIwDN/QVTciPZlzjWBnBNxMfeFKtEn
418							d7NFiapgfLuRQIiDTMrW/clcqvO54NphxhrcgUEoxos4twKZARntqPZHtf8nEM2x
419							2sEF5kI65aEF/5Yy16qvP0vZAA2B1kcIdXZ8XLZCp4c3olhkIrmgUpo1gyFXdCoC
420							7dT5Cz7/YLkq5hkcFrtp4V9BZMR24fSttc4p24N5xuZ+JneGnGkLX6B+nJAtm9vw
421							bZA6P+23GI0qeMzL3HJXwCOTSsWfm/H9W5+2Zmw851aAmE+pZLni/pk3e3iNSWgs
422							946x/doA5O0uCFsU7oxme+WAIp2SjhxGoe808Lf1CCFMPboFi1O/E0NsX8SIEX+i
423							U+UHi4kxZqVkr3Q5SB/9kiSv8K1bE787yueQOT/dsTYYaMsjAbkEZo0o/47F32T6
424							A2ioXHOV/pr5zNHqE5tL+qKEcLYbAUF1O+WvmdqYz+vHQjRQBatAqTmncvLDYr/j
425							1HPwZX2d
426							-----END ENCRYPTED PRIVATE KEY-----
427
428							=item * RSA public key from X509 certificate
429
430							-----BEGIN CERTIFICATE-----
431							MIIC8zCCAdugAwIBAgIJAPi+LvMU3uGWMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV
432							BAMMBXBva3VzMB4XDTE3MDcxNDE0MTAyMFoXDTIwMDQwOTE0MTAyMFowEDEOMAwG
433							A1UEAwwFcG9rdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQima
434							SUIMIdz5uVevzcScbcj06xs1OLaFKUoPJ8v+xP6Ut61BQhAvc8GYuw2uRx223hZC
435							r3HYLfSdWIfmOIAtlL8cPYPVoSivJtpSGE6fBG1tlBjVgXWRmJGR/oxx6Y5QDwcB
436							Q4GZKga8TtHQoY5idZuatYOFZGfMIcIUC0Uoda+YSypnw7A90F/JvlpcTUh3Fnem
437							VinqEA6XOegU9dCZk/29sXqauBjbdGihh8DvpklOhY16eQoiR3909AywQ0KUmI+R
438							Sa9E8oIsmUDetFuXEvana+sD3y42tU+cd2nhBPRETbSXPcum0B3uF4yKgweuJy5D
439							cvtVQIFVkkh4+AWNAgMBAAGjUDBOMB0GA1UdDgQWBBSS6V5PVGyN92NoB0AVLcOb
440							pzR3SzAfBgNVHSMEGDAWgBSS6V5PVGyN92NoB0AVLcObpzR3SzAMBgNVHRMEBTAD
441							AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBIszrBjoJ39axsS6Btbvwvo8vAmgiSWsav
442							7AmjXOAwknHPaCcDmrdOys5POD0DNRwNeRsnxFiZ/UL8Vmj2JGDLgAw+/v32MwfX
443							Ig7m+oIbO8KqDzlYvS5kd3suJ5C21hHy1/JUtfofZLovZH7ZRzhTAoRvCYaodW90
444							2o8ZqmyCdcXPzjFmoJ2xYzs/Sf8/E1cHfb+4HjOpeRnKxDvG0gwWzcsXpUrw2pNO
445							Oztj6Rd0THNrf/anIeYVtAHX4aqZA8Kbv2TyJd+9g78usFw1cn+8vfmilm6Pn0DQ
446							a+I5GyGd7BJI8wYuWqIStzvrJHbQQaNrSk7hgjWYiYlcsPh6w2QP
447							-----END CERTIFICATE-----
448
449							=item * SSH public RSA keys
450
451							ssh-rsa AAAAB3NzaC1yc2EAAAADAQA...6mdYs5iJNGu/ltUdc=
452
453							=item * SSH public RSA keys (RFC-4716 format)
454
455							---- BEGIN SSH2 PUBLIC KEY ----
456							Comment: "768-bit RSA, converted from OpenSSH"
457							AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6x
458							D/DzKem8761GdCpqsLrGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+
459							L26mdYs5iJNGu/ltUdc=
460							---- END SSH2 PUBLIC KEY ----
461
462							=item * RSA private keys in JSON Web Key (JWK) format
463
464							See L
465
466							{
467							"kty":"RSA",
468							"n":"0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
469							"e":"AQAB",
470							"d":"X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
471							"p":"83i-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
472							"q":"3dfOR9cuYq-0S-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
473							"dp":"G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
474							"dq":"s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
475							"qi":"GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I-pux_mHZG",
476							}
477
478							B For JWK support you need to have L module installed.
479
480							=item * RSA public keys in JSON Web Key (JWK) format
481
482							{
483							"kty":"RSA",
484							"n": "0vx7agoebGcQSuuPiLJXZp...tN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECP",
485							"e":"AQAB",
486							}
487
488							B For JWK support you need to have L module installed.
489
490							=back
491
492							=head2 export_key_der
493
494							my $private_der = $pk->export_key_der('private');
495							#or
496							my $public_der = $pk->export_key_der('public');
497
498							=head2 export_key_pem
499
500							my $private_pem = $pk->export_key_pem('private');
501							#or
502							my $public_pem = $pk->export_key_pem('public');
503							#or
504							my $public_pem = $pk->export_key_pem('public_x509');
505
506							With parameter C<'public'> uses header and footer lines:
507
508							-----BEGIN RSA PUBLIC KEY------
509							-----END RSA PUBLIC KEY------
510
511							With parameter C<'public_x509'> uses header and footer lines:
512
513							-----BEGIN PUBLIC KEY------
514							-----END PUBLIC KEY------
515
516							Support for password protected PEM keys
517
518							my $private_pem = $pk->export_key_pem('private', $password);
519							#or
520							my $private_pem = $pk->export_key_pem('private', $password, $cipher);
521
522							# supported ciphers: 'DES-CBC'
523							# 'DES-EDE3-CBC'
524							# 'SEED-CBC'
525							# 'CAMELLIA-128-CBC'
526							# 'CAMELLIA-192-CBC'
527							# 'CAMELLIA-256-CBC'
528							# 'AES-128-CBC'
529							# 'AES-192-CBC'
530							# 'AES-256-CBC' (DEFAULT)
531
532							=head2 export_key_jwk
533
534							I
535
536							Exports public/private keys as a JSON Web Key (JWK).
537
538							my $private_json_text = $pk->export_key_jwk('private');
539							#or
540							my $public_json_text = $pk->export_key_jwk('public');
541
542							Also exports public/private keys as a perl HASH with JWK structure.
543
544							my $jwk_hash = $pk->export_key_jwk('private', 1);
545							#or
546							my $jwk_hash = $pk->export_key_jwk('public', 1);
547
548							B For JWK support you need to have L module installed.
549
550							=head2 export_key_jwk_thumbprint
551
552							I
553
554							Exports the key's JSON Web Key Thumbprint as a string.
555
556							If you don't know what this is, see RFC 7638 L.
557
558							my $thumbprint = $pk->export_key_jwk_thumbprint('SHA256');
559
560							=head2 encrypt
561
562							my $pk = Crypt::PK::RSA->new($pub_key_filename);
563							my $ct = $pk->encrypt($message);
564							#or
565							my $ct = $pk->encrypt($message, $padding);
566							#or
567							my $ct = $pk->encrypt($message, 'oaep', $hash_name, $lparam);
568
569							# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
570							# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
571							# $lparam (only for oaep) ..... DEFAULT is empty string
572
573							=head2 decrypt
574
575							my $pk = Crypt::PK::RSA->new($priv_key_filename);
576							my $pt = $pk->decrypt($ciphertext);
577							#or
578							my $pt = $pk->decrypt($ciphertext, $padding);
579							#or
580							my $pt = $pk->decrypt($ciphertext, 'oaep', $hash_name, $lparam);
581
582							# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
583							# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
584							# $lparam (only for oaep) ..... DEFAULT is empty string
585
586							=head2 sign_message
587
588							my $pk = Crypt::PK::RSA->new($priv_key_filename);
589							my $signature = $priv->sign_message($message);
590							#or
591							my $signature = $priv->sign_message($message, $hash_name);
592							#or
593							my $signature = $priv->sign_message($message, $hash_name, $padding);
594							#or
595							my $signature = $priv->sign_message($message, $hash_name, 'pss', $saltlen);
596
597							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
598							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
599							# $saltlen (only for pss) .. DEFAULT is 12
600
601							=head2 verify_message
602
603							my $pk = Crypt::PK::RSA->new($pub_key_filename);
604							my $valid = $pub->verify_message($signature, $message);
605							#or
606							my $valid = $pub->verify_message($signature, $message, $hash_name);
607							#or
608							my $valid = $pub->verify_message($signature, $message, $hash_name, $padding);
609							#or
610							my $valid = $pub->verify_message($signature, $message, $hash_name, 'pss', $saltlen);
611
612							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
613							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
614							# $saltlen (only for pss) .. DEFAULT is 12
615
616							=head2 sign_hash
617
618							my $pk = Crypt::PK::RSA->new($priv_key_filename);
619							my $signature = $priv->sign_hash($message_hash);
620							#or
621							my $signature = $priv->sign_hash($message_hash, $hash_name);
622							#or
623							my $signature = $priv->sign_hash($message_hash, $hash_name, $padding);
624							#or
625							my $signature = $priv->sign_hash($message_hash, $hash_name, 'pss', $saltlen);
626							#or
627							my $signature = $priv->sign_hash($message_hash, $hash_name, 'pss', $saltlen, $mgf_hash_name);
628
629							# $hash_name ................. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
630							# $padding ................... 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
631							# $saltlen (pss only) ........ DEFAULT is 12
632							# $mgf_hash_name (pss only) .. MGF hash function name (DEFAULT: the $hash_name value)
633
634							=head2 verify_hash
635
636							my $pk = Crypt::PK::RSA->new($pub_key_filename);
637							my $valid = $pub->verify_hash($signature, $message_hash);
638							#or
639							my $valid = $pub->verify_hash($signature, $message_hash, $hash_name);
640							#or
641							my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, $padding);
642							#or
643							my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, 'pss', $saltlen);
644							#or
645							my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, 'pss', $saltlen, $mgf_hash_name);
646
647							# $hash_name ................. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
648							# $padding ................... 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
649							# $saltlen (pss only) ........ DEFAULT is 12
650							# $mgf_hash_name (pss only) .. MGF hash function name (DEFAULT: the $hash_name value)
651
652							=head2 is_private
653
654							my $rv = $pk->is_private;
655							# 1 .. private key loaded
656							# 0 .. public key loaded
657							# undef .. no key loaded
658
659							=head2 size
660
661							my $size = $pk->size;
662							# returns key size in bytes or undef if no key loaded
663
664							=head2 key2hash
665
666							my $hash = $pk->key2hash;
667
668							# returns hash like this (or undef if no key loaded):
669							{
670							type => 1, # integer: 1 .. private, 0 .. public
671							size => 256, # integer: key size in bytes
672							# all the rest are hex strings
673							e => "10001", #public exponent
674							d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
675							N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
676							p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
677							q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
678							qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
679							dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p - 1) CRT param
680							dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q - 1) CRT param
681							}
682
683							=head1 FUNCTIONS
684
685							=head2 rsa_encrypt
686
687							RSA based encryption. See method L below.
688
689							my $ct = rsa_encrypt($pub_key_filename, $message);
690							#or
691							my $ct = rsa_encrypt(\$buffer_containing_pub_key, $message);
692							#or
693							my $ct = rsa_encrypt($pub_key, $message, $padding);
694							#or
695							my $ct = rsa_encrypt($pub_key, $message, 'oaep', $hash_name, $lparam);
696
697							# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
698							# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
699							# $lparam (only for oaep) ..... DEFAULT is empty string
700
701							=head2 rsa_decrypt
702
703							RSA based decryption. See method L below.
704
705							my $pt = rsa_decrypt($priv_key_filename, $ciphertext);
706							#or
707							my $pt = rsa_decrypt(\$buffer_containing_priv_key, $ciphertext);
708							#or
709							my $pt = rsa_decrypt($priv_key, $ciphertext, $padding);
710							#or
711							my $pt = rsa_decrypt($priv_key, $ciphertext, 'oaep', $hash_name, $lparam);
712
713							# $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE)
714							# $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
715							# $lparam (only for oaep) ..... DEFAULT is empty string
716
717							=head2 rsa_sign_message
718
719							Generate RSA signature. See method L below.
720
721							my $sig = rsa_sign_message($priv_key_filename, $message);
722							#or
723							my $sig = rsa_sign_message(\$buffer_containing_priv_key, $message);
724							#or
725							my $sig = rsa_sign_message($priv_key, $message, $hash_name);
726							#or
727							my $sig = rsa_sign_message($priv_key, $message, $hash_name, $padding);
728							#or
729							my $sig = rsa_sign_message($priv_key, $message, $hash_name, 'pss', $saltlen);
730
731							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
732							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
733							# $saltlen (only for pss) .. DEFAULT is 12
734
735							=head2 rsa_verify_message
736
737							Verify RSA signature. See method L below.
738
739							rsa_verify_message($pub_key_filename, $signature, $message) or die "ERROR";
740							#or
741							rsa_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR";
742							#or
743							rsa_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";
744							#or
745							rsa_verify_message($pub_key, $signature, $message, $hash_name, $padding) or die "ERROR";
746							#or
747							rsa_verify_message($pub_key, $signature, $message, $hash_name, 'pss', $saltlen) or die "ERROR";
748
749							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
750							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
751							# $saltlen (only for pss) .. DEFAULT is 12
752
753							=head2 rsa_sign_hash
754
755							Generate RSA signature. See method L below.
756
757							my $sig = rsa_sign_hash($priv_key_filename, $message_hash);
758							#or
759							my $sig = rsa_sign_hash(\$buffer_containing_priv_key, $message_hash);
760							#or
761							my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name);
762							#or
763							my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, $padding);
764							#or
765							my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, 'pss', $saltlen);
766
767							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
768							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
769							# $saltlen (only for pss) .. DEFAULT is 12
770
771							=head2 rsa_verify_hash
772
773							Verify RSA signature. See method L below.
774
775							rsa_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR";
776							#or
777							rsa_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";
778							#or
779							rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name) or die "ERROR";
780							#or
781							rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, $padding) or die "ERROR";
782							#or
783							rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, 'pss', $saltlen) or die "ERROR";
784
785							# $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
786							# $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE)
787							# $saltlen (only for pss) .. DEFAULT is 12
788
789							=head1 OpenSSL interoperability
790
791							### let's have:
792							# RSA private key in PEM format - rsakey.priv.pem
793							# RSA public key in PEM format - rsakey.pub.pem
794							# data file to be signed or encrypted - input.data
795
796							=head2 Encrypt by OpenSSL, decrypt by Crypt::PK::RSA
797
798							Create encrypted file (from commandline):
799
800							openssl rsautl -encrypt -inkey rsakey.pub.pem -pubin -out input.encrypted.rsa -in input.data
801
802							Decrypt file (Perl code):
803
804							use Crypt::PK::RSA;
805							use Crypt::Misc 'read_rawfile';
806
807							my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem");
808							my $encfile = read_rawfile("input.encrypted.rsa");
809							my $plaintext = $pkrsa->decrypt($encfile, 'v1.5');
810							print $plaintext;
811
812							=head2 Encrypt by Crypt::PK::RSA, decrypt by OpenSSL
813
814							Create encrypted file (Perl code):
815
816							use Crypt::PK::RSA;
817							use Crypt::Misc 'write_rawfile';
818
819							my $plaintext = 'secret message';
820							my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem");
821							my $encrypted = $pkrsa->encrypt($plaintext, 'v1.5');
822							write_rawfile("input.encrypted.rsa", $encrypted);
823
824							Decrypt file (from commandline):
825
826							openssl rsautl -decrypt -inkey rsakey.priv.pem -in input.encrypted.rsa
827
828							=head2 Sign by OpenSSL, verify by Crypt::PK::RSA
829
830							Create signature (from commandline):
831
832							openssl dgst -sha1 -sign rsakey.priv.pem -out input.sha1-rsa.sig input.data
833
834							Verify signature (Perl code):
835
836							use Crypt::PK::RSA;
837							use Crypt::Digest 'digest_file';
838							use Crypt::Misc 'read_rawfile';
839
840							my $pkrsa = Crypt::PK::RSA->new("rsakey.pub.pem");
841							my $signature = read_rawfile("input.sha1-rsa.sig");
842							my $valid = $pkrsa->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5");
843							print $valid ? "SUCCESS" : "FAILURE";
844
845							=head2 Sign by Crypt::PK::RSA, verify by OpenSSL
846
847							Create signature (Perl code):
848
849							use Crypt::PK::RSA;
850							use Crypt::Digest 'digest_file';
851							use Crypt::Misc 'write_rawfile';
852
853							my $pkrsa = Crypt::PK::RSA->new("rsakey.priv.pem");
854							my $signature = $pkrsa->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5");
855							write_rawfile("input.sha1-rsa.sig", $signature);
856
857							Verify signature (from commandline):
858
859							openssl dgst -sha1 -verify rsakey.pub.pem -signature input.sha1-rsa.sig input.data
860
861							=head2 Keys generated by Crypt::PK::RSA
862
863							Generate keys (Perl code):
864
865							use Crypt::PK::RSA;
866							use Crypt::Misc 'write_rawfile';
867
868							my $pkrsa = Crypt::PK::RSA->new;
869							$pkrsa->generate_key(256, 65537);
870							write_rawfile("rsakey.pub.der", $pkrsa->export_key_der('public'));
871							write_rawfile("rsakey.priv.der", $pkrsa->export_key_der('private'));
872							write_rawfile("rsakey.pub.pem", $pkrsa->export_key_pem('public_x509'));
873							write_rawfile("rsakey.priv.pem", $pkrsa->export_key_pem('private'));
874							write_rawfile("rsakey-passwd.priv.pem", $pkrsa->export_key_pem('private', 'secret'));
875
876							Use keys by OpenSSL:
877
878							openssl rsa -in rsakey.priv.der -text -inform der
879							openssl rsa -in rsakey.priv.pem -text
880							openssl rsa -in rsakey-passwd.priv.pem -text -inform pem -passin pass:secret
881							openssl rsa -in rsakey.pub.der -pubin -text -inform der
882							openssl rsa -in rsakey.pub.pem -pubin -text
883
884							=head2 Keys generated by OpenSSL
885
886							Generate keys:
887
888							openssl genrsa -out rsakey.priv.pem 1024
889							openssl rsa -in rsakey.priv.pem -out rsakey.priv.der -outform der
890							openssl rsa -in rsakey.priv.pem -out rsakey.pub.pem -pubout
891							openssl rsa -in rsakey.priv.pem -out rsakey.pub.der -outform der -pubout
892							openssl rsa -in rsakey.priv.pem -passout pass:secret -des3 -out rsakey-passwd.priv.pem
893
894							Load keys (Perl code):
895
896							use Crypt::PK::RSA;
897
898							my $pkrsa = Crypt::PK::RSA->new;
899							$pkrsa->import_key("rsakey.pub.der");
900							$pkrsa->import_key("rsakey.priv.der");
901							$pkrsa->import_key("rsakey.pub.pem");
902							$pkrsa->import_key("rsakey.priv.pem");
903							$pkrsa->import_key("rsakey-passwd.priv.pem", "secret");
904
905							=head1 SEE ALSO
906
907							=over
908
909							=item * L
910
911							=back
912
913							=cut