asn1dump, asn1toRSApriv, decodePEM, rsadecrypt, rsaencrypt, rsafill,
rsagen, rsaprivalloc, rsaprivfree, rsaprivtopub, rsapuballoc,
rsapubfree, X509toRSApub, X509rsagen, X509rsareq, X509rsaverify,
X509rsaverifydigest – RSA encryption algorithm|
RSApriv* rsagen(int nlen, int elen, int nrep)
RSApriv* rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q)
mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out)
mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out)
RSApub* X509toRSApub(uchar *cert, int ncert, char *name, int nname)
RSApriv* asn1toRSApriv(uchar *priv, int npriv)
void asn1dump(uchar *der, int len)
uchar* decodePEM(char *s, char *type, int *len, char **new_s)
uchar* X509rsagen(RSApriv *priv, char *subj, ulong valid, int *certlen);
uchar* X509rsareq(RSApriv *priv, char *subj, int *certlen);
char* X509rsaverify(uchar *cert, int ncert, RSApub *pk)
char* X509rsaverifydigest(uchar *sig, int siglen, uchar *edigest,
int edigestlen, RSApub *pk)
RSA is a public key encryption algorithm. The owner of a key publishes
the public part of the key:|
The routines rsaalloc, rsafree, rsapuballoc, rsapubfree, rsaprivalloc, and rsaprivfree are provided to aid in user provided key I/O.
Given a binary X.509 cert, the routine X509toRSApub returns the public key and, if name is not nil, the CN part of the Distinguished Name of the certificate's Subject. (This is conventionally a userid or a host DNS name.) No verification is done of the certificate signature; the caller should check the fingerprint, sha1(cert), against a table or check the certificate by other means. X.509 certificates are often stored in PEM format; use dec64 to convert to binary before computing the fingerprint or calling X509toRSApub. For the special case of certificates signed by a known trusted key (in a single step, without certificate chains), X509rsaverify checks the signature on cert. It returns nil if successful, else an error string.
X509rsaverifydigest takes a encoded PKCS #1 signature as used in X.509 as sig[siglen] and verifies it against the expected cryptographic hash edigest[edigestlen] of the signed data; returning nil on success or an error string.
X509rsagen creates a self–signed X.509 certificate, given an RSA
keypair priv, a issuer/subject string subj, and the starting and
ending validity dates, valid. Length of the allocated binary certificate
is stored in certlen. The subject line is conventionally of the
Asn1toRSApriv converts an ASN1 formatted RSA private key into the corresponding RSApriv structure.
Asn1dump prints an ASN1 object to standard output.
DecodePEM takes a zero terminated string, s, and decodes the PEM
(privacy–enhanced mail) formatted section for type within it. If
successful, it returns malloced storage containing the decoded
section, which the caller must free, and sets *len to its decoded
length. Otherwise nil is returned and *len is undefined. If
not nil, new_s is set to the first character beyond the type section.
mp(2), aes(2), blowfish(2), des(2), dsa(2), elgamal(2), rc4(2),
sechash(2), prime(2), rand(2), rsa(8)|