Note: There is a newer version (2.9.2) of this package available. Click here to view docs for the latest version.
Module crypto
ballerina/crypto Ballerina library
2.2.0
Overview
This module provides common cryptographic mechanisms based on different algorithms.
The Ballerina crypto module facilitates APIs to do operations like hashing, HMAC generation, checksum generation, encryption, decryption, signing data digitally, verifying digitally signed data, etc., with different cryptographic algorithms.
Hashes
The crypto module supports generating hashes with 5 different hash algorithms MD5, SHA1, SHA256, SHA384, and SHA512. Also, it supports generating the CRC32B checksum.
HMAC
The crypto module supports generating HMAC with 5 different hash algorithms: MD5, SHA1, SHA256, SHA384, and SHA512.
Decode Private/Public Key
The crypto module supports decoding the RSA private key from a .p12 file and a key file in the PEM format. Also, it supports decoding a public key from a .p12 file and a certificate file in the X509 format. Additionally, this supports building an RSA public key with the modulus and exponent parameters.
Encrypt and Decrypt
The crypto module supports both symmetric key encryption/decryption and asymmetric key encryption/decryption. The RSA algorithm can be used for symmetric-key encryption/decryption with the use of private and public keys. The AES algorithm can be used for asymmetric-key encryption/decryption with the use of a shared key.
Sign and Verify
The crypto module supports signing data using the RSA private key and verification of the signature using the RSA public key. This supports MD5, SHA1, SHA256, SHA384, and SHA512 digesting algorithms as well.
Functions
buildRsaPublicKey
Isolated Function
Builds the RSA public key from the given modulus and exponent parameters.
string modulus = "luZFdW1ynitztkWLC6xKegbRWxky..."; string exponent = "AQAB"; crypto:PublicKey publicKey = check crypto:buildRsaPublicKey(modulus, exponent);
crc32b
Isolated Function
function crc32b(byte[] input) returns stringReturns the Hex-encoded CRC32B value for the given data.
string stringData = "Hello Ballerina"; byte[] data = stringData.toBytes(); string checksum = crypto:crc32b(data);
Parameters
- input byte[] - Value for checksum generation
Return Type
- string - The generated checksum
decodeRsaPrivateKeyFromKeyFile
Isolated Function
function decodeRsaPrivateKeyFromKeyFile(string keyFile, string? keyPassword) returns PrivateKey|ErrorDecodes the RSA private key from the given private key and private key password.
string keyFile = "/path/to/private.key"; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyFile(keyFile, "keyPassword");
Parameters
- keyFile string - Path to the key file
- keyPassword string? (default ()) - Password of the key file if it is encrypted
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Errorif the private key was unreadable
decodeRsaPrivateKeyFromKeyStore
Isolated Function
function decodeRsaPrivateKeyFromKeyStore(KeyStore keyStore, string keyAlias, string keyPassword) returns PrivateKey|ErrorDecodes the RSA private key from the given PKCS#12 archive file.
crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword");
Parameters
- keyStore KeyStore - KeyStore configurations
- keyAlias string - Key alias
- keyPassword string - Key password
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Errorif the private key was unreadable
decodeRsaPublicKeyFromCertFile
Isolated Function
Decodes the RSA public key from the given public certificate file.
string certFile = "/path/to/public.cert"; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromCertFile(certFile);
Parameters
- certFile string - Path to the ceritificate file
decodeRsaPublicKeyFromTrustStore
Isolated Function
function decodeRsaPublicKeyFromTrustStore(TrustStore trustStore, string keyAlias) returns PublicKey|ErrorDecodes the RSA public key from the given PKCS#12 archive file.
crypto:TrustStore trustStore = { path: "/path/tp/truststore.p12", password: "truststorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(trustStore, "keyAlias");
decryptAesCbc
Isolated Function
function decryptAesCbc(byte[] input, byte[] key, byte[] iv, AesPadding padding) returns byte[]|ErrorReturns the AES-CBC-decrypted value for the given AES-CBC-encrypted data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = <byte>(check random:createIntInRange(0, 255); } byte[] cipherText = check crypto:encryptAesCbc(data, key, initialVector); byte[] plainText = check crypto:decryptAesCbc(cipherText, key, initialVector);
Parameters
- input byte[] - The content to be decrypted
- key byte[] - Encryption key
- iv byte[] - Initialization vector
- padding AesPadding (default PKCS5) - The padding algorithm
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Errorif the key is invalid
decryptAesEcb
Isolated Function
function decryptAesEcb(byte[] input, byte[] key, AesPadding padding) returns byte[]|ErrorReturns the AES-ECB-decrypted value for the given AES-ECB-encrypted data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255); } byte[] cipherText = check crypto:encryptAesEcb(data, key); byte[] plainText = check crypto:decryptAesEcb(cipherText, key);
Parameters
- input byte[] - The content to be decrypted
- key byte[] - Encryption key
- padding AesPadding (default PKCS5) - The padding algorithm
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Errorif the key is invalid
decryptAesGcm
Isolated Function
function decryptAesGcm(byte[] input, byte[] key, byte[] iv, AesPadding padding, int tagSize) returns byte[]|ErrorReturns the AES-GCM-decrypted value for the given AES-GCM-encrypted data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = <byte>(check random:createIntInRange(0, 255); } byte[] cipherText = check crypto:encryptAesGcm(data, key, initialVector); byte[] plainText = check crypto:decryptAesGcm(cipherText, key, initialVector);
Parameters
- input byte[] - The content to be decrypted
- key byte[] - Encryption key
- iv byte[] - Initialization vector
- padding AesPadding (default PKCS5) - The padding algorithm
- tagSize int (default 128) - Tag size
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Errorif the key is invalid
decryptRsaEcb
Isolated Function
function decryptRsaEcb(byte[] input, PrivateKey|PublicKey key, RsaPadding padding) returns byte[]|ErrorReturns the RSA-decrypted value for the given RSA-encrypted data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodePublicKey(keyStore, "keyAlias"); crypto:PrivateKey privateKey = check crypto:decodePrivateKey(keyStore, "keyAlias", "keyPassword"); byte[] cipherText = check crypto:encryptRsaEcb(data, publicKey); byte[] plainText = check crypto:decryptRsaEcb(cipherText, privateKey);
Parameters
- input byte[] - The content to be decrypted
- key PrivateKey|PublicKey - Private or public key used for encryption
- padding RsaPadding (default PKCS1) - The padding algorithm
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Errorif the key is invalid
encryptAesCbc
Isolated Function
function encryptAesCbc(byte[] input, byte[] key, byte[] iv, AesPadding padding) returns byte[]|ErrorReturns the AES-CBC-encrypted value for the given data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = <byte>(check random:createIntInRange(0, 255); } byte[] cipherText = check crypto:encryptAesCbc(data, key, initialVector);
Parameters
- input byte[] - The content to be encrypted
- key byte[] - Encryption key
- iv byte[] - Initialization vector
- padding AesPadding (default PKCS5) - The padding algorithm
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Errorif the key is invalid
encryptAesEcb
Isolated Function
function encryptAesEcb(byte[] input, byte[] key, AesPadding padding) returns byte[]|ErrorReturns the AES-ECB-encrypted value for the given data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255); } byte[] cipherText = check crypto:encryptAesEcb(data, key);
Parameters
- input byte[] - The content to be encrypted
- key byte[] - Encryption key
- padding AesPadding (default PKCS5) - The padding algorithm
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Errorif the key is invalid
encryptAesGcm
Isolated Function
function encryptAesGcm(byte[] input, byte[] key, byte[] iv, AesPadding padding, int tagSize) returns byte[]|ErrorReturns the AES-GCM-encrypted value for the given data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = <byte>(check random:createIntInRange(0, 255); } byte[] cipherText = check crypto:encryptAesGcm(data, key, initialVector);
Parameters
- input byte[] - The content to be encrypted
- key byte[] - Encryption key
- iv byte[] - Initialization vector
- padding AesPadding (default PKCS5) - The padding algorithm
- tagSize int (default 128) - Tag size
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Errorif the key is invalid
encryptRsaEcb
Isolated Function
function encryptRsaEcb(byte[] input, PrivateKey|PublicKey key, RsaPadding padding) returns byte[]|ErrorReturns the RSA-encrypted value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodePublicKey(keyStore, "keyAlias"); byte[] cipherText = check crypto:encryptRsaEcb(data, publicKey);
Parameters
- input byte[] - The content to be encrypted
- key PrivateKey|PublicKey - Private or public key used for encryption
- padding RsaPadding (default PKCS1) - The padding algorithm
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Errorif the key is invalid
hashMd5
Isolated Function
function hashMd5(byte[] input, byte[]? salt) returns byte[]Returns the MD5 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashMd5(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hashSha1
Isolated Function
function hashSha1(byte[] input, byte[]? salt) returns byte[]Returns the SHA-1 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashSha1(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hashSha256
Isolated Function
function hashSha256(byte[] input, byte[]? salt) returns byte[]Returns the SHA-256 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashSha256(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hashSha384
Isolated Function
function hashSha384(byte[] input, byte[]? salt) returns byte[]Returns the SHA-384 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashSha384(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hashSha512
Isolated Function
function hashSha512(byte[] input, byte[]? salt) returns byte[]Returns the SHA-512 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashSha512(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hmacMd5
Isolated Function
function hmacMd5(byte[] input, byte[] key) returns byte[]|ErrorReturns the HMAC using the MD5 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = crypto:hmacMd5(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Errorif an error occurred
hmacSha1
Isolated Function
function hmacSha1(byte[] input, byte[] key) returns byte[]|ErrorReturns the HMAC using the SHA-1 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = crypto:hmacSha1(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Errorif an error occurred
hmacSha256
Isolated Function
function hmacSha256(byte[] input, byte[] key) returns byte[]|ErrorReturns the HMAC using the SHA-256 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = crypto:hmacSha256(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Errorif an error occurred
hmacSha384
Isolated Function
function hmacSha384(byte[] input, byte[] key) returns byte[]|ErrorReturns the HMAC using the SHA-384 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = crypto:hmacSha384(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Errorif an error occurred
hmacSha512
Isolated Function
function hmacSha512(byte[] input, byte[] key) returns byte[]|ErrorReturns the HMAC using the SHA-512 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = crypto:hmacSha512(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Errorif an error occurred
signRsaMd5
Isolated Function
function signRsaMd5(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the RSA-MD5 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodePrivateKey(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaMd5(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
signRsaSha1
Isolated Function
function signRsaSha1(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the RSA-SHA1 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodePrivateKey(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha1(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
signRsaSha256
Isolated Function
function signRsaSha256(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the RSA-SHA256 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodePrivateKey(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha256(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
signRsaSha384
Isolated Function
function signRsaSha384(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the RSA-SHA384 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodePrivateKey(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha384(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
signRsaSha512
Isolated Function
function signRsaSha512(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the RSA-SHA512 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodePrivateKey(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha512(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
verifyRsaMd5Signature
Isolated Function
function verifyRsaMd5Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the RSA-MD5 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodePrivateKey(keyStore, "keyAlias", "keyPassword") byte[] signature = check crypto:signRsaMd5(data, privateKey); crypto:PublicKey publicKey = check crypto:decodePublicKey(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaMd5Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaSha1Signature
Isolated Function
function verifyRsaSha1Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the RSA-SHA1 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodePrivateKey(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaMd5(data, privateKey); crypto:PublicKey publicKey = check crypto:decodePublicKey(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha1Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaSha256Signature
Isolated Function
function verifyRsaSha256Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the RSA-SHA256 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodePrivateKey(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaMd5(data, privateKey); crypto:PublicKey publicKey = check crypto:decodePublicKey(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha256Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaSha384Signature
Isolated Function
function verifyRsaSha384Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the RSA-SHA384 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodePrivateKey(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaMd5(data, privateKey); crypto:PublicKey publicKey = check crypto:decodePublicKey(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha384Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaSha512Signature
Isolated Function
function verifyRsaSha512Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the RSA-SHA512 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodePrivateKey(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaMd5(data, privateKey); crypto:PublicKey publicKey = check crypto:decodePublicKey(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha512Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
Constants
crypto: NONE
No padding.
crypto: OAEPwithMD5andMGF1
The OAEPwithMD5andMGF1 padding mode.
crypto: OAEPWithSHA1AndMGF1
The OAEPWithSHA1AndMGF1 padding mode.
crypto: OAEPWithSHA256AndMGF1
The OAEPWithSHA256AndMGF1 padding mode.
crypto: OAEPwithSHA384andMGF1
The OAEPwithSHA384andMGF1 padding mode.
crypto: OAEPwithSHA512andMGF1
The OAEPwithSHA512andMGF1 padding mode.
crypto: PKCS1
The PKCS1 padding mode.
crypto: PKCS5
The PKCS5 padding mode.
crypto: RSA
The RSA algorithm.
Records
crypto: Certificate
Closed record
Represents the X509 public key certificate information.
Fields
- version0 int - Version number
- serial int - Serial number
- issuer string - Issuer name
- subject string - Subject name
- notBefore Utc - Not before validity period of certificate
- notAfter Utc - Not after validity period of certificate
- signature byte[] - Raw signature bits
- signingAlgorithm string - Signature algorithm
crypto: KeyStore
Closed record
Represents the KeyStore-related configurations.
Fields
- path string - Path to the KeyStore file
- password string - KeyStore password
crypto: PrivateKey
Closed record
Represents the private key used in cryptographic operations.
Fields
- algorithm KeyAlgorithm - Key algorithm
crypto: PublicKey
Closed record
Represents the public key used in cryptographic operations.
Fields
- algorithm KeyAlgorithm - Key algorithm
- certificate Certificate? - Public key certificate
crypto: TrustStore
Closed record
Represents the truststore-related configurations.
Fields
- path string - Path to the TrustStore file
- password string - TrustStore password
Errors
crypto: Error
Distinct
Represents the error type of the module.
Union types
crypto: AesPadding
AesPadding
Represents the padding algorithms supported by AES encryption and decryption.
crypto: RsaPadding
RsaPadding
Represents the padding algorithms supported with RSA encryption and decryption.