Note: There is a newer version (2.9.2) of this package available. Click here to view docs for the latest version.
Module crypto
ballerina/crypto Ballerina library
2.8.0
Functions
buildRsaPublicKey
Isolated Function
Builds the RSA public key from the given modulus and exponent parameters.
string modulus = "luZFdW1ynitztkWLC6xKegbRWxky..."; string exponent = "AQAB"; crypto:PublicKey publicKey = check crypto:buildRsaPublicKey(modulus, exponent);
crc32b
Isolated Function
function crc32b(byte[] input) returns stringReturns the Hex-encoded CRC32B value for the given data.
string stringData = "Hello Ballerina"; byte[] data = stringData.toBytes(); string checksum = crypto:crc32b(data);
Parameters
- input byte[] - Value for checksum generation
Return Type
- string - The generated checksum
decapsulateMlKem768
Isolated Function
function decapsulateMlKem768(byte[] encapsulatedSecret, PrivateKey privateKey) returns byte[]|ErrorDecapsulates the ML-KEM-768 (Kyber768) shared secret used for Key Encapsulation Mechanism (KEM) from the given encapsulation for the given data.
crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateMlKem768(publicKey); byte[] encapsulatedSecret = encapsulationResult.encapsulatedSecret; crypto:PrivateKey privateKey = check crypto:decodeMlKem768PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyStorePassword"); byte[] sharedSecret = check crypto:decapsulateMlKem768(encapsulatedSecret, privateKey);
Return Type
- byte[]|Error - Shared secret or else a
crypto:Errorif the encapsulatedSecret or the private key is invalid
decapsulateRsaKem
Isolated Function
function decapsulateRsaKem(byte[] encapsulatedSecret, PrivateKey privateKey) returns byte[]|ErrorDecapsulates the shared secret used for Key Encapsulation Mechanism (KEM) from the given encapsulation for the given data.
crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateRsaKem(publicKey); byte[] encapsulatedSecret = encapsulationResult.encapsulatedSecret; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyStorePassword"); byte[] sharedSecret = check crypto:decapsulateRsaKem(encapsulatedSecret, privateKey);
Return Type
- byte[]|Error - Shared secret or else a
crypto:Errorif the encapsulatedSecret or the private key is invalid
decapsulateRsaKemMlKem768
Isolated Function
function decapsulateRsaKemMlKem768(byte[] encapsulatedSecret, PrivateKey rsaPrivateKey, PrivateKey mlkemPrivateKey) returns byte[]|ErrorDecapsulates the shared secret used for Key Encapsulation Mechanism (KEM) using RSA and ML-KEM-768 (Kyber768) private keys.
crypto:KeyStore mlkemKeyStore = { path: "/path/to/mlkem/keyStore.p12", password: "keyStorePassword" }; crypto:KeyStore rsaKeyStore = { path: "/path/to/rsa/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey mlkemPublicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(mlkemKeyStore, "keyAlias"); crypto:PublicKey rsaPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(rsaKeyStore, "keyAlias"); crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateRsaKemMlKem768(rsaPublicKey, mlkemPublicKey); byte[] encapsulatedSecret = encapsulationResult.encapsulatedSecret; crypto:PrivateKey mlkemPrivateKey = check crypto:decodeMlKem768PrivateKeyFromKeyStore(mlkemKeyStore, "keyAlias", "keyStorePassword"); crypto:PrivateKey rsaPrivateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(rsaKeyStore, "keyAlias", "keyStorePassword"); byte[] sharedSecret = check crypto:decapsulateRsaKemMlKem768(encapsulatedSecret, rsaPrivateKey, mlkemPrivateKey);
Parameters
- encapsulatedSecret byte[] - Encapsulated secret
- rsaPrivateKey PrivateKey - RSA private key
- mlkemPrivateKey PrivateKey - MlKem private key
Return Type
- byte[]|Error - Shared secret or else a
crypto:Errorif the keysize or private keys are invalid
decodeEcPrivateKeyFromKeyFile
Isolated Function
function decodeEcPrivateKeyFromKeyFile(string keyFile, string? keyPassword) returns PrivateKey|ErrorDecodes the EC private key from the given private key and private key password.
string keyFile = "/path/to/private.key"; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyFile(keyFile, "keyPassword");
Parameters
- keyFile string - Path to the key file
- keyPassword string? (default ()) - Password of the key file if it is encrypted
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Errorif the private key was unreadable
decodeEcPrivateKeyFromKeyStore
Isolated Function
function decodeEcPrivateKeyFromKeyStore(KeyStore keyStore, string keyAlias, string keyPassword) returns PrivateKey|ErrorDecodes the EC private key from the given PKCS#12 archive file.
crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword");
Parameters
- keyStore KeyStore - KeyStore configurations
- keyAlias string - Key alias
- keyPassword string - Key password
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Errorif the private key was unreadable
decodeEcPublicKeyFromCertFile
Isolated Function
Decodes the EC public key from the given public certificate file.
string certFile = "/path/to/public.cert"; crypto:PublicKey publicKey = check crypto:decodeEcPublicKeyFromCertFile(certFile);
Parameters
- certFile string - Path to the certificate file
decodeEcPublicKeyFromTrustStore
Isolated Function
function decodeEcPublicKeyFromTrustStore(TrustStore trustStore, string keyAlias) returns PublicKey|ErrorDecodes the EC public key from the given PKCS#12 archive file.
crypto:TrustStore trustStore = { path: "/path/tp/truststore.p12", password: "truststorePassword" }; crypto:PublicKey publicKey = check crypto:decodeEcPublicKeyFromTrustStore(trustStore, "keyAlias");
decodeMlDsa65PrivateKeyFromKeyFile
Isolated Function
function decodeMlDsa65PrivateKeyFromKeyFile(string keyFile, string? keyPassword) returns PrivateKey|ErrorDecodes the ML-DSA-65 (Dilithium3) private key from the given private key and private key password.
string keyFile = "/path/to/private.key"; crypto:PrivateKey privateKey = check crypto:decodeMlDsa65PrivateKeyFromKeyFile(keyFile, "keyPassword");
Parameters
- keyFile string - Path to the key file
- keyPassword string? (default ()) - Password of the key file if it is encrypted
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Errorif the private key was unreadable
decodeMlDsa65PrivateKeyFromKeyStore
Isolated Function
function decodeMlDsa65PrivateKeyFromKeyStore(KeyStore keyStore, string keyAlias, string keyPassword) returns PrivateKey|ErrorDecodes the ML-DSA-65 (Dilithium3) private key from the given PKCS#12 archive file.
crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeMlDsa65PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword");
Parameters
- keyStore KeyStore - KeyStore configurations
- keyAlias string - Key alias
- keyPassword string - Key password
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Errorif the private key was unreadable
decodeMlDsa65PublicKeyFromCertFile
Isolated Function
Decodes the ML-DSA-65 (Dilithium3) public key from the given public certificate file.
string certFile = "/path/to/public.cert"; crypto:PublicKey publicKey = check crypto:decodeMlDsa65PublicKeyFromCertFile(certFile);
Parameters
- certFile string - Path to the certificate file
decodeMlDsa65PublicKeyFromTrustStore
Isolated Function
function decodeMlDsa65PublicKeyFromTrustStore(TrustStore trustStore, string keyAlias) returns PublicKey|ErrorDecodes the ML-DSA-65 (Dilithium3) public key from the given PKCS#12 archive file.
crypto:TrustStore trustStore = { path: "/path/tp/truststore.p12", password: "truststorePassword" }; crypto:PublicKey publicKey = check crypto:decodeMlDsa65PublicKeyFromTrustStore(trustStore, "keyAlias");
decodeMlKem768PrivateKeyFromKeyFile
Isolated Function
function decodeMlKem768PrivateKeyFromKeyFile(string keyFile, string? keyPassword) returns PrivateKey|ErrorDecodes the ML-KEM-768 (Kyber768) private key from the given private key and private key password.
string keyFile = "/path/to/private.key"; crypto:PrivateKey privateKey = check crypto:decodeMlKem768PrivateKeyFromKeyFile(keyFile, "keyPassword");
Parameters
- keyFile string - Path to the key file
- keyPassword string? (default ()) - Password of the key file if it is encrypted
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Errorif the private key was unreadable
decodeMlKem768PrivateKeyFromKeyStore
Isolated Function
function decodeMlKem768PrivateKeyFromKeyStore(KeyStore keyStore, string keyAlias, string keyPassword) returns PrivateKey|ErrorDecodes the ML-KEM-768 (Kyber768) private key from the given PKCS#12 archive file.
crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeMlKem768PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword");
Parameters
- keyStore KeyStore - KeyStore configurations
- keyAlias string - Key alias
- keyPassword string - Key password
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Errorif the private key was unreadable
decodeMlKem768PublicKeyFromCertFile
Isolated Function
Decodes the ML-KEM-768 (Kyber768) public key from the given public certificate file.
string certFile = "/path/to/public.cert"; crypto:PublicKey publicKey = check crypto:decodeMlKem768PublicKeyFromCertFile(certFile);
Parameters
- certFile string - Path to the certificate file
decodeMlKem768PublicKeyFromTrustStore
Isolated Function
function decodeMlKem768PublicKeyFromTrustStore(TrustStore trustStore, string keyAlias) returns PublicKey|ErrorDecodes the ML-KEM-768 (Kyber768) public key from the given PKCS#12 archive file.
crypto:TrustStore trustStore = { path: "/path/tp/truststore.p12", password: "truststorePassword" }; crypto:PublicKey publicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(trustStore, "keyAlias");
decodeRsaPrivateKeyFromContent
Isolated Function
function decodeRsaPrivateKeyFromContent(byte[] content, string? keyPassword) returns PrivateKey|ErrorDecodes the RSA private key from the given private key content as a byte array.
byte[] keyFileContent = [45,45,45,45,45,66,69,71,73,78,...]; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromContent(keyFileContent, "keyPassword");
Parameters
- content byte[] - Private key content as a byte array
- keyPassword string? (default ()) - Password of the private key if it is encrypted
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Errorif the private key was unreadable
decodeRsaPrivateKeyFromKeyFile
Isolated Function
function decodeRsaPrivateKeyFromKeyFile(string keyFile, string? keyPassword) returns PrivateKey|ErrorDecodes the RSA private key from the given private key and private key password.
string keyFile = "/path/to/private.key"; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyFile(keyFile, "keyPassword");
Parameters
- keyFile string - Path to the key file
- keyPassword string? (default ()) - Password of the key file if it is encrypted
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Errorif the private key was unreadable
decodeRsaPrivateKeyFromKeyStore
Isolated Function
function decodeRsaPrivateKeyFromKeyStore(KeyStore keyStore, string keyAlias, string keyPassword) returns PrivateKey|ErrorDecodes the RSA private key from the given PKCS#12 archive file.
crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword");
Parameters
- keyStore KeyStore - KeyStore configurations
- keyAlias string - Key alias
- keyPassword string - Key password
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Errorif the private key was unreadable
decodeRsaPublicKeyFromCertFile
Isolated Function
Decodes the RSA public key from the given public certificate file.
string certFile = "/path/to/public.cert"; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromCertFile(certFile);
Parameters
- certFile string - Path to the certificate file
decodeRsaPublicKeyFromContent
Isolated Function
Decodes the RSA public key from the given public certificate content.
byte[] certContent = [45,45,45,45,45,66,69,71,73,78,...]; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromContent(certContent);
Parameters
- content byte[] - The certificate content as a byte array
decodeRsaPublicKeyFromTrustStore
Isolated Function
function decodeRsaPublicKeyFromTrustStore(TrustStore trustStore, string keyAlias) returns PublicKey|ErrorDecodes the RSA public key from the given PKCS#12 archive file.
crypto:TrustStore trustStore = { path: "/path/tp/truststore.p12", password: "truststorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(trustStore, "keyAlias");
decryptAesCbc
Isolated Function
function decryptAesCbc(byte[] input, byte[] key, byte[] iv, AesPadding padding) returns byte[]|ErrorReturns the AES-CBC-decrypted value for the given AES-CBC-encrypted data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255)); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = <byte>(check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesCbc(data, key, initialVector); byte[] plainText = check crypto:decryptAesCbc(cipherText, key, initialVector);
Parameters
- input byte[] - The content to be decrypted
- key byte[] - Encryption key
- iv byte[] - Initialization vector
- padding AesPadding (default PKCS5) - The padding algorithm
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Errorif the key is invalid
decryptAesEcb
Isolated Function
function decryptAesEcb(byte[] input, byte[] key, AesPadding padding) returns byte[]|ErrorReturns the AES-ECB-decrypted value for the given AES-ECB-encrypted data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesEcb(data, key); byte[] plainText = check crypto:decryptAesEcb(cipherText, key);
Parameters
- input byte[] - The content to be decrypted
- key byte[] - Encryption key
- padding AesPadding (default PKCS5) - The padding algorithm
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Errorif the key is invalid
decryptAesGcm
Isolated Function
function decryptAesGcm(byte[] input, byte[] key, byte[] iv, AesPadding padding, int tagSize) returns byte[]|ErrorReturns the AES-GCM-decrypted value for the given AES-GCM-encrypted data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255)); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = <byte>(check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesGcm(data, key, initialVector); byte[] plainText = check crypto:decryptAesGcm(cipherText, key, initialVector);
Parameters
- input byte[] - The content to be decrypted
- key byte[] - Encryption key
- iv byte[] - Initialization vector
- padding AesPadding (default PKCS5) - The padding algorithm
- tagSize int (default 128) - Tag size
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Errorif the key is invalid
decryptMlKem768Hpke
Isolated Function
function decryptMlKem768Hpke(byte[] input, byte[] encapsulatedKey, PrivateKey privateKey, AesKeySize symmetricKeySize) returns byte[]|ErrorReturns the ML-KEM-768-AES-hybrid-encrypted value for the given encrypted data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:HybridEncryptionResult encryptionResult = check crypto:encryptMlKem768Hpke(data, publicKey); byte[] cipherText = encryptionResult.cipherText; byte[] encapsulatedKey = encryptionResult.encapsulatedSecret; crypto:PrivateKey privateKey = check crypto:decodeMlKem768PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyStorePassword"); byte[] decryptedData = check crypto:decryptMlKem768Hpke(cipherText, encapsulatedKey, privateKey);
Parameters
- input byte[] - The content to be decrypted
- encapsulatedKey byte[] - The encapsulated secret
- privateKey PrivateKey - The MlKem private key used for decryption
- symmetricKeySize AesKeySize (default 32) - The length of the symmetric key (in bytes)
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Errorif error occurs
decryptPgp
Isolated Function
Returns the PGP-decrypted value of the given PGP-encrypted data.
byte[] message = "Hello Ballerina!".toBytes(); byte[] cipherText = check crypto:encryptPgp(message, "public_key.asc"); byte[] passphrase = check io:fileReadBytes("pass_phrase.txt"); byte[] decryptedMessage = check crypto:decryptPgp(cipherText, "private_key.asc", passphrase);
Parameters
- cipherText byte[] - The encrypted content to be decrypted
- privateKey string - Path to the private key
- passphrase byte[] - passphrase of the private key
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Errorif the key or passphrase is invalid
decryptRsaEcb
Isolated Function
function decryptRsaEcb(byte[] input, PrivateKey|PublicKey key, RsaPadding padding) returns byte[]|ErrorReturns the RSA-decrypted value for the given RSA-encrypted data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] cipherText = check crypto:encryptRsaEcb(data, publicKey); byte[] plainText = check crypto:decryptRsaEcb(cipherText, privateKey);
Parameters
- input byte[] - The content to be decrypted
- key PrivateKey|PublicKey - Private or public key used for encryption
- padding RsaPadding (default PKCS1) - The padding algorithm
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Errorif the key is invalid
decryptRsaKemMlKem768Hpke
Isolated Function
function decryptRsaKemMlKem768Hpke(byte[] input, byte[] encapsulatedKey, PrivateKey rsaPrivateKey, PrivateKey mlkemPrivateKey, AesKeySize symmetricKeySize) returns byte[]|ErrorReturns the RSA-KEM-ML-KEM-768-AES-hybrid-encrypted value for the given encrypted data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore mlkemKeyStore = { path: "/path/to/mlkem/keyStore.p12", password: "keyStorePassword" }; crypto:KeyStore rsaKeyStore = { path: "/path/to/rsa/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey mlkemPublicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(mlkemKeyStore, "keyAlias"); crypto:PublicKey rsaPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(rsaKeyStore, "keyAlias"); crypto:HybridEncryptionResult encryptionResult = check crypto:encryptRsaKemMlKem768Hpke(data, rsaPublicKey, mlkemPublicKey); byte[] cipherText = encryptionResult.cipherText; byte[] encapsulatedKey = encryptionResult.encapsulatedSecret; crypto:PrivateKey mlkemPrivateKey = check crypto:decodeMlKem768PrivateKeyFromKeyStore(mlkemKeyStore, "keyAlias", "keyStorePassword"); crypto:PrivateKey rsaPrivateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(rsaKeyStore, "keyAlias", "keyStorePassword"); byte[] decryptedData = check crypto:decryptRsaKemMlKem768Hpke(cipherText, encapsulatedKey, rsaPrivateKey, mlkemPrivateKey);
Parameters
- input byte[] - The content to be decrypted
- encapsulatedKey byte[] - The encapsulated secret
- rsaPrivateKey PrivateKey - The RSA private key used for decryption
- mlkemPrivateKey PrivateKey - The MlKem private key used for decryption
- symmetricKeySize AesKeySize (default 32) - The length of the symmetric key (in bytes)
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Errorif error occurs
decryptStreamFromPgp
Isolated Function
function decryptStreamFromPgp(stream<byte[], error?> inputStream, string privateKey, byte[] passphrase) returns stream<byte[], Error?>|ErrorReturns the PGP-decrypted stream of the content given in the input stream.
byte[] passphrase = check io:fileReadBytes("pass_phrase.txt"); stream<byte[], error?> inputStream = check io:fileReadBlocksAsStream("pgb_encrypted.txt"); stream<byte[], crypto:Error?>|crypto:Error decryptedStream = crypto:decryptStreamFromPgp(inputStream, "private_key.asc", passphrase);
Parameters
- privateKey string - Path to the private key
- passphrase byte[] - passphrase of the private key
encapsulateMlKem768
Isolated Function
function encapsulateMlKem768(PublicKey publicKey) returns EncapsulationResult|ErrorCreates a shared secret and its encapsulation used for Key Encapsulation Mechanism (KEM) using the ML-KEM-768 (Kyber768) public key.
crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateMlKem768(publicKey);
Parameters
- publicKey PublicKey - Public key
Return Type
- EncapsulationResult|Error - Encapsulated secret or else a
crypto:Errorif the public key is invalid
encapsulateRsaKem
Isolated Function
function encapsulateRsaKem(PublicKey publicKey) returns EncapsulationResult|ErrorCreates a shared secret and its encapsulation used for Key Encapsulation Mechanism (KEM) using the RSA public key.
crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateRsaKem(publicKey);
Parameters
- publicKey PublicKey - Public key
Return Type
- EncapsulationResult|Error - Encapsulated secret or else a
crypto:Errorif the public key is invalid
encapsulateRsaKemMlKem768
Isolated Function
function encapsulateRsaKemMlKem768(PublicKey rsaPublicKey, PublicKey mlkemPublicKey) returns EncapsulationResult|ErrorCreates a shared secret and its encapsulation used for Key Encapsulation Mechanism (KEM) using RSA and ML-KEM-768 (Kyber768) public keys.
crypto:KeyStore mlkemKeyStore = { path: "/path/to/mlkem/keyStore.p12", password: "keyStorePassword" }; crypto:KeyStore rsaKeyStore = { path: "/path/to/rsa/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey mlkemPublicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(mlkemKeyStore, "keyAlias"); crypto:PublicKey rsaPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(rsaKeyStore, "keyAlias"); crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateRsaKemMlKem768(rsaPublicKey, mlkemPublicKey);
Return Type
- EncapsulationResult|Error - Encapsulated secret or else a
crypto:Errorif the keysize or public keys are invalid
encryptAesCbc
Isolated Function
function encryptAesCbc(byte[] input, byte[] key, byte[] iv, AesPadding padding) returns byte[]|ErrorReturns the AES-CBC-encrypted value for the given data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255)); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = <byte>(check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesCbc(data, key, initialVector);
Parameters
- input byte[] - The content to be encrypted
- key byte[] - Encryption key
- iv byte[] - Initialization vector
- padding AesPadding (default PKCS5) - The padding algorithm
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Errorif the key is invalid
encryptAesEcb
Isolated Function
function encryptAesEcb(byte[] input, byte[] key, AesPadding padding) returns byte[]|ErrorReturns the AES-ECB-encrypted value for the given data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesEcb(data, key);
Parameters
- input byte[] - The content to be encrypted
- key byte[] - Encryption key
- padding AesPadding (default PKCS5) - The padding algorithm
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Errorif the key is invalid
encryptAesGcm
Isolated Function
function encryptAesGcm(byte[] input, byte[] key, byte[] iv, AesPadding padding, int tagSize) returns byte[]|ErrorReturns the AES-GCM-encrypted value for the given data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255)); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = <byte>(check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesGcm(data, key, initialVector);
Parameters
- input byte[] - The content to be encrypted
- key byte[] - Encryption key
- iv byte[] - Initialization vector
- padding AesPadding (default NONE) - The padding algorithm
- tagSize int (default 128) - Tag size
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Errorif the key is invalid
encryptMlKem768Hpke
Isolated Function
function encryptMlKem768Hpke(byte[] input, PublicKey publicKey, AesKeySize symmetricKeySize) returns HybridEncryptionResult|ErrorReturns the ML-KEM-768-AES-hybrid-encrypted value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:HybridEncryptionResult encryptionResult = check crypto:encryptMlKem768Hpke(data, publicKey);
Parameters
- input byte[] - The content to be encrypted
- publicKey PublicKey - Public key used for encryption
- symmetricKeySize AesKeySize (default 32) - The length of the symmetric key (in bytes)
Return Type
- HybridEncryptionResult|Error - Encrypted data or else a
crypto:Errorif an error occurs
encryptPgp
Isolated Function
Returns the PGP-encrypted value for the given data.
byte[] message = "Hello Ballerina!".toBytes(); byte[] cipherText = check crypto:encryptPgp(message, "public_key.asc");
Parameters
- plainText byte[] - The content to be encrypted
- publicKey string - Path to the public key
- options *Options - PGP encryption options
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Errorif the key is invalid
encryptRsaEcb
Isolated Function
function encryptRsaEcb(byte[] input, PrivateKey|PublicKey key, RsaPadding padding) returns byte[]|ErrorReturns the RSA-encrypted value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); byte[] cipherText = check crypto:encryptRsaEcb(data, publicKey);
Parameters
- input byte[] - The content to be encrypted
- key PrivateKey|PublicKey - Private or public key used for encryption
- padding RsaPadding (default PKCS1) - The padding algorithm
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Errorif the key is invalid
encryptRsaKemMlKem768Hpke
Isolated Function
function encryptRsaKemMlKem768Hpke(byte[] input, PublicKey rsaPublicKey, PublicKey mlkemPublicKey, AesKeySize symmetricKeySize) returns HybridEncryptionResult|ErrorReturns the RSA-KEM-ML-KEM-768-AES-hybrid-encrypted value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore mlkemKeyStore = { path: "/path/to/mlkem/keyStore.p12", password: "keyStorePassword" }; crypto:KeyStore rsaKeyStore = { path: "/path/to/rsa/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey mlkemPublicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(mlkemKeyStore, "keyAlias"); crypto:PublicKey rsaPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(rsaKeyStore, "keyAlias"); crypto:HybridEncryptionResult encryptionResult = check crypto:encryptRsaKemMlKem768Hpke(data, rsaPublicKey, mlkemPublicKey);
Parameters
- input byte[] - The content to be encrypted
- rsaPublicKey PublicKey - The RSA public key used for encryption
- mlkemPublicKey PublicKey - The MlKem public key used for encryption
- symmetricKeySize AesKeySize (default 32) - The length of the symmetric key (in bytes)
Return Type
- HybridEncryptionResult|Error - Encrypted data or else a
crypto:Errorif an error occurs
encryptStreamAsPgp
Isolated Function
function encryptStreamAsPgp(stream<byte[], error?> inputStream, string publicKey, *Options options) returns stream<byte[], Error?>|ErrorReturns the PGP-encrypted stream of the content given in the input stream.
stream<byte[], error?> inputStream = check io:fileReadBlocksAsStream("input.txt"); stream<byte[], crypto:Error?>|crypto:Error encryptedStream = crypto:encryptStreamAsPgp(inputStream, "public_key.asc");
hashMd5
Isolated Function
function hashMd5(byte[] input, byte[]? salt) returns byte[]Returns the MD5 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashMd5(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hashSha1
Isolated Function
function hashSha1(byte[] input, byte[]? salt) returns byte[]Returns the SHA-1 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashSha1(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hashSha256
Isolated Function
function hashSha256(byte[] input, byte[]? salt) returns byte[]Returns the SHA-256 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashSha256(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hashSha384
Isolated Function
function hashSha384(byte[] input, byte[]? salt) returns byte[]Returns the SHA-384 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashSha384(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hashSha512
Isolated Function
function hashSha512(byte[] input, byte[]? salt) returns byte[]Returns the SHA-512 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashSha512(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hkdfSha256
Isolated Function
Returns HKDF (HMAC-based Key Derivation Function) using SHA-256 as the hash function.
string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hash = crypto:hkdfSha256(key, 32);
Parameters
- input byte[] - The input key material to derive the key from
- length int - The length of the output keying material (OKM) in bytes
- salt byte[] (default []) - Optional salt value, a non-secret random value
- info byte[] (default []) - Optional context and application-specific information
Return Type
- byte[]|Error - The derived keying material (OKM) of the specified length
hmacMd5
Isolated Function
function hmacMd5(byte[] input, byte[] key) returns byte[]|ErrorReturns the HMAC using the MD5 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = check crypto:hmacMd5(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Errorif an error occurred
hmacSha1
Isolated Function
function hmacSha1(byte[] input, byte[] key) returns byte[]|ErrorReturns the HMAC using the SHA-1 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = check crypto:hmacSha1(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Errorif an error occurred
hmacSha256
Isolated Function
function hmacSha256(byte[] input, byte[] key) returns byte[]|ErrorReturns the HMAC using the SHA-256 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = check crypto:hmacSha256(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Errorif an error occurred
hmacSha384
Isolated Function
function hmacSha384(byte[] input, byte[] key) returns byte[]|ErrorReturns the HMAC using the SHA-384 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = check crypto:hmacSha384(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Errorif an error occurred
hmacSha512
Isolated Function
function hmacSha512(byte[] input, byte[] key) returns byte[]|ErrorReturns the HMAC using the SHA-512 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = check crypto:hmacSha512(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Errorif an error occurred
signMlDsa65
Isolated Function
function signMlDsa65(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the MlDsa65 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeMlDsa65PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signMlDsa65(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
signRsaMd5
Isolated Function
function signRsaMd5(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the RSA-MD5 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaMd5(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
signRsaSha1
Isolated Function
function signRsaSha1(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the RSA-SHA1 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha1(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
signRsaSha256
Isolated Function
function signRsaSha256(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the RSA-SHA256 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha256(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
signRsaSha384
Isolated Function
function signRsaSha384(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the RSA-SHA384 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha384(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
signRsaSha512
Isolated Function
function signRsaSha512(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the RSA-SHA512 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha512(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
signSha256withEcdsa
Isolated Function
function signSha256withEcdsa(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the SHA256withECDSA based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signSha256withEcdsa(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
signSha384withEcdsa
Isolated Function
function signSha384withEcdsa(byte[] input, PrivateKey privateKey) returns byte[]|ErrorReturns the SHA384withECDSA based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signSha384withEcdsa(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Errorif the private key is invalid
verifyMlDsa65Signature
Isolated Function
function verifyMlDsa65Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the MlDsa65 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeMlDsa65PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signMlDsa65(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeMlDsa65PublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyMlDsa65Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaMd5Signature
Isolated Function
function verifyRsaMd5Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the RSA-MD5 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaMd5(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaMd5Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaSha1Signature
Isolated Function
function verifyRsaSha1Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the RSA-SHA1 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha1(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha1Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaSha256Signature
Isolated Function
function verifyRsaSha256Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the RSA-SHA256 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha256(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha256Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaSha384Signature
Isolated Function
function verifyRsaSha384Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the RSA-SHA384 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha384(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha384Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaSha512Signature
Isolated Function
function verifyRsaSha512Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the RSA-SHA512 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha512(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha512Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifySha256withEcdsaSignature
Isolated Function
function verifySha256withEcdsaSignature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the SHA256withECDSA based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signSha256withEcdsa(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeEcPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifySha256withEcdsaSignature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifySha384withEcdsaSignature
Isolated Function
function verifySha384withEcdsaSignature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|ErrorVerifies the SHA384withECDSA based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signSha384withEcdsa(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeEcPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifySha384withEcdsaSignature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
Constants
crypto: MLDSA65
The ML-DSA-65 algorithm.
crypto: MLKEM768
The ML-KEM-768 algorithm.
crypto: NONE
No padding.
crypto: OAEPwithMD5andMGF1
The OAEPwithMD5andMGF1 padding mode.
crypto: OAEPWithSHA1AndMGF1
The OAEPWithSHA1AndMGF1 padding mode.
crypto: OAEPWithSHA256AndMGF1
The OAEPWithSHA256AndMGF1 padding mode.
crypto: OAEPwithSHA384andMGF1
The OAEPwithSHA384andMGF1 padding mode.
crypto: OAEPwithSHA512andMGF1
The OAEPwithSHA512andMGF1 padding mode.
crypto: PKCS1
The PKCS1 padding mode.
crypto: PKCS5
The PKCS5 padding mode.
crypto: RSA
The RSA algorithm.
Enums
crypto: CompressionAlgorithmTags
Represents the compression algorithms available in PGP.
Members
UNCOMPRESSED - No compression
ZIP - Uses (RFC 1951) compression
ZLIB - Uses (RFC 1950) compression
BZIP2 - Uses Burrows–Wheeler algorithm
crypto: SymmetricKeyAlgorithmTags
Represent the symmetric key algorithms available in PGP.
Members
NULL - No encryption
IDEA - IDEA symmetric key algorithm
TRIPLE_DES - Triple DES symmetric key algorithm
CAST5 - CAST5 symmetric key algorithm
BLOWFISH - Blowfish symmetric key algorithm
SAFER - SAFER symmetric key algorithm
DES - DES symmetric key algorithm
AES_128 - AES 128-bit symmetric key algorithm
AES_192 - AES 192-bit symmetric key algorithm
AES_256 - AES 256-bit symmetric key algorithm
TWOFISH - Twofish symmetric key algorithm
CAMELLIA_128 - Camellia 128-bit symmetric key algorithm
CAMELLIA_192 - Camellia 192-bit symmetric key algorithm
CAMELLIA_256
Records
crypto: Certificate
Closed record
Represents the X509 public key certificate information.
Fields
- version0 int - Version number
- serial int - Serial number
- issuer string - Issuer name
- subject string - Subject name
- notBefore Utc - Not before validity period of certificate
- notAfter Utc - Not after validity period of certificate
- signature byte[] - Raw signature bits
- signingAlgorithm string - Signature algorithm
crypto: EncapsulationResult
Closed record
Represents the shared secret and its encapsulation used in Key Encapsulation Mechanism (KEM).
Fields
- encapsulatedSecret byte[] - Encapsulated secret
crypto: HybridEncryptionResult
Closed record
Represents the encapsulated secret and the ciphertext used in Hybrid Public Key Encryption (HPKE).
Fields
- encapsulatedSecret byte[] - The encapsulated secret
- cipherText byte[] - The encrypted data
crypto: KeyStore
Closed record
Represents the KeyStore-related configurations.
Fields
- path string - Path to the KeyStore file
- password string - KeyStore password
crypto: Options
Closed record
Represents the PGP encryption options.
Fields
- compressionAlgorithm CompressionAlgorithmTags(default ZIP) - Specifies the compression algorithm used for PGP encryption
- symmetricKeyAlgorithm SymmetricKeyAlgorithmTags(default AES_256) - Specifies the symmetric key algorithm used for encryption
- armor boolean(default true) - Indicates whether ASCII armor is enabled for the encrypted output
- withIntegrityCheck boolean(default true) - Indicates whether integrity check is included in the encryption
crypto: PrivateKey
Closed record
Represents the private key used in cryptographic operations.
Fields
- algorithm KeyAlgorithm - Key algorithm
crypto: PublicKey
Closed record
Represents the public key used in cryptographic operations.
Fields
- algorithm KeyAlgorithm - Key algorithm
- certificate? Certificate - Public key certificate
crypto: TrustStore
Closed record
Represents the truststore-related configurations.
Fields
- path string - Path to the TrustStore file
- password string - TrustStore password
Errors
crypto: Error
Distinct
Represents the error type of the module.
Union types
crypto: AesKeySize
AesKeySize
Represent the supported symmetric key sizes for AES algorithm.
crypto: AesPadding
AesPadding
Represents the padding algorithms supported by AES encryption and decryption.
crypto: RsaPadding
RsaPadding
Represents the padding algorithms supported with RSA encryption and decryption.