Crypt::RSA man page on OpenServer

Man page or keyword search:  
man Server   5388 pages
apropos Keyword Search (all sections)
Output format
OpenServer logo
[printable version]

Crypt::RSA(3)	      User Contributed Perl Documentation	 Crypt::RSA(3)

NAME
       Crypt::RSA - RSA public-key cryptosystem.

VERSION
	$Revision: 1.48 $ (Beta)
	$Date: 2001/09/25 12:44:55 $

SYNOPSIS
	   my $rsa = new Crypt::RSA;

	   my ($public, $private) =
	       $rsa->keygen (
		   Identity  => 'Lord Macbeth <macbeth@glamis.com>',
		   Size	     => 1024,
		   Password  => 'A day so foul & fair',
		   Verbosity => 1,
	       ) or die $rsa->errstr();

	   my $cyphertext =
	       $rsa->encrypt (
		   Message    => $message,
		   Key	      => $public,
		   Armour     => 1,
	       ) || die $rsa->errstr();

	   my $plaintext =
	       $rsa->decrypt (
		   Cyphertext => $cyphertext,
		   Key	      => $private,
		   Armour     => 1,
	       ) || die $rsa->errstr();

	   my $signature =
	       $rsa->sign (
		   Message    => $message,
		   Key	      => $private
	       ) || die $rsa->errstr();

	   my $verify =
	       $rsa->verify (
		   Message    => $message,
		   Signature  => $signature,
		   Key	      => $public
	       ) || die $rsa->errstr();

NOTE
       This manual assumes familiarity with public-key cryptography and the
       RSA algorithm. If you don't know what these are or how they work,
       please refer to the sci.crypt FAQ[15]. A formal treatment of RSA can be
       found in [1].

DESCRIPTION
       Crypt::RSA is a pure-perl, cleanroom implementation of the RSA public-
       key cryptosystem. It uses Math::Pari(3), a perl interface to the blaz-
       ingly fast PARI library, for big integer arithmetic and number theo-
       retic computations.

       Crypt::RSA provides arbitrary size key-pair generation, plaintext-aware
       encryption (OAEP) and digital signatures with appendix (PSS). For com-
       patibility with SSLv3, RSAREF2, PGP and other applications that follow
       the PKCS #1 v1.5 standard, it also provides PKCS #1 v1.5 encryption and
       signatures.

       Crypt::RSA is structured as bundle of modules that encapsulate differ-
       ent parts of the RSA cryptosystem. The RSA algorithm is implemented in
       Crypt::RSA::Primitives(3). Encryption schemes, located under
       Crypt::RSA::ES, and signature schemes, located under Crypt::RSA::SS,
       use the RSA algorithm to build encryption/signature schemes that employ
       secure padding. (See the note on Security of Padding Schemes.)

       The key generation engine and other functions that work on both compo-
       nents of the key-pair are encapsulated in Crypt::RSA::Key(3).
       Crypt::RSA::Key::Public(3) & Crypt::RSA::Key::Private(3) provide mecha-
       nisms for storage & retrival of keys from disk, decoding & encoding of
       keys in certain formats, and secure representation of keys in memory.
       Finally, the Crypt::RSA module provides a convenient, DWIM wrapper
       around the rest of the modules in the bundle.

SECURITY OF PADDING SCHEMES
       It has been conclusively shown that textbook RSA is insecure[3,7].
       Secure RSA requires that plaintext is padded in a specific manner
       before encryption and signing. There are four main standards for pad-
       ding: PKCS #1 v1.5 encryption & signatures, and OAEP encryption & PSS
       signatures.  Crypt::RSA implements these as four modules that provide
       overloaded encrypt(), decrypt(), sign() and verify() methods that add
       padding functionality to the basic RSA operations.

       Crypt::RSA::ES::PKCS1v15(3) implements PKCS #1 v1.5 encryption,
       Crypt::RSA::SS::PKCS1v15(3) implements PKCS #1 v1.5 signatures,
       Crypt::RSA::ES::OAEP(3) implements Optimal Asymmetric Encryption and
       Crypt::RSA::SS::PSS(3) Probabilistic Signatures.

       PKCS #1 v1.5 schemes are older and hence more widely deployed, but PKCS
       #1 v1.5 encryption has certain flaws that make it vulnerable to chosen-
       cyphertext attacks[9]. Even though Crypt::RSA works around these vul-
       nerabilities, it is recommended that new applications use OAEP and PSS,
       both of which are provably secure[13]. In any event, Crypt::RSA::Primi-
       tives (without padding) should never be used directly.

       That said, there exists a scheme called Simple RSA[16] that provides
       security without padding. However, Crypt::RSA doesn't implement this
       scheme yet.

METHODS
       new()
	   The constructor. When no arguments are provided, new() returns an
	   object loaded with default values. This object can be customized by
	   specifying encryption & signature schemes, key formats and post
	   processors. For details see the section on Customizing the
	   Crypt::RSA object later in this manpage.

       keygen()
	   keygen() generates and returns an RSA key-pair of specified bit-
	   size.  keygen() is a synonym for Crypt::RSA::Key::generate().
	   Parameters and return values are described in the
	   Crypt::RSA::Key(3) manpage.

       encrypt()
	   encrypt() performs RSA encryption on a string of arbitrary length
	   with a public key using the encryption scheme bound to the object.
	   The default scheme is OAEP. encrypt() returns cyphertext (a string)
	   on success and undef on failure. It takes a hash as argument with
	   following keys:

	   Message
	       An arbitrary length string to be encrypted.

	   Key Public key of the recipient, a Crypt::RSA::Key::Public(3) or
	       compatible object.

	   Armour
	       A boolean parameter that forces cyphertext through a post pro-
	       cessor after encrpytion. The default post processor is Con-
	       vert::ASCII::Armour(3) that encodes binary octets in 6-bit
	       clean ASCII messages. The cyphertext is returned as-is, when
	       the Armour key is not present.

       decrypt()
	   decrypt() performs RSA decryption with a private key using the
	   encryption scheme bound to the object. The default scheme is OAEP.
	   decrypt() returns plaintext on success and undef on failure. It
	   takes a hash as argument with following keys:

	   Cyphertext
	       Cyphertext of arbitrary length.

	   Key Private key, a Crypt::RSA::Key::Private(3) or compatible
	       object.

	   Armour
	       Boolean parameter that specifies whether the Cyphertext is
	       encoded with a post processor.

       sign()
	   sign() creates an RSA signature on a string with a private key
	   using the signature scheme bound to the object. The default scheme
	   is PSS. sign() returns a signature on success and undef on failure.
	   It takes a hash as argument with following keys:

	   Message
	       A string of arbitrary length to be signed.

	   Key Private key of the sender, a Crypt::RSA::Key::Private(3) or
	       compatible object.

	   Armour
	       A boolean parameter that forces the computed signature to be
	       post processed.

       verify()
	   verify() verifies an RSA signature with a public key using the sig-
	   nature scheme bound to the object. The default scheme is PSS. ver-
	   ify() returns a true value on success and undef on failure. It
	   takes a hash as argument with following keys:

	   Message
	       A signed message, a string of arbitrary length.

	   Key Public key of the signer, a Crypt::RSA::Key::Public(3) or com-
	       patible object.

	   Sign
	       A signature computed with sign().

	   Armour
	       Boolean parameter that specifies whether the Signature has been
	       post processed.

MODULES
       Apart from Crypt::RSA, the following modules are intended for applica-
       tion developer and end-user consumption:

       Crypt::RSA::Key
	   RSA key pair generator.

       Crypt::RSA::Key::Public
	   RSA Public Key Management.

       Crypt::RSA::Key::Private
	   RSA Private Key Management.

       Crypt::RSA::ES::OAEP
	   Plaintext-aware encryption with RSA.

       Crypt::RSA::SS::PSS
	   Probabilistic Signature Scheme based on RSA.

       Crypt::RSA::ES::PKCS1v15
	   PKCS #1 v1.5 encryption scheme.

       Crypt::RSA::SS::PKCS1v15
	   PKCS #1 v1.5 signature scheme.

CUSTOMISING A CRYPT::RSA OBJECT
       A Crypt::RSA object can be customized by passing any of the following
       keys in a hash to new(): ES to specify the encryption scheme, SS to
       specify the signature scheme, PP to specify the post processor, and KF
       to specify the key format. The value associated with these keys can
       either be a name (a string) or a hash reference that specifies a module
       name, its constructor, and constructor arguments. For example:

	   my $rsa = new Crypt::RSA ( ES => 'OAEP' );

			   or

	   my $rsa = new Crypt::RSA ( ES => { Module => 'Crypt::RSA::ES::OAEP' } );

       A module thus specified need not be included in the Crypt::RSA bundle,
       but it must be interface compatible with the ones provided with
       Crypt::RSA.

       As of this writing, the following names are recognised:

       ES (Encryption Scheme)
	       'OAEP', 'PKCS1v15'

       SS (Signature Scheme)
	       'PSS', 'PKCS1v15'

       KF (Key Format)
	       'Native', 'SSH'

       PP (Post Processor)
	       'ASCII'

ERROR HANDLING
       All modules in the Crypt::RSA bundle use a common error handling method
       (implemented in Crypt::RSA::Errorhandler(3)). When a method fails it
       returns undef and calls $self->error() with the error message. This
       error message is available to the caller through the errstr() method.
       For more details see the Crypt::RSA::Errorhandler(3) manpage.

AUTHOR
       Vipul Ved Prakash, <mail@vipul.net>

ACKNOWLEDGEMENTS
       Thanks to Ilya Zakharevich for help with Math::Pari, Benjamin Trott for
       several patches including SSH key support, Genche Ramanoudjame for
       extensive testing and numerous bug reports, Shizukesa on #perl for sug-
       gesting the error handling method used in this module, and Dave Paris
       for good advice.

LICENSE
       Copyright (c) 2000-2005, Vipul Ved Prakash. All rights reserved.	 This
       code is free software; it is distributed under a disjunctive Artis-
       tic/GPL license, like Perl itself.

       I have received requests for commercial licenses of Crypt::RSA, from
       those who desire contractual support and indemnification. I'd be happy
       to provide a commercial license if you need one. Please send me mail at
       "mail@vipul.net" with the subject "Crypt::RSA license". Please don't
       send me mail asking if you need a commercial license. You don't, if
       Artistic of GPL suit you fine.

SEE ALSO
       Crypt::RSA::Primitives(3), Crypt::RSA::DataFormat(3),
       Crypt::RSA::Errorhandler(3), Crypt::RSA::Debug(3), Crypt::Primes(3),
       Crypt::Random(3), Crypt::CBC(3), Crypt::Blowfish(3), Tie::Encrypted-
       Hash(3), Convert::ASCII::Armour(3), Math::Pari(3), Class::Loader(3),
       crypt-rsa-interoperability(3), crypt-rsa-interoperability-table(3).

REPORTING BUGS
       All bug reports related to Crypt::RSA should go to rt.cpan.org at
       "http://rt.cpan.org/Dist/Display.html?Queue=Crypt-RSA"

       Crypt::RSA is considered to be stable. If you are running into a prob-
       lem, it's likely of your own making. Please check your code and consult
       the documentation before posting a bug report. A google search with the
       error message might also shed light if it is a common mistake that
       you've made.

       If the module installation fails with a "Segmentation Fault" or "Bus
       Error", it is likely a Math::Pari issue. Please consult Math::Pari bugs
       on rt.cpan.org or open a bug there. There have been known issues on HP-
       UX and SunOS systems (with Math::Pari), so if you are on those OSes,
       please consult Math::Pari resources before opening a Crypt::RSA bug.

BIBLIOGRAPHY
       Chronologically sorted (for the most part).

       1 R. Rivest, A. Shamir, L. Aldeman. A Method for Obtaining Digital Sig-
       natures and Public-Key Cryptosystems (1978).
       2 U. Maurer. Fast Generation of Prime Numbers and Secure Public-Key
       Cryptographic Parameters (1994).
       3 M. Bellare, P. Rogaway. Optimal Asymmetric Encryption - How to
       Encrypt with RSA (1995).
       4 M. Bellare, P. Rogaway. The Exact Security of Digital Signatures -
       How to sign with RSA and Rabin (1996).
       5 B. Schneier. Applied Cryptography, Second Edition (1996).
       6 A. Menezes, P. Oorschot, S. Vanstone. Handbook of Applied Cryptogra-
       phy (1997).
       7 D. Boneh. Twenty Years of Attacks on the RSA Cryptosystem (1998).
       8 D. Bleichenbacher, M. Joye, J. Quisquater. A New and Optimal Chosen-
       message Attack on RSA-type Cryptosystems (1998).
       9 B. Kaliski, J. Staddon. Recent Results on PKCS #1: RSA Encryption
       Standard, RSA Labs Bulletin Number 7 (1998).
       10 B. Kaliski, J. Staddon. PKCS #1: RSA Cryptography Specifications
       v2.0, RFC 2437 (1998).
       11 SSH Communications Security. SSH 1.2.7 source code (1998).
       12 S. Simpson. PGP DH vs. RSA FAQ v1.5 (1999).
       13 RSA Laboratories. Draft I, PKCS #1 v2.1: RSA Cryptography Standard
       (1999).
       14 E. Young, T. Hudson, OpenSSL Team. OpenSSL 0.9.5a source code
       (2000).
       15 Several Authors. The sci.crypt FAQ at http://www.faqs.org/faqs/cryp-
       tography-faq/part01/index.html
       16 Victor Shoup. A Proposal for an ISO Standard for Public Key Encryp-
       tion (2001).

perl v5.8.8			  2005-10-20			 Crypt::RSA(3)
[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server OpenServer

List of man pages available for OpenServer

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net