Namespace rsa
RSA Public Key cryptography
Defined in: rsa.js.
| Constructor Attributes | Constructor Name and Description |
|---|---|
|
An implementation of PKCS#1 v2.1. |
| Field Attributes | Field Name and Description |
|---|---|
| <static> |
rsa.encryption_hash
Hash function to use for OAEP label (hashing.sha256 by default)
|
| <static> |
rsa.error_code
If something fails, this code provides information about the error.
|
| <static> |
rsa.label
Label of OAEP encryption, an ASCII string empty by default.
|
| <static> |
rsa.mgf_hash
Hash function to use for MGF function (hashing.sha256 by default)
|
| <static> |
rsa.salt
Salt of PSS signature, an ASCII string empty by default.
|
| <static> |
rsa.signature_hash
Hash function to use for PSS signature (hashing.sha256 by default)
|
| Method Attributes | Method Name and Description |
|---|---|
| <private> <static> |
rsa._pkcs1_sig_pad(m, n)
EMSA-PKCS1-v1_5-ENCODE
|
| <private> <static> |
rsa._private(message, priv)
RSADP/RSASP1 - Computes m^d mod n using CRT coefficients.
|
| <static> |
rsa.decrypt(message, priv)
RSAES-OAEP-DECRYPT decryption.
|
| <static> |
rsa.encrypt(m, pub)
RSAES-OAEP-ENCRYPT encryption.
|
| <static> |
rsa.MGF(seed, length)
MGF1 message generating function.
|
| <static> |
rsa.sign(message, priv)
RSASSA-PSS-SIGN signature using rsa.signature_hash.
|
| <static> |
rsa.sign_pkcs1_v1_5(message, priv)
RSASSA-PKCS1-V1_5-SIGN signature using rsa.signature_hash.
|
| <static> |
rsa.verify(data, signature, pub)
RSASSA-PSS-VERIFY signature verification using rsa.signature_hash.
|
| <static> |
rsa.verify_pkcs1_v1_5(data, signature, pub)
RSASSA-PKCS1-V1_5-VERIFY signature verification using rsa.signature_hash.
|
Namespace Detail
rsa
An implementation of PKCS#1 v2.1.
The main difference with other PKCS#1 implementations is the format of the keys. Instead of using ASN.1 for encoding, the keys are stored in an equivalent JSON object. For a public key, the fields are 'n' for the modulus and 'e' for the public exponent. In addition, a private key must contain the CRT values 'dmp1', 'dmq1', 'p', 'q' and 'iqmp' (the private exponent 'd' is not required because it is not used for decryption; using BigInteger it is easy to compute 'dmp1', 'dmq1' and 'iqmp' from 'd', 'p' and 'q').
Use the following PHP script (requires the openssl extension) to convert a PKCS#1 key to JSON:
#!/usr/bin/env php
<?
if(count($argv)<2) die("Usage: {$argv[0]} file.pem\n");
$f = "file://{$argv[1]}";
if(!($k = openssl_pkey_get_private($f)))
dir("Failed to import private key {$argv[1]}.\n");
$d = openssl_pkey_get_details($k);
$pk = $d['rsa'];
foreach($pk as $p=>$v) $pk[$p] = bin2hex($v);
echo json_encode($pk)."\n";
Author: Anonymized.
- Requires:
- BigInteger
- encoding
- hashing
Field Detail
<static>
rsa.encryption_hash
Hash function to use for OAEP label (hashing.sha256 by default)
<static>
rsa.error_code
If something fails, this code provides information about the error.
| Code | Description |
|---|---|
| 0 | No error. |
| 1 | Message is too long for the modulus. |
| 2 | Invalid length of the input to decrypt or verify. |
| 3 | Top byte/bit is not zero after decryption/verification. |
| 4 | Incorrect padding of encrypted/signature data. |
| 5 | Bad label of OAEP encryption. |
| 6 | PSS salt is too long for modulus. |
| 7 | Invalid PSS padding byte in PSS signature. |
<static>
rsa.label
Label of OAEP encryption, an ASCII string empty by default.
Can be of any length since it will be hash using rsa.encryption_hash
<static>
rsa.mgf_hash
Hash function to use for MGF function (hashing.sha256 by default)
<static>
rsa.salt
Salt of PSS signature, an ASCII string empty by default.
The max length is n-h-2 where n is the modulus size in bytes and h the
size in bytes of the output of the hash function.
<static>
rsa.signature_hash
Hash function to use for PSS signature (hashing.sha256 by default)
Method Detail
<private> <static>
rsa._pkcs1_sig_pad(m, n)
EMSA-PKCS1-v1_5-ENCODE
- Parameters:
- m
- n
<private> <static>
{string}
rsa._private(message, priv)
RSADP/RSASP1 - Computes m^d mod n using CRT coefficients.
- Parameters:
- {string} message
- Hex-encoded message
- {privateKey} priv
- Private key object
- Returns:
- {string} Hex string representing m^d mod n
<static>
{string}
rsa.decrypt(message, priv)
RSAES-OAEP-DECRYPT decryption.
- Parameters:
- {string} message
- Hex string containing the encrypted data
- {privateKey} priv
- Private Key
- Returns:
- {string} ASCII string representing the original message, or an empty string if decryption failed.
<static>
{string}
rsa.encrypt(m, pub)
RSAES-OAEP-ENCRYPT encryption.
- Parameters:
- {string} m
- Message to encode, an ASCII string
- {publicKey} pub
- Public key
- Returns:
- {string} Hex string representing the encrypted message
<static>
{string}
rsa.MGF(seed, length)
MGF1 message generating function. Underlying hash function is rsa.mgf_hash
- Parameters:
- {string} seed
- Hex string containing the seed for message generation
- {number} length
- Length n of the requested message in bytes
- Returns:
- {string} Hex string of the desired length
<static>
{string}
rsa.sign(message, priv)
RSASSA-PSS-SIGN signature using rsa.signature_hash.
- Parameters:
- {string} message
- ASCII string containing the data to sign
- {privateKey} priv
- Private Key
- Returns:
- {string} Hex string representing a PSS signature for the data
<static>
{string}
rsa.sign_pkcs1_v1_5(message, priv)
RSASSA-PKCS1-V1_5-SIGN signature using rsa.signature_hash.
- Parameters:
- {string} message
- ASCII string containing the data to sign
- {privateKey} priv
- Private Key
- Returns:
- {string} Hex string representing a PKCS1v1.5 signature for the data
<static>
{boolean}
rsa.verify(data, signature, pub)
RSASSA-PSS-VERIFY signature verification using rsa.signature_hash.
- Parameters:
- {string} data
- ASCII string containing the signed data
- {string} signature
- Hex string containing the signature of the data
- {publicKey} pub
- Public key of the expected sender
- Returns:
- {boolean} whether s is a valid signature for m from pub
<static>
{boolean}
rsa.verify_pkcs1_v1_5(data, signature, pub)
RSASSA-PKCS1-V1_5-VERIFY signature verification using rsa.signature_hash.
- Parameters:
- {string} data
- ASCII string containing the signed data
- {string} signature
- Hex string containing the signature of the data
- {publicKey} pub
- Public key of the expected sender
- Returns:
- {boolean} whether s is a valid signature for m from pub