cryptonite-0.25: Cryptography Primitives sink

LicenseBSD-style
MaintainerVincent Hanquez <vincent@snarc.org>
Stabilityexperimental
PortabilityGood
Safe HaskellNone
LanguageHaskell2010

Crypto.PubKey.RSA.PKCS15

Contents

Description

 

Synopsis

Padding and unpadding

pad :: (MonadRandom m, ByteArray message) => Int -> message -> m (Either Error message) Source #

This produce a standard PKCS1.5 padding for encryption

padSignature :: ByteArray signature => Int -> signature -> Either Error signature Source #

Produce a standard PKCS1.5 padding for signature

unpad :: ByteArray bytearray => bytearray -> Either Error bytearray Source #

Try to remove a standard PKCS1.5 encryption padding.

Private key operations

decrypt Source #

Arguments

:: Maybe Blinder

optional blinder

-> PrivateKey

RSA private key

-> ByteString

cipher text

-> Either Error ByteString 

decrypt message using the private key.

When the decryption is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None.

If unsure always set a blinder or use decryptSafer

The message is returned un-padded.

decryptSafer Source #

Arguments

:: MonadRandom m 
=> PrivateKey

RSA private key

-> ByteString

cipher text

-> m (Either Error ByteString) 

decrypt message using the private key and by automatically generating a blinder.

sign Source #

Arguments

:: HashAlgorithmASN1 hashAlg 
=> Maybe Blinder

optional blinder

-> Maybe hashAlg

hash algorithm

-> PrivateKey

private key

-> ByteString

message to sign

-> Either Error ByteString 

sign message using private key, a hash and its ASN1 description

When the signature is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None.

If unsure always set a blinder or use signSafer

signSafer Source #

Arguments

:: (HashAlgorithmASN1 hashAlg, MonadRandom m) 
=> Maybe hashAlg

Hash algorithm

-> PrivateKey

private key

-> ByteString

message to sign

-> m (Either Error ByteString) 

sign message using the private key and by automatically generating a blinder.

Public key operations

encrypt :: MonadRandom m => PublicKey -> ByteString -> m (Either Error ByteString) Source #

encrypt a bytestring using the public key.

The message needs to be smaller than the key size - 11. The message should not be padded.

verify :: HashAlgorithmASN1 hashAlg => Maybe hashAlg -> PublicKey -> ByteString -> ByteString -> Bool Source #

verify message with the signed message

Hash ASN1 description

class HashAlgorithm hashAlg => HashAlgorithmASN1 hashAlg Source #

A specialized class for hash algorithm that can product a ASN1 wrapped description the algorithm plus the content of the digest.

Minimal complete definition

hashDigestASN1