Class Index | File Index

Classes


Namespace rsa

RSA Public Key cryptography
Defined in: rsa.js.

Namespace Summary
Constructor Attributes Constructor Name and Description
 
rsa

An implementation of PKCS#1 v2.1.

Field Summary
Field Attributes Field Name and Description
<static>  
Hash function to use for OAEP label (hashing.sha256 by default)
<static>  
If something fails, this code provides information about the error.
<static>  
rsa.label
Label of OAEP encryption, an ASCII string empty by default.
<static>  
rsa.mgf_hash
Hash function to use for MGF function (hashing.sha256 by default)
<static>  
rsa.salt
Salt of PSS signature, an ASCII string empty by default.
<static>  
Hash function to use for PSS signature (hashing.sha256 by default)
Method Summary
Method Attributes Method Name and Description
<private> <static>  
rsa._pkcs1_sig_pad(m, n)
EMSA-PKCS1-v1_5-ENCODE
<private> <static>  
rsa._private(message, priv)
RSADP/RSASP1 - Computes m^d mod n using CRT coefficients.
<static>  
rsa.decrypt(message, priv)
RSAES-OAEP-DECRYPT decryption.
<static>  
rsa.encrypt(m, pub)
RSAES-OAEP-ENCRYPT encryption.
<static>  
rsa.MGF(seed, length)
MGF1 message generating function.
<static>  
rsa.sign(message, priv)
RSASSA-PSS-SIGN signature using rsa.signature_hash.
<static>  
rsa.sign_pkcs1_v1_5(message, priv)
RSASSA-PKCS1-V1_5-SIGN signature using rsa.signature_hash.
<static>  
rsa.verify(data, signature, pub)
RSASSA-PSS-VERIFY signature verification using rsa.signature_hash.
<static>  
rsa.verify_pkcs1_v1_5(data, signature, pub)
RSASSA-PKCS1-V1_5-VERIFY signature verification using rsa.signature_hash.
Namespace Detail
rsa

An implementation of PKCS#1 v2.1.

The main difference with other PKCS#1 implementations is the format of the keys. Instead of using ASN.1 for encoding, the keys are stored in an equivalent JSON object. For a public key, the fields are 'n' for the modulus and 'e' for the public exponent. In addition, a private key must contain the CRT values 'dmp1', 'dmq1', 'p', 'q' and 'iqmp' (the private exponent 'd' is not required because it is not used for decryption; using BigInteger it is easy to compute 'dmp1', 'dmq1' and 'iqmp' from 'd', 'p' and 'q').

Use the following PHP script (requires the openssl extension) to convert a PKCS#1 key to JSON:

#!/usr/bin/env php
<?
if(count($argv)<2) die("Usage: {$argv[0]} file.pem\n");
$f = "file://{$argv[1]}";
if(!($k = openssl_pkey_get_private($f)))
 dir("Failed to import private key {$argv[1]}.\n");
$d = openssl_pkey_get_details($k);
$pk = $d['rsa'];
foreach($pk as $p=>$v) $pk[$p] = bin2hex($v);
echo json_encode($pk)."\n";

Author: Anonymized.
Requires:
BigInteger
encoding
hashing
Field Detail
<static> rsa.encryption_hash
Hash function to use for OAEP label (hashing.sha256 by default)

<static> rsa.error_code
If something fails, this code provides information about the error.
CodeDescription
0No error.
1Message is too long for the modulus.
2Invalid length of the input to decrypt or verify.
3Top byte/bit is not zero after decryption/verification.
4Incorrect padding of encrypted/signature data.
5Bad label of OAEP encryption.
6PSS salt is too long for modulus.
7Invalid PSS padding byte in PSS signature.

<static> rsa.label
Label of OAEP encryption, an ASCII string empty by default. Can be of any length since it will be hash using rsa.encryption_hash

<static> rsa.mgf_hash
Hash function to use for MGF function (hashing.sha256 by default)

<static> rsa.salt
Salt of PSS signature, an ASCII string empty by default. The max length is n-h-2 where n is the modulus size in bytes and h the size in bytes of the output of the hash function.

<static> rsa.signature_hash
Hash function to use for PSS signature (hashing.sha256 by default)
Method Detail
<private> <static> rsa._pkcs1_sig_pad(m, n)
EMSA-PKCS1-v1_5-ENCODE
Parameters:
m
n

<private> <static> {string} rsa._private(message, priv)
RSADP/RSASP1 - Computes m^d mod n using CRT coefficients.
Parameters:
{string} message
Hex-encoded message
{privateKey} priv
Private key object
Returns:
{string} Hex string representing m^d mod n

<static> {string} rsa.decrypt(message, priv)
RSAES-OAEP-DECRYPT decryption.
Parameters:
{string} message
Hex string containing the encrypted data
{privateKey} priv
Private Key
Returns:
{string} ASCII string representing the original message, or an empty string if decryption failed.

<static> {string} rsa.encrypt(m, pub)
RSAES-OAEP-ENCRYPT encryption.
Parameters:
{string} m
Message to encode, an ASCII string
{publicKey} pub
Public key
Returns:
{string} Hex string representing the encrypted message

<static> {string} rsa.MGF(seed, length)
MGF1 message generating function. Underlying hash function is rsa.mgf_hash
Parameters:
{string} seed
Hex string containing the seed for message generation
{number} length
Length n of the requested message in bytes
Returns:
{string} Hex string of the desired length

<static> {string} rsa.sign(message, priv)
RSASSA-PSS-SIGN signature using rsa.signature_hash.
Parameters:
{string} message
ASCII string containing the data to sign
{privateKey} priv
Private Key
Returns:
{string} Hex string representing a PSS signature for the data

<static> {string} rsa.sign_pkcs1_v1_5(message, priv)
RSASSA-PKCS1-V1_5-SIGN signature using rsa.signature_hash.
Parameters:
{string} message
ASCII string containing the data to sign
{privateKey} priv
Private Key
Returns:
{string} Hex string representing a PKCS1v1.5 signature for the data

<static> {boolean} rsa.verify(data, signature, pub)
RSASSA-PSS-VERIFY signature verification using rsa.signature_hash.
Parameters:
{string} data
ASCII string containing the signed data
{string} signature
Hex string containing the signature of the data
{publicKey} pub
Public key of the expected sender
Returns:
{boolean} whether s is a valid signature for m from pub

<static> {boolean} rsa.verify_pkcs1_v1_5(data, signature, pub)
RSASSA-PKCS1-V1_5-VERIFY signature verification using rsa.signature_hash.
Parameters:
{string} data
ASCII string containing the signed data
{string} signature
Hex string containing the signature of the data
{publicKey} pub
Public key of the expected sender
Returns:
{boolean} whether s is a valid signature for m from pub

Documentation generated by JsDoc Toolkit on Mon, 26 Nov 2012 17:47:46 UTC