Module pkey

pkey module to create and process public or private key, do asymmetric key operations.

Usage:

    pkey = require'openssl'.pkey
    

Functions

read (input[, priv=false[, format='auto'[, passhprase]]]) read public/private key from data
new (alg, curvename[, flags]) generate a new ec keypair
new ([alg='rsa'[, bits=2048|512[, e[, eng]]]]) generate a new keypair
new (factors) create a new keypair by factors of keypair or get public key only

Class evp_pkey

evp_pkey:export ([support='pem'[, raw=false[, passphrase]]]) export evp_pkey as pem/der string
evp_pkey:parse () get key details as table
evp_pkey:encrypt (data, string) encrypt message with public key encrypt length of message must not longer than key size, if shorter will do padding,currently supports 6 padding modes.
evp_pkey:decrypt (data, string) decrypt message with private key pair with encrypt
evp_pkey:is_private () return key is private or not
evp_pkey:get_public () return public key
evp_pkey:derive (pkey, peer[, eng]) Derive public key algorithm shared secret
evp_pkey:sign (data[, md_alg[, userId='1234567812345678']]) sign message with private key
evp_pkey:verify (data, signature[, md_alg[, userId='1234567812345678']]) verify signed message with public key
evp_pkey:seal (data[, alg='RC4']) seal and encrypt message with one public key data be encrypt with secret key, secret key be encrypt with public key
evp_pkey:open (ekey, string[, md_alg='RC4']) open and ecrypted seal data with private key


Functions

read (input[, priv=false[, format='auto'[, passhprase]]])
read public/private key from data

Parameters:

  • input string or openssl.bio string data or bio object
  • priv boolean prikey set true when input is private key (default false)
  • format string or encoding of input, support ‘auto’,‘pem’,‘der’ (default 'auto')
  • passhprase string when input is private key, or key types ‘ec’,‘rsa’,‘dsa’,‘dh’ (optional)

Returns:

    evp_pkey public key

See also:

new (alg, curvename[, flags])
generate a new ec keypair

Parameters:

  • alg string , alg must be ‘ec’
  • curvename string or number this can be integer as curvename NID
  • flags integer when alg is ec need this. (optional)

Returns:

    evp_pkey object with mapping to EVP_PKEY in openssl
new ([alg='rsa'[, bits=2048|512[, e[, eng]]]])
generate a new keypair

Parameters:

  • alg string , accept rsa,dsa,dh (default 'rsa')
  • bits integer , rsa with 2048, dh or dsa with 1024 (default 2048|512)
  • e integer , when alg is rsa give e value default is 0x10001, when alg is dh give generator value default is 2, when alg is dsa give string type seed value default is none. (optional)
  • eng engine (optional)

Returns:

    evp_pkey object with mapping to EVP_PKEY in openssl
new (factors)
create a new keypair by factors of keypair or get public key only

Parameters:

  • factors table to create private/public key, key alg only accept accept ‘rsa’,‘dsa’,‘dh’,‘ec’ and must exist
    when arg is rsa, table may with key n,e,d,p,q,dmp1,dmq1,iqmp, both are binary string or openssl.bn
    when arg is dsa, table may with key p,q,g,priv_key,pub_key, both are binary string or openssl.bn
    when arg is dh, table may with key p,g,priv_key,pub_key, both are binary string or openssl.bn
    when arg is ec, table may with D,X,Y,Z,both are binary string or openssl.bn

Returns:

    evp_pkey object with mapping to EVP_PKEY in openssl

Usage:

    --create rsa public key
      pubkey = new({alg='rsa',n=...,e=...}
    --create new rsa
      rsa = new({alg='rsa',n=...,q=...,e=...,...}

Class evp_pkey

openssl.evp_pkey object
evp_pkey:export ([support='pem'[, raw=false[, passphrase]]])
export evp_pkey as pem/der string

Parameters:

  • support string export as ‘pem’ or ‘der’ format, default is ‘pem’ (default 'pem')
  • raw boolean true for export low layer key just rsa,dsa,ec (default false)
  • passphrase string if given, export key will encrypt with aes-128-cbc, only need when export private key (optional)

Returns:

    string
evp_pkey:parse ()
get key details as table

Returns:

    table infos with key bits,pkey,type, pkey may be rsa,dh,dsa, show as table with factor hex encoded bignum
evp_pkey:encrypt (data, string)
encrypt message with public key encrypt length of message must not longer than key size, if shorter will do padding,currently supports 6 padding modes. They are: pkcs1, sslv23, no, oaep, x931, pss.

Parameters:

Returns:

    string encrypted message
evp_pkey:decrypt (data, string)
decrypt message with private key pair with encrypt

Parameters:

Returns:

    string result

Or

    nil
evp_pkey:is_private ()
return key is private or not

Returns:

    boolean ture is private or public key
evp_pkey:get_public ()
return public key

Returns:

    evp_pkey pub
evp_pkey:derive (pkey, peer[, eng])
Derive public key algorithm shared secret

Parameters:

  • pkey evp_pkey private key
  • peer evp_pkey public key
  • eng engine (optional)

Returns:

    string
evp_pkey:sign (data[, md_alg[, userId='1234567812345678']])
sign message with private key

Parameters:

  • data string data be signed
  • md_alg string or env_digest default use sha256 or sm3 when pkey is SM2 type (optional)
  • userId string used when pkey is SM2 type (default '1234567812345678')

Returns:

    string signed message
evp_pkey:verify (data, signature[, md_alg[, userId='1234567812345678']])
verify signed message with public key

Parameters:

  • data string data be signed
  • signature string signed result
  • md_alg string or env_digest default use sha256 or sm3 when pkey is SM2 type (optional)
  • userId string used when pkey is SM2 type (default '1234567812345678')

Returns:

    boolean true for pass verify
evp_pkey:seal (data[, alg='RC4'])
seal and encrypt message with one public key data be encrypt with secret key, secret key be encrypt with public key

Parameters:

  • data string data to be encrypted
  • alg cipher or string (default 'RC4')

Returns:

  1. string data encrypted
  2. string skey secret key encrypted by public key
  3. string iv
evp_pkey:open (ekey, string[, md_alg='RC4'])
open and ecrypted seal data with private key

Parameters:

  • ekey string encrypted secret key
  • string string iv
  • md_alg evp_cipher or string (default 'RC4')

Returns:

    string data decrypted message or nil on failure
generated by LDoc 1.5.0 Last updated 2024-05-16 23:31:39