Module pkey
pkey module to create and process public or private key, do asymmetric key operations.
Usage:
pkey = require'openssl'.pkey
Functions
| read (input[, priv=false[, format='auto'[, passhprase]]]) | read public/private key from data |
| new (alg, curvename[, flags]) | generate a new ec keypair |
| new ([alg='rsa'[, bits=2048|512[, e[, eng]]]]) | generate a new keypair |
| new (factors) | create a new keypair by factors of keypair or get public key only |
Class evp_pkey
| evp_pkey:export ([support='pem'[, raw=false[, passphrase]]]) | export evp_pkey as pem/der string |
| evp_pkey:parse () | get key details as table |
| evp_pkey:encrypt (data, string) | encrypt message with public key encrypt length of message must not longer than key size, if shorter will do padding,currently supports 6 padding modes. |
| evp_pkey:decrypt (data, string) | decrypt message with private key pair with encrypt |
| evp_pkey:is_private () | return key is private or not |
| evp_pkey:get_public () | return public key |
| evp_pkey:derive (pkey, peer[, eng]) | Derive public key algorithm shared secret |
| evp_pkey:sign (data[, md_alg[, userId='1234567812345678']]) | sign message with private key |
| evp_pkey:verify (data, signature[, md_alg[, userId='1234567812345678']]) | verify signed message with public key |
| evp_pkey:seal (data[, alg='RC4']) | seal and encrypt message with one public key data be encrypt with secret key, secret key be encrypt with public key |
| evp_pkey:open (ekey, string[, md_alg='RC4']) | open and ecrypted seal data with private key |
Functions
- read (input[, priv=false[, format='auto'[, passhprase]]])
-
read public/private key from data
Parameters:
- input string or openssl.bio string data or bio object
- priv boolean prikey set true when input is private key (default false)
- format string or encoding of input, support ‘auto’,‘pem’,‘der’ (default 'auto')
- passhprase string when input is private key, or key types ‘ec’,‘rsa’,‘dsa’,‘dh’ (optional)
Returns:
-
evp_pkey
public key
See also:
- new (alg, curvename[, flags])
-
generate a new ec keypair
Parameters:
- alg string , alg must be ‘ec’
- curvename string or number this can be integer as curvename NID
- flags integer when alg is ec need this. (optional)
Returns:
-
evp_pkey
object with mapping to EVP_PKEY in openssl
- new ([alg='rsa'[, bits=2048|512[, e[, eng]]]])
-
generate a new keypair
Parameters:
- alg
string
, accept
rsa,dsa,dh(default 'rsa') - bits
integer
,
rsawith 2048,dhordsawith 1024 (default 2048|512) - e
integer
, when alg is
rsagive e value default is 0x10001, when alg isdhgive generator value default is 2, when alg isdsagive string type seed value default is none. (optional) - eng engine (optional)
Returns:
-
evp_pkey
object with mapping to EVP_PKEY in openssl
- alg
string
, accept
- new (factors)
-
create a new keypair by factors of keypair or get public key only
Parameters:
- factors
table
to create private/public key, key alg only accept accept ‘rsa’,‘dsa’,‘dh’,‘ec’ and must exist
when arg is rsa, table may with key n,e,d,p,q,dmp1,dmq1,iqmp, both are binary string or openssl.bn
when arg is dsa, table may with key p,q,g,priv_key,pub_key, both are binary string or openssl.bn
when arg is dh, table may with key p,g,priv_key,pub_key, both are binary string or openssl.bn
when arg is ec, table may with D,X,Y,Z,both are binary string or openssl.bn
Returns:
-
evp_pkey
object with mapping to EVP_PKEY in openssl
Usage:
--create rsa public key pubkey = new({alg='rsa',n=...,e=...} --create new rsa rsa = new({alg='rsa',n=...,q=...,e=...,...}
- factors
table
to create private/public key, key alg only accept accept ‘rsa’,‘dsa’,‘dh’,‘ec’ and must exist
when arg is rsa, table may with key n,e,d,p,q,dmp1,dmq1,iqmp, both are binary string or openssl.bn
Class evp_pkey
openssl.evp_pkey object
- evp_pkey:export ([support='pem'[, raw=false[, passphrase]]])
-
export evp_pkey as pem/der string
Parameters:
- support string export as ‘pem’ or ‘der’ format, default is ‘pem’ (default 'pem')
- raw boolean true for export low layer key just rsa,dsa,ec (default false)
- passphrase string if given, export key will encrypt with aes-128-cbc, only need when export private key (optional)
Returns:
- evp_pkey:parse ()
-
get key details as table
Returns:
-
table
infos with key bits,pkey,type, pkey may be rsa,dh,dsa, show as table with factor hex encoded bignum
- evp_pkey:encrypt (data, string)
-
encrypt message with public key
encrypt length of message must not longer than key size, if shorter will do padding,currently supports 6 padding modes.
They are: pkcs1, sslv23, no, oaep, x931, pss.
Parameters:
- data string data to be encrypted
- string string[opt='pkcs1'] padding padding mode
Returns:
-
string
encrypted message
- evp_pkey:decrypt (data, string)
-
decrypt message with private key
pair with encrypt
Parameters:
- data string data to be decrypted
- string string[opt='pkcs1'] padding padding mode
Returns:
-
string
result
Or
-
nil
- evp_pkey:is_private ()
-
return key is private or not
Returns:
-
boolean
ture is private or public key
- evp_pkey:get_public ()
-
return public key
Returns:
-
evp_pkey
pub
- evp_pkey:derive (pkey, peer[, eng])
-
Derive public key algorithm shared secret
Parameters:
- pkey evp_pkey private key
- peer evp_pkey public key
- eng engine (optional)
Returns:
- evp_pkey:sign (data[, md_alg[, userId='1234567812345678']])
-
sign message with private key
Parameters:
- data string data be signed
- md_alg string or env_digest default use sha256 or sm3 when pkey is SM2 type (optional)
- userId string used when pkey is SM2 type (default '1234567812345678')
Returns:
-
string
signed message
- evp_pkey:verify (data, signature[, md_alg[, userId='1234567812345678']])
-
verify signed message with public key
Parameters:
- data string data be signed
- signature string signed result
- md_alg string or env_digest default use sha256 or sm3 when pkey is SM2 type (optional)
- userId string used when pkey is SM2 type (default '1234567812345678')
Returns:
-
boolean
true for pass verify
- evp_pkey:seal (data[, alg='RC4'])
-
seal and encrypt message with one public key
data be encrypt with secret key, secret key be encrypt with public key
Parameters:
Returns:
- evp_pkey:open (ekey, string[, md_alg='RC4'])
-
open and ecrypted seal data with private key
Parameters:
Returns:
-
string
data decrypted message or nil on failure