16 X509verify \- RSA encryption algorithm
24 .B #include <libsec.h>
26 .ta +\w'\fLRSApriv* \fP'u
28 RSApriv* rsagen(int nlen, int elen, int nrep)
31 mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out)
34 mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out)
37 RSApub* rsapuballoc(void)
40 void rsapubfree(RSApub*)
43 RSApriv* rsaprivalloc(void)
46 void rsaprivfree(RSApriv*)
49 RSApub* rsaprivtopub(RSApriv*)
52 RSApub* X509toRSApub(uchar *cert, int ncert, char *name, int nname)
55 RSApriv* asn1toRSApriv(uchar *priv, int npriv)
58 void asn1dump(uchar *der, int len)
61 uchar* decodePEM(char *s, char *type, int *len, char **new_s)
64 uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
67 uchar* X509req(RSApriv *priv, char *subj, int *certlen);
70 char* X509verify(uchar *cert, int ncert, RSApub *pk)
73 RSA is a public key encryption algorithm. The owner of a key publishes
74 the public part of the key:
79 mpint *n; /* modulus */
80 mpint *ek; /* exp (encryption key) */
84 This part can be used for encrypting data (with
86 to be sent to the owner.
87 The owner decrypts (with
89 using his private key:
95 mpint *dk; /* exp (decryption key) */
97 /* precomputed crt values */
100 mpint *kp; /* k mod p-1 */
101 mpint *kq; /* k mod q-1 */
102 mpint *c2; /* for converting residues to number */
106 Keys are generated using
109 takes both bit length of the modulus, the bit length of the
110 public key exponent, and the number of repetitions of the Miller-Rabin
111 primality test to run. If the latter is 0, it does the default number
114 returns a newly allocated structure containing both
115 public and private keys.
117 returns a newly allocated copy of the public key
118 corresponding to the private key.
128 are provided to aid in user provided key I/O.
134 returns the public key and, if
136 is not nil, the CN part of the Distinguished Name of the
137 certificate's Subject.
138 (This is conventionally a userid or a host DNS name.)
139 No verification is done of the certificate signature; the
140 caller should check the fingerprint,
142 against a table or check the certificate by other means.
143 X.509 certificates are often stored in PEM format; use
145 to convert to binary before computing the fingerprint or calling
147 For the special case of
148 certificates signed by a known trusted key
149 (in a single step, without certificate chains),
151 checks the signature on
153 It returns nil if successful, else an error string.
156 creates a self-signed X.509 certificate, given an RSA keypair
158 a issuer/subject string
160 and the starting and ending validity dates,
162 Length of the allocated binary certificate is stored in
164 The subject line is conventionally of the form
167 C=US ST=NJ L=07922 O=Lucent OU='Bell Labs' CN=Eric
170 using the quoting conventions of
176 converts an ASN1 formatted RSA private key into the corresponding
181 prints an ASN1 object to standard output.
184 takes a zero terminated string,
186 and decodes the PEM (privacy-enhanced mail) formatted section for
189 If successful, it returns
191 storage containing the decoded section,
192 which the caller must free,
195 to its decoded length.
203 is set to the first character beyond the