RSA(2)
NAME
asn1dump, asn1toRSApriv, decodePEM, rsadecrypt, rsaencrypt, rsagen, rsaprivalloc, rsaprivfree, rsaprivtopub, rsapuballoc, rsapubfree, X509toRSApub, X509gen, X509verify − RSA encryption algorithm
SYNOPSIS
#include <u.h>
#include <libc.h>
#include <mp.h>
#include <libsec.h>
RSApriv∗rsagen(int nlen, int elen, int nrep)
mpint∗rsaencrypt(RSApub ∗k, mpint ∗in, mpint ∗out)
mpint∗rsadecrypt(RSApriv ∗k, mpint ∗in, mpint ∗out)
RSApub∗rsapuballoc(void)
voidrsapubfree(RSApub∗)
RSApriv∗rsaprivalloc(void)
voidrsaprivfree(RSApriv∗)
RSApub∗rsaprivtopub(RSApriv∗)
RSApub∗X509toRSApub(uchar ∗cert, int ncert, char ∗name, int nname)
RSApriv∗asn1toRSApriv(uchar ∗priv, int npriv)
voidasn1dump(uchar ∗der, int len)
uchar∗decodePEM(char ∗s, char ∗type, int ∗len, char ∗∗new_s)
uchar∗X509gen(RSApriv ∗priv, char ∗subj, ulong valid[2], int ∗certlen);
uchar∗X509req(RSApriv ∗priv, char ∗subj, int ∗certlen);
char∗ X509verify(uchar ∗cert, int ncert, RSApub ∗pk)
DESCRIPTION
RSA is a public key encryption algorithm. The owner of a key publishes the public part of the key:
struct RSApub
{
mpint∗n;// modulus
mpint∗ek;// exp (encryption key)
};
This part can be used for encrypting data (with rsaencrypt) to be sent to the owner. The owner decrypts (with rsadecrypt) using his private key:
struct RSApriv
{
RSApubpub;
mpint∗dk;// exp (decryption key)
// precomputed crt values
mpint∗p;
mpint∗q;
mpint∗kp;// k mod p-1
mpint∗kq;// k mod q-1
mpint∗c2;// for converting residues to number
};
Keys are generated using rsagen. Rsagen takes both bit length of the modulus, the bit length of the public key exponent, and the number of repetitions of the Miller-Rabin primality test to run. If the latter is 0, it does the default number of rounds. Rsagen returns a newly allocated structure containing both public and private keys. Rsaprivtopub returns a newly allocated copy of the public key corresponding to the private key.
The routines rsaalloc, rsafree, rsapuballoc, rsapubfree, rsaprivalloc, and rsaprivfree are provided to aid in user provided key I/O.
Given a binary X.509 cert, the routine X509toRSApub returns the public key and, if name is not nil, the CN part of the Distinguished Name of the certificate’s Subject. (This is conventionally a userid or a host DNS name.) No verification is done of the certificate signature; the caller should check the fingerprint, sha1(cert), against a table or check the certificate by other means. X.509 certificates are often stored in PEM format; use dec64 to convert to binary before computing the fingerprint or calling X509toRSApub. For the special case of certificates signed by a known trusted key (in a single step, without certificate chains) X509verify checks the signature on cert. It returns nil if successful, else an error string.
X509gen creates a self-signed X.509 certificate, given an RSA keypair priv, a issuer/subject string subj, and the starting and ending validity dates, valid. Length of the allocated binary certificate is stored in certlen. The subject line is conventionally of the form
"C=US ST=NJ L=07922 O=Lucent OU=’Bell Labs’ CN=Eric"
using the quoting conventions of tokenize(2).
Asn1toRSApriv converts an ASN1 formatted RSA private key into the corresponding RSApriv structure.
Asn1dump prints an ASN1 object to standard output.
DecodePEM takes a zero terminated string, s, and decodes the PEM (privacy-enhanced mail) formatted section for type within it. If successful, it returns the decoded section and sets ∗len to its decoded length. If not nil, new_s is set to the first character beyond the type section. Otherwise nil is returned and ∗len is undefined.
SOURCE
/sys/src/libsec
SEE ALSO
mp(2), aes(2), blowfish(2), des(2), dsa(2), elgamal(2), rc4(2), sechash(2), prime(2), rand(2), x509(8)
Plan 9 — June 21, 2004