License | BSD-style |
---|---|
Maintainer | Vincent Hanquez <vincent@snarc.org> |
Stability | experimental |
Portability | Good |
Safe Haskell | None |
Language | Haskell2010 |
Synopsis
- pad :: (MonadRandom m, ByteArray message) => Int -> message -> m (Either Error message)
- padSignature :: ByteArray signature => Int -> signature -> Either Error signature
- unpad :: ByteArray bytearray => bytearray -> Either Error bytearray
- decrypt :: Maybe Blinder -> PrivateKey -> ByteString -> Either Error ByteString
- decryptSafer :: MonadRandom m => PrivateKey -> ByteString -> m (Either Error ByteString)
- sign :: HashAlgorithmASN1 hashAlg => Maybe Blinder -> Maybe hashAlg -> PrivateKey -> ByteString -> Either Error ByteString
- signSafer :: (HashAlgorithmASN1 hashAlg, MonadRandom m) => Maybe hashAlg -> PrivateKey -> ByteString -> m (Either Error ByteString)
- encrypt :: MonadRandom m => PublicKey -> ByteString -> m (Either Error ByteString)
- verify :: HashAlgorithmASN1 hashAlg => Maybe hashAlg -> PublicKey -> ByteString -> ByteString -> Bool
- class HashAlgorithm hashAlg => HashAlgorithmASN1 hashAlg
Padding and unpadding
pad :: (MonadRandom m, ByteArray message) => Int -> message -> m (Either Error message) #
This produce a standard PKCS1.5 padding for encryption
padSignature :: ByteArray signature => Int -> signature -> Either Error signature #
Produce a standard PKCS1.5 padding for signature
unpad :: ByteArray bytearray => bytearray -> Either Error bytearray #
Try to remove a standard PKCS1.5 encryption padding.
Private key operations
:: Maybe Blinder | optional blinder |
-> PrivateKey | RSA private key |
-> ByteString | cipher text |
-> Either Error ByteString |
decrypt message using the private key.
When the decryption is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None.
If unsure always set a blinder or use decryptSafer
The message is returned un-padded.
:: MonadRandom m | |
=> PrivateKey | RSA private key |
-> ByteString | cipher text |
-> m (Either Error ByteString) |
decrypt message using the private key and by automatically generating a blinder.
:: HashAlgorithmASN1 hashAlg | |
=> Maybe Blinder | optional blinder |
-> Maybe hashAlg | hash algorithm |
-> PrivateKey | private key |
-> ByteString | message to sign |
-> Either Error ByteString |
sign message using private key, a hash and its ASN1 description
When the signature is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None.
If unsure always set a blinder or use signSafer
:: (HashAlgorithmASN1 hashAlg, MonadRandom m) | |
=> Maybe hashAlg | Hash algorithm |
-> PrivateKey | private key |
-> ByteString | message to sign |
-> m (Either Error ByteString) |
sign message using the private key and by automatically generating a blinder.
Public key operations
encrypt :: MonadRandom m => PublicKey -> ByteString -> m (Either Error ByteString) #
encrypt a bytestring using the public key.
The message needs to be smaller than the key size - 11. The message should not be padded.
verify :: HashAlgorithmASN1 hashAlg => Maybe hashAlg -> PublicKey -> ByteString -> ByteString -> Bool #
verify message with the signed message
Hash ASN1 description
class HashAlgorithm hashAlg => HashAlgorithmASN1 hashAlg #
A specialized class for hash algorithm that can product a ASN1 wrapped description the algorithm plus the content of the digest.
hashDigestASN1