Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries
use Crypt::OpenSSL::Random;
use Crypt::OpenSSL::RSA;
# not necessary if we have /dev/random:
Crypt::OpenSSL::Random::random_seed($good_entropy);
Crypt::OpenSSL::RSA->import_random_seed();
$rsa_pub = Crypt::OpenSSL::RSA->new_public_key($key_string);
$rsa_pub->use_sslv23_padding(); # use_pkcs1_oaep_padding is the default
$ciphertext = $rsa->encrypt($plaintext);
$rsa_priv = Crypt::OpenSSL::RSA->new_private_key($key_string);
$plaintext = $rsa->encrypt($ciphertext);
$rsa = Crypt::OpenSSL::RSA->generate_key(1024); # or
$rsa = Crypt::OpenSSL::RSA->generate_key(1024, $prime);
print "private key is:\n", $rsa->get_private_key_string();
print "public key (in PKCS1 format) is:\n",
$rsa->get_public_key_string();
print "public key (in X509 format) is:\n",
$rsa->get_public_key_x509_string();
$rsa_priv->use_md5_hash(); # use_sha1_hash is the default
$signature = $rsa_priv->sign($plaintext);
print "Signed correctly\n" if ($rsa->verify($plaintext, $signature));
Crypt::OpenSSL::RSA provides the ability to RSA encrypt strings which are somewhat shorter than the block size of a key. It also allows for decryption, signatures and signature verification.
NOTE: Many of the methods in this package can croak, so use eval, or Error.pm's try/catch mechanism to capture errors. Also, while some methods from earlier versions of this package return true on success, this (never documented) behavior is no longer the case.
Create a new Crypt::OpenSSL::RSA object by loading a public key in from a string containing Base64/DER-encoding of either the PKCS1 or X.509 representation of the key. The string should include the -----BEGIN...----- and -----END...----- lines.
The padding is set to PKCS1_OAEP, but can be changed with the use_xxx_padding methods
Given Crypt::OpenSSL::Bignum objects for n, e, and optionally d, p, and q, where p and q are the prime factors of n, e is the public exponent and d is the private exponent, create a new Crypt::OpenSSL::RSA object using these values. If p and q are provided and d is undef, d is computed. Note that while p and q are not necessary for a private key, their presence will speed up computation.
Import a random seed from Crypt::OpenSSL::Random, since the OpenSSL libraries won't allow sharing of random structures across perl XS modules.
Return the Base64/DER-encoded PKCS1 representation of the public key. This string has header and footer lines:
-----BEGIN RSA PUBLIC KEY------ -----END RSA PUBLIC KEY------
Return the Base64/DER-encoded representation of the "subject public key", suitable for use in X509 certificates. This string has header and footer lines:
-----BEGIN PUBLIC KEY------ -----END PUBLIC KEY------
and is the format that is produced by running openssl rsa -pubout.
Returns the size, in bytes, of the key. All encrypted text will be of this size, and depending on the padding mode used, the length of the text to be encrypted should be:
Return true if this is a private key, and false if it is private only.
There is a small memory leak when generating new keys of more than 512 bits.
Ian Robertson, iroberts@cpan.org. For support, please email perl-openssl-users@lists.sourceforge.net.
perl(1), Crypt::OpenSSL::Random(3), Crypt::OpenSSL::Bignum(3), rsa(3), RSA_new(3), RSA_public_encrypt(3), RSA_size(3), RSA_generate_key(3), RSA_check_key(3)