Documentation ¶
Overview ¶
This package implements RSA encryption as specified in PKCS#1.
Index ¶
- func DecryptOAEP(hash hash.Hash, rand io.Reader, priv *PrivateKey, ciphertext []byte, ...) (msg []byte, err os.Error)
- func DecryptPKCS1v15(rand io.Reader, priv *PrivateKey, ciphertext []byte) (out []byte, err os.Error)
- func DecryptPKCS1v15SessionKey(rand io.Reader, priv *PrivateKey, ciphertext []byte, key []byte) (err os.Error)
- func EncryptOAEP(hash hash.Hash, rand io.Reader, pub *PublicKey, msg []byte, label []byte) (out []byte, err os.Error)
- func EncryptPKCS1v15(rand io.Reader, pub *PublicKey, msg []byte) (out []byte, err os.Error)
- func SignPKCS1v15(rand io.Reader, priv *PrivateKey, hash PKCS1v15Hash, hashed []byte) (s []byte, err os.Error)
- func VerifyPKCS1v15(pub *PublicKey, hash PKCS1v15Hash, hashed []byte, sig []byte) (err os.Error)
- type DecryptionError
- type MessageTooLongError
- type PKCS1v15Hash
- type PrivateKey
- type PublicKey
- type VerificationError
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecryptOAEP ¶
func DecryptOAEP(hash hash.Hash, rand io.Reader, priv *PrivateKey, ciphertext []byte, label []byte) (msg []byte, err os.Error)
DecryptOAEP decrypts ciphertext using RSA-OAEP. If rand != nil, DecryptOAEP uses RSA blinding to avoid timing side-channel attacks.
func DecryptPKCS1v15 ¶
func DecryptPKCS1v15(rand io.Reader, priv *PrivateKey, ciphertext []byte) (out []byte, err os.Error)
DecryptPKCS1v15 decrypts a plaintext using RSA and the padding scheme from PKCS#1 v1.5. If rand != nil, it uses RSA blinding to avoid timing side-channel attacks.
func DecryptPKCS1v15SessionKey ¶
func DecryptPKCS1v15SessionKey(rand io.Reader, priv *PrivateKey, ciphertext []byte, key []byte) (err os.Error)
DecryptPKCS1v15SessionKey decrypts a session key using RSA and the padding scheme from PKCS#1 v1.5. If rand != nil, it uses RSA blinding to avoid timing side-channel attacks. It returns an error if the ciphertext is the wrong length or if the ciphertext is greater than the public modulus. Otherwise, no error is returned. If the padding is valid, the resulting plaintext message is copied into key. Otherwise, key is unchanged. These alternatives occur in constant time. It is intended that the user of this function generate a random session key beforehand and continue the protocol with the resulting value. This will remove any possibility that an attacker can learn any information about the plaintext. See “Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1”, Daniel Bleichenbacher, Advances in Cryptology (Crypto '98),
func EncryptOAEP ¶
func EncryptOAEP(hash hash.Hash, rand io.Reader, pub *PublicKey, msg []byte, label []byte) (out []byte, err os.Error)
EncryptOAEP encrypts the given message with RSA-OAEP. The message must be no longer than the length of the public modulus less twice the hash length plus 2.
func EncryptPKCS1v15 ¶
EncryptPKCS1v15 encrypts the given message with RSA and the padding scheme from PKCS#1 v1.5. The message must be no longer than the length of the public modulus minus 11 bytes. WARNING: use of this function to encrypt plaintexts other than session keys is dangerous. Use RSA OAEP in new protocols.
func SignPKCS1v15 ¶
func SignPKCS1v15(rand io.Reader, priv *PrivateKey, hash PKCS1v15Hash, hashed []byte) (s []byte, err os.Error)
SignPKCS1v15 calcuates the signature of hashed using RSASSA-PSS-SIGN from RSA PKCS#1 v1.5. Note that hashed must be the result of hashing the input message using the given hash function.
func VerifyPKCS1v15 ¶
VerifyPKCS1v15 verifies an RSA PKCS#1 v1.5 signature. hashed is the result of hashing the input message using the given hash function and sig is the signature. A valid signature is indicated by returning a nil error.
Types ¶
type DecryptionError ¶
type DecryptionError struct{}
A DecryptionError represents a failure to decrypt a message. It is deliberately vague to avoid adaptive attacks.
func (DecryptionError) String ¶
func (DecryptionError) String() string
type MessageTooLongError ¶
type MessageTooLongError struct{}
MessageTooLongError is returned when attempting to encrypt a message which is too large for the size of the public key.
func (MessageTooLongError) String ¶
func (MessageTooLongError) String() string
type PKCS1v15Hash ¶
type PKCS1v15Hash int
Due to the design of PKCS#1 v1.5, we need to know the exact hash function in use. A generic hash.Hash will not do.
const ( HashMD5 PKCS1v15Hash = iota HashSHA1 HashSHA256 HashSHA384 HashSHA512 )
type PrivateKey ¶
type PrivateKey struct { PublicKey // public part. D *big.Int // private exponent P, Q *big.Int // prime factors of N }
A PrivateKey represents an RSA key
func GenerateKey ¶
GenerateKeyPair generates an RSA keypair of the given bit size.
func (PrivateKey) Validate ¶
func (priv PrivateKey) Validate() os.Error
type VerificationError ¶
type VerificationError struct{}
A VerificationError represents a failure to verify a signature. It is deliberately vague to avoid adaptive attacks.
func (VerificationError) String ¶
func (VerificationError) String() string