FreeBSD Manual Pages

home | help
RSA(3)			   Library Functions Manual			RSA(3)

NAME
       asn1dump,  asn1toRSApriv, decodepem, decodepemchain, rsadecrypt,	rsaen-
       crypt, rsafill,,	rsagen,	rsaprivalloc, rsaprivfree, rsaprivtopub,  rsa-
       puballoc,   rsapubfree,	 X509toRSApub,	 X509dump,  X509gen,  X509req,
       X509verify - RSA	encryption algorithm

SYNOPSIS
       #include	<u.h>
       #include	<libc.h>
       #include	<mp.h>
       #include	<libsec.h>

       RSApriv*	 rsagen(int nlen, int elen, int	nrep)

       RSApriv*	 rsafill(mpint *n, mpint *ek, mpint *dk, mpint *p, mpint *q)

       mpint*	 rsaencrypt(RSApub *k, mpint *in, mpint	*out)

       mpint*	 rsadecrypt(RSApriv *k,	mpint *in, mpint *out)

       RSApub*	 rsapuballoc(void)

       void	 rsapubfree(RSApub*)

       RSApriv*	 rsaprivalloc(void)

       void	 rsaprivfree(RSApriv*)

       RSApub*	 rsaprivtopub(RSApriv*)

       RSApub*	 X509toRSApub(uchar *cert, int ncert, char *name, int nname)

       RSApriv*	 asn1toRSApriv(uchar *priv, int	npriv)

       void	 asn1dump(uchar	*der, int len)

       uchar*	 decodepem(char	*s, char *type,	int *len)

       PEMChain* decodepemchain(char *s, char *type)

       void	 X509dump(uchar	*cert, int ncert)

       uchar*	 X509gen(RSApriv  *priv,  char	*subj,	ulong  valid[2],   int
       *certlen);

       uchar*	 X509req(RSApriv *priv,	char *subj, int	*certlen);

       char* X509verify(uchar *cert, int ncert,	RSApub *pk)

DESCRIPTION
       RSA is a	public key encryption algorithm.  The owner of a key publishes
       the public part of the key:
		 struct	RSApub
		 {
		 mpint*n;// modulus
		 mpint*ek;// exp (encryption key)
		 };
       This  part can be used for encrypting data (with	rsaencrypt) to be sent
       to the owner.  The owner	decrypts (with rsadecrypt) using  his  private
       key:
		 struct	RSApriv
		 {
		 RSApubpub;
		 mpint*dk;// exp (decryption key)

		 // precomputed	crt values
		 mpint*p;
		 mpint*q;
		 mpint*kp;// k mod p-1
		 mpint*kq;// k mod q-1
		 mpint*c2;// for converting residues to	number
		 };

       Keys  are  generated using rsagen.  Rsagen takes	both bit length	of the
       modulus,	the bit	length of the public key exponent, and the  number  of
       repetitions  of	the Miller-Rabin primality test	to run.	 If the	latter
       is 0, it	does the default number	of rounds.  Rsagen returns a newly al-
       located structure containing both public	and  private  keys.   Rsapriv-
       topub returns a newly allocated copy of the public key corresponding to
       the private key.

       Rsafill	takes  as  input the bare minimum pieces of an RSA private key
       and computes the	rest (kp, kq, and c2).	It returns a new private  key.
       All  the	 mpints	 in the	key, even the ones that	correspond directly to
       rsafill's input parameters, are freshly allocated,

       The routines rsaalloc, rsafree, rsapuballoc, rsapubfree,	 rsaprivalloc,
       and rsaprivfree are provided to aid in user provided key	I/O.

       Given  a	binary X.509 cert, the routine X509toRSApub returns the	public
       key and,	if name	is not nil, the	CN part	of the Distinguished  Name  of
       the  certificate's Subject.  (This is conventionally a userid or	a host
       DNS name.)  No verification is done of the certificate signature;   the
       caller  should  check  the  fingerprint,	sha1(cert), against a table or
       check the certificate by	other means.   X.509  certificates  are	 often
       stored  in  PEM format; use dec64 to convert to binary before computing
       the fingerprint or calling X509toRSApub.	 For the special case of  cer-
       tificates signed	by a known trusted key (in a single step, without cer-
       tificate	 chains)  X509verify checks the	signature on cert.  It returns
       nil if successful, else an error	string.

       X509dump	prints an X.509	certificate to standard	ouptut.

       X509gen creates a self-signed X.509 certificate,	given an  RSA  keypair
       priv,  a	issuer/subject string subj, and	the starting and ending	valid-
       ity dates, valid.  Length of the	allocated binary certificate is	stored
       in certlen.  The	subject	line is	conventionally of the form
	  "C=US	ST=NJ L=07922 O=Lucent OU='Bell	Labs' CN=Eric"
       using the quoting conventions of	tokenize (see getfields((3))).

       X509req creates an X.509	certification request.

       Asn1toRSApriv converts an ASN1 formatted	RSA private key	into the  cor-
       responding RSApriv structure.

       Asn1dump	prints an ASN1 object to standard output.

       Decodepem  takes	a zero terminated string, s, and decodes the PEM (pri-
       vacy-enhanced mail) formatted section for type within it.  If  success-
       ful,  it	 returns  the  decoded	section	 and  sets *len	to its decoded
       length.	If not,	it returns nil,	and *len is undefined.

       Decodepemchain is similar but expects a sequence	of PEM-formatted  sec-
       tions and returns a linked list of the decodings:

	      typedef struct PEMChain PEMChain
	      struct PEMChain
	      {
			PEMChain *next;
			uchar *pem;
			int pemlen;
	      };

SOURCE
       /src/libsec

SEE ALSO
       mp((3)),	 aes((3)),  blowfish((3)),  des((3)),  dsa((3)), elgamal((3)),
       rc4((3)), sechash((3)), prime((3)), rand((3))

									RSA(3)
NAME | SYNOPSIS | DESCRIPTION | SOURCE | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=rsa&sektion=3&manpath=FreeBSD+Ports+15.0.quarterly>
home | help
Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages
