Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
RSA(3)			   Library Functions Manual			RSA(3)

NAME
       asn1dump,  asn1toRSApriv, decodepem, decodepemchain, rsadecrypt,	rsaen-
       crypt, rsafill,,	rsagen,	rsaprivalloc, rsaprivfree, rsaprivtopub,  rsa-
       puballoc,   rsapubfree,	 X509toRSApub,	 X509dump,  X509gen,  X509req,
       X509verify - RSA	encryption algorithm

SYNOPSIS
       #include	<u.h>
       #include	<libc.h>
       #include	<mp.h>
       #include	<libsec.h>

       RSApriv*	 rsagen(int nlen, int elen, int	nrep)

       RSApriv*	 rsafill(mpint *n, mpint *ek, mpint *dk, mpint *p, mpint *q)

       mpint*	 rsaencrypt(RSApub *k, mpint *in, mpint	*out)

       mpint*	 rsadecrypt(RSApriv *k,	mpint *in, mpint *out)

       RSApub*	 rsapuballoc(void)

       void	 rsapubfree(RSApub*)

       RSApriv*	 rsaprivalloc(void)

       void	 rsaprivfree(RSApriv*)

       RSApub*	 rsaprivtopub(RSApriv*)

       RSApub*	 X509toRSApub(uchar *cert, int ncert, char *name, int nname)

       RSApriv*	 asn1toRSApriv(uchar *priv, int	npriv)

       void	 asn1dump(uchar	*der, int len)

       uchar*	 decodepem(char	*s, char *type,	int *len)

       PEMChain* decodepemchain(char *s, char *type)

       void	 X509dump(uchar	*cert, int ncert)

       uchar*	 X509gen(RSApriv  *priv,  char	*subj,	ulong  valid[2],   int
       *certlen);

       uchar*	 X509req(RSApriv *priv,	char *subj, int	*certlen);

       char* X509verify(uchar *cert, int ncert,	RSApub *pk)

DESCRIPTION
       RSA is a	public key encryption algorithm.  The owner of a key publishes
       the public part of the key:
		 struct	RSApub
		 {
		 mpint*n;// modulus
		 mpint*ek;// exp (encryption key)
		 };
       This part can be	used for encrypting data (with rsaencrypt) to be  sent
       to  the	owner.	The owner decrypts (with rsadecrypt) using his private
       key:
		 struct	RSApriv
		 {
		 RSApubpub;
		 mpint*dk;// exp (decryption key)

		 // precomputed	crt values
		 mpint*p;
		 mpint*q;
		 mpint*kp;// k mod p-1
		 mpint*kq;// k mod q-1
		 mpint*c2;// for converting residues to	number
		 };

       Keys are	generated using	rsagen.	 Rsagen	takes both bit length  of  the
       modulus,	 the  bit length of the	public key exponent, and the number of
       repetitions of the Miller-Rabin primality test to run.  If  the	latter
       is 0, it	does the default number	of rounds.  Rsagen returns a newly al-
       located structure containing both public	and  private  keys.   Rsapriv-
       topub returns a newly allocated copy of the public key corresponding to
       the private key.

       Rsafill takes as	input the bare minimum pieces of an  RSA  private  key
       and  computes the rest (kp, kq, and c2).	 It returns a new private key.
       All the mpints in the key, even the ones	that  correspond  directly  to
       rsafill's input parameters, are freshly allocated,

       The  routines rsaalloc, rsafree,	rsapuballoc, rsapubfree, rsaprivalloc,
       and rsaprivfree are provided to aid in user provided key	I/O.

       Given a binary X.509 cert, the routine X509toRSApub returns the	public
       key  and,  if name is not nil, the CN part of the Distinguished Name of
       the certificate's Subject.  (This is conventionally a userid or a  host
       DNS  name.)  No verification is done of the certificate signature;  the
       caller should check the fingerprint, sha1(cert),	 against  a  table  or
       check  the  certificate	by  other means.  X.509	certificates are often
       stored in PEM format; use dec64 to convert to binary  before  computing
       the  fingerprint	or calling X509toRSApub.  For the special case of cer-
       tificates signed	by a known trusted key (in a single step, without cer-
       tificate	 chains)  X509verify checks the	signature on cert.  It returns
       nil if successful, else an error	string.

       X509dump	prints an X.509	certificate to standard	ouptut.

       X509gen creates a self-signed X.509 certificate,	given an  RSA  keypair
       priv,  a	issuer/subject string subj, and	the starting and ending	valid-
       ity dates, valid.  Length of the	allocated binary certificate is	stored
       in certlen.  The	subject	line is	conventionally of the form
	  "C=US	ST=NJ L=07922 O=Lucent OU='Bell	Labs' CN=Eric"
       using the quoting conventions of	tokenize (see

       X509req creates an X.509	certification request.

       Asn1toRSApriv  converts an ASN1 formatted RSA private key into the cor-
       responding RSApriv structure.

       Asn1dump	prints an ASN1 object to standard output.

       Decodepem takes a zero terminated string, s, and	decodes	the PEM	 (pri-
       vacy-enhanced  mail) formatted section for type within it.  If success-
       ful, it returns the decoded  section  and  sets	*len  to  its  decoded
       length.	If not,	it returns nil,	and *len is undefined.

       Decodepemchain  is similar but expects a	sequence of PEM-formatted sec-
       tions and returns a linked list of the decodings:

	      typedef struct PEMChain PEMChain
	      struct PEMChain
	      {
			PEMChain *next;
			uchar *pem;
			int pemlen;
	      };

SOURCE
       /src/libsec

SEE ALSO
									RSA(3)

NAME | SYNOPSIS | DESCRIPTION | SOURCE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=rsa&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help