diff options
author | manuel <manuel@mausz.at> | 2020-01-21 02:08:54 +0100 |
---|---|---|
committer | manuel <manuel@mausz.at> | 2020-01-21 02:08:54 +0100 |
commit | 4830e8e1fac66a3891343c4d22a5ecd8127d2281 (patch) | |
tree | c00b4797388ef66d0b502aa72169bb027e035c22 /lib | |
parent | 3037385556195c10e48848c7d2ce86af85688971 (diff) |
Work on PK::Ed25519
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Crypt/PK/Ed25519.pm | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/lib/Crypt/PK/Ed25519.pm b/lib/Crypt/PK/Ed25519.pm index ffd2e870..23e4312f 100644 --- a/lib/Crypt/PK/Ed25519.pm +++ b/lib/Crypt/PK/Ed25519.pm @@ -23,6 +23,7 @@ sub new { sub import_key_raw { my ($self, $key, $type) = @_; croak "FATAL: undefined key" unless $key; + croak "FATAL: invalid key" unless length($key) == 32; croak "FATAL: undefined type" unless $type; return $self->_import_raw($key, 1) if $type eq 'private'; return $self->_import_raw($key, 0) if $type eq 'public'; @@ -95,6 +96,11 @@ sub import_key { # https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD croak "FATAL: OPENSSH PRIVATE KEY not supported"; } + elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) { + $data = pem_to_der($data); + my ($typ, $pubkey) = Crypt::PK::_ssh_parse($data); + return $self->_import_raw($pubkey, 0) if $typ eq 'ssh-ed25519' && length($pubkey) == 32; + } elsif ($data =~ /(ssh-ed25519)\s+(\S+)/) { $data = decode_b64("$2"); my ($typ, $pubkey) = Crypt::PK::_ssh_parse($data); @@ -150,26 +156,94 @@ Crypt::PK::Ed25519 - Digital signature based on Ed25519 =head2 generate_key +Uses Yarrow-based cryptographically strong random number generator seeded with +random data taken from C</dev/random> (UNIX) or C<CryptGenRandom> (Win32). + + $pk->generate_key; + =head2 import_key +TODO + =head2 import_key_raw +Import raw public/private key - can load raw key data exported by L</export_key_raw>. + + $pk->import_key_raw($key, 'public'); + $pk->import_key_raw($key, 'private'); + =head2 export_key_der + my $private_der = $pk->export_key_der('private'); + #or + my $public_der = $pk->export_key_der('public'); + =head2 export_key_pem + my $private_pem = $pk->export_key_pem('private'); + #or + my $public_pem = $pk->export_key_pem('public'); + =head2 export_key_jwk +Exports public/private keys as a JSON Web Key (JWK). + + my $private_json_text = $pk->export_key_jwk('private'); + #or + my $public_json_text = $pk->export_key_jwk('public'); + +Also exports public/private keys as a perl HASH with JWK structure. + + my $jwk_hash = $pk->export_key_jwk('private', 1); + #or + my $jwk_hash = $pk->export_key_jwk('public', 1); + +B<BEWARE:> For JWK support you need to have L<JSON::PP>, L<JSON::XS> or L<Cpanel::JSON::XS> module. + =head2 export_key_raw +Export raw public/private key + + my $private_pem = $pk->export_key_raw('private'); + #or + my $public_pem = $pk->export_key_raw('public'); + =head2 sign_message + my $signature = $priv->sign_message($message); + #or + my $signature = $priv->sign_message($message, $hash_name); + + #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest + =head2 verify_message + my $valid = $pub->verify_message($signature, $message) + #or + my $valid = $pub->verify_message($signature, $message, $hash_name); + + #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest + =head2 is_private + my $rv = $pk->is_private; + # 1 .. private key loaded + # 0 .. public key loaded + # undef .. no key loaded + =head2 key2hash + my $hash = $pk->key2hash; + + # returns hash like this (or undef if no key loaded): + { + curve => "ed25519", + # raw public key as a hexadecimal string + pub => "A05D1AEA5830AC9A65CDFB384660D497E3697C46B419CF2CEC85DE8BD245459D", + # raw private key as a hexadecimal string. undef if key is public only + priv => "45C109BA6FD24E8B67D23EFB6B92D99CD457E2137172C0D749FE2B5A0C142DAD", + } + =head1 SEE ALSO =over |