Module Rsa.PKCS1

PKCS v1.5 operations, as defined by PKCS #1 v1.5.

For the operations that only add the raw padding, the key size must be at least 11 bytes larger than the message. For full signing, the minimal key size varies according to the hash algorithm. In this case, the key size is priv_bits key / 8, rounded up.

val encrypt : ?g:Mirage_crypto_rng.g -> key:pub -> string -> string

encrypt g key message is a PKCS1-padded (type 2) and encrypted message.

val decrypt : ?crt_hardening:bool -> ?mask:mask -> key:priv -> string -> string option

decrypt ~crt_hardening ~mask ~key ciphertext is Some message if the ciphertext was produced by the corresponding encrypt operation, or None otherwise. crt_hardening defaults to false.

val sig_encode : ?crt_hardening:bool -> ?mask:mask -> key:priv -> string -> string

sig_encode ~crt_hardening ~mask ~key message is the PKCS1-padded (type 1) message signed by the key. crt_hardening defaults to true and verifies that the computed signature is correct.

Note This operation performs only the padding and RSA transformation steps of the PKCS 1.5 signature. The full signature is implemented by sign.

val sig_decode : key:pub -> string -> string option

sig_decode key signature is Some message when the signature was produced with the given key as per sig_encode, or None

val min_key : [< Digestif.hash' MD5 SHA1 SHA224 SHA256 SHA384 SHA512 ] -> int

min_key hash is the minimum key size required by sign.

val sign : ?crt_hardening:bool -> ?mask:mask -> hash:[< Digestif.hash' MD5 SHA1 SHA224 SHA256 SHA384 SHA512 ] -> key:priv -> string or_digest -> string

sign ~crt_hardening ~mask ~hash ~key message is the PKCS 1.5 signature of message, signed by the key, using the hash function hash. This is the full signature, with the ASN-encoded message digest as the payload. crt_hardening defaults to true and verifies that the computed signature is correct.

message is either the actual message, or its digest.

  • raises Invalid_argument

    if message is a `Digest of the wrong size.

val verify : hashp:([< Digestif.hash' MD5 SHA1 SHA224 SHA256 SHA384 SHA512 ] -> bool) -> key:pub -> signature:string -> string or_digest -> bool

verify ~hashp ~key ~signature message checks that signature is the PKCS 1.5 signature of the message under the given key.

message is either the actual message, or its digest.

hashp determines the allowed hash algorithms. Whenever hashp is false, verify is also false.

  • raises Invalid_argument

    if message is a `Digest of the wrong size.