From 78e51a8c6678b6e3dff3d619aa786669f531f4bc Mon Sep 17 00:00:00 2001 From: rsc Date: Fri, 14 Jan 2005 03:45:44 +0000 Subject: checkpoint --- man/man3/rsa.html | 262 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 262 insertions(+) create mode 100644 man/man3/rsa.html (limited to 'man/man3/rsa.html') diff --git a/man/man3/rsa.html b/man/man3/rsa.html new file mode 100644 index 00000000..0cfd2949 --- /dev/null +++ b/man/man3/rsa.html @@ -0,0 +1,262 @@ + +rsa(3) - Plan 9 from User Space + + + + +
+
+
RSA(3)RSA(3) +
+
+

NAME
+ +
+ + asn1dump, asn1toRSApriv, decodepem, decodepemchain, rsadecrypt, + rsaencrypt, rsafill,, rsagen, rsaprivalloc, rsaprivfree, rsaprivtopub, + rsapuballoc, rsapubfree, X509toRSApub, X509dump, X509gen, X509req, + X509verify – RSA encryption algorithm
+ +
+

SYNOPSIS
+ +
+ + #include <u.h>
+ #include <libc.h>
+ #include <mp.h>
+ #include <libsec.h> +
+ + RSApriv*    rsagen(int nlen, int elen, int nrep) +
+ + RSApriv*    rsafill(mpint *n, mpint *ek, mpint *dk, mpint *p, mpint + *q) +
+ + mpint*      rsaencrypt(RSApub *k, mpint *in, mpint *out) +
+ + mpint*      rsadecrypt(RSApriv *k, mpint *in, mpint *out) +
+ + RSApub*     rsapuballoc(void) +
+ + void        rsapubfree(RSApub*) +
+ + RSApriv*    rsaprivalloc(void) +
+ + void        rsaprivfree(RSApriv*) +
+ + RSApub*     rsaprivtopub(RSApriv*) +
+ + RSApub*     X509toRSApub(uchar *cert, int ncert, char *name, int nname) + +
+ + RSApriv*    asn1toRSApriv(uchar *priv, int npriv) +
+ + void        asn1dump(uchar *der, int len) +
+ + uchar*      decodepem(char *s, char *type, int *len) +
+ + PEMChain* decodepemchain(char *s, char *type) +
+ + void        X509dump(uchar *cert, int ncert) +
+ + uchar*      X509gen(RSApriv *priv, char *subj, ulong valid[2], int + *certlen); +
+ + uchar*      X509req(RSApriv *priv, char *subj, int *certlen); +
+ + char* X509verify(uchar *cert, int ncert, RSApub *pk)
+ +
+

DESCRIPTION
+ +
+ + +
+ + RSA is a public key encryption algorithm. The owner of a key publishes + the public part of the key:
+ +
+ + +
+ + struct RSApub
+ {
+ mpint*n;// modulus
+ mpint*ek;// exp (encryption key)
+ };
+ +
+ +
+ This part can be used for encrypting data (with rsaencrypt) to + be sent to the owner. The owner decrypts (with rsadecrypt) using + his private key:
+ +
+ + +
+ + struct RSApriv
+ {
+ RSApubpub;
+ mpint*dk;// exp (decryption key)
+
+ // precomputed crt values
+ mpint*p;
+ mpint*q;
+ mpint*kp;// k mod p−1
+ mpint*kq;// k mod q−1
+ mpint*c2;// for converting residues to number
+ };
+ +
+ + +
+ +
+ Keys are generated using rsagen. Rsagen takes both bit length + of the modulus, the bit length of the public key exponent, and + the number of repetitions of the Miller-Rabin primality test to + run. If the latter is 0, it does the default number of rounds. + Rsagen returns a newly allocated structure containing both public + and + private keys. Rsaprivtopub returns a newly allocated copy of the + public key corresponding to the private key. +
+ + Rsafill takes as input the bare minimum pieces of an RSA private + key and computes the rest (kp, kq, and c2). It returns a new private + key. All the mpints in the key, even the ones that correspond + directly to rsafill’s input parameters, are freshly allocated, + +
+ + The routines rsaalloc, rsafree, rsapuballoc, rsapubfree, rsaprivalloc, + and rsaprivfree are provided to aid in user provided key I/O. + +
+ + Given a binary X.509 cert, the routine X509toRSApub returns the + public key and, if name is not nil, the CN part of the Distinguished + Name of the certificate’s Subject. (This is conventionally a userid + or a host DNS name.) No verification is done of the certificate + signature; the caller should check the fingerprint, + sha1(cert), against a table or check the certificate by other + means. X.509 certificates are often stored in PEM format; use + dec64 to convert to binary before computing the fingerprint or + calling X509toRSApub. For the special case of certificates signed + by a known trusted key (in a single step, without certificate + chains) + X509verify checks the signature on cert. It returns nil if successful, + else an error string. +
+ + X509dump prints an X.509 certificate to standard ouptut. +
+ + X509gen creates a self-signed X.509 certificate, given an RSA + keypair priv, a issuer/subject string subj, and the starting and + ending validity dates, valid. Length of the allocated binary certificate + is stored in certlen. The subject line is conventionally of the + form
+ +
+ + "C=US ST=NJ L=07922 O=Lucent OU='Bell Labs' CN=Eric"
+ +
+ using the quoting conventions of tokenize (see getfields(3)). + +
+ + X509req creates an X.509 certification request. +
+ + Asn1toRSApriv converts an ASN1 formatted RSA private key into + the corresponding RSApriv structure. +
+ + Asn1dump prints an ASN1 object to standard output. +
+ + Decodepem takes a zero terminated string, s, and decodes the PEM + (privacy-enhanced mail) formatted section for type within it. + If successful, it returns the decoded section and sets *len to + its decoded length. If not, it returns nil, and *len is undefined. + +
+ + Decodepemchain is similar but expects a sequence of PEM-formatted + sections and returns a linked list of the decodings:
+ +
+ + typedef struct PEMChain PEMChain
+ struct PEMChain
+ {
+ +
+ + PEMChain *next;
+ uchar *pem;
+ int pemlen;
+ +
+ };
+ +
+ +
+

SOURCE
+ +
+ + /usr/local/plan9/src/libsec
+ +
+

SEE ALSO
+ +
+ + mp(3), aes(3), blowfish(3), des(3), dsa(3), elgamal(3), rc4(3), + sechash(3), prime(3), rand(3)
+ +
+ +

 +
+
+ + +
+
+
+Space Glenda +
+
+ + -- cgit v1.2.3