.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "Crypt::PK::RSA 3"
.TH Crypt::PK::RSA 3 "2022-01-07" "perl v5.26.3" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
Crypt::PK::RSA \- Public key cryptography based on RSA
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& ### OO interface
\&
\& #Encryption: Alice
\& my $pub = Crypt::PK::RSA\->new(\*(AqBob_pub_rsa1.der\*(Aq);
\& my $ct = $pub\->encrypt("secret message");
\& #
\& #Encryption: Bob (received ciphertext $ct)
\& my $priv = Crypt::PK::RSA\->new(\*(AqBob_priv_rsa1.der\*(Aq);
\& my $pt = $priv\->decrypt($ct);
\&
\& #Signature: Alice
\& my $priv = Crypt::PK::RSA\->new(\*(AqAlice_priv_rsa1.der\*(Aq);
\& my $sig = $priv\->sign_message($message);
\& #
\& #Signature: Bob (received $message + $sig)
\& my $pub = Crypt::PK::RSA\->new(\*(AqAlice_pub_rsa1.der\*(Aq);
\& $pub\->verify_message($sig, $message) or die "ERROR";
\&
\& #Key generation
\& my $pk = Crypt::PK::RSA\->new();
\& $pk\->generate_key(256, 65537);
\& my $private_der = $pk\->export_key_der(\*(Aqprivate\*(Aq);
\& my $public_der = $pk\->export_key_der(\*(Aqpublic\*(Aq);
\& my $private_pem = $pk\->export_key_pem(\*(Aqprivate\*(Aq);
\& my $public_pem = $pk\->export_key_pem(\*(Aqpublic\*(Aq);
\&
\& ### Functional interface
\&
\& #Encryption: Alice
\& my $ct = rsa_encrypt(\*(AqBob_pub_rsa1.der\*(Aq, "secret message");
\& #Encryption: Bob (received ciphertext $ct)
\& my $pt = rsa_decrypt(\*(AqBob_priv_rsa1.der\*(Aq, $ct);
\&
\& #Signature: Alice
\& my $sig = rsa_sign_message(\*(AqAlice_priv_rsa1.der\*(Aq, $message);
\& #Signature: Bob (received $message + $sig)
\& rsa_verify_message(\*(AqAlice_pub_rsa1.der\*(Aq, $sig, $message) or die "ERROR";
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The module provides a full featured \s-1RSA\s0 implementation.
.SH "METHODS"
.IX Header "METHODS"
.SS "new"
.IX Subsection "new"
.Vb 5
\& my $pk = Crypt::PK::RSA\->new();
\& #or
\& my $pk = Crypt::PK::RSA\->new($priv_or_pub_key_filename);
\& #or
\& my $pk = Crypt::PK::RSA\->new(\e$buffer_containing_priv_or_pub_key);
.Ve
.PP
Support for password protected \s-1PEM\s0 keys
.PP
.Vb 3
\& my $pk = Crypt::PK::RSA\->new($priv_pem_key_filename, $password);
\& #or
\& my $pk = Crypt::PK::RSA\->new(\e$buffer_containing_priv_pem_key, $password);
.Ve
.SS "generate_key"
.IX Subsection "generate_key"
Uses Yarrow-based cryptographically strong random number generator seeded with
random data taken from \f(CW\*(C`/dev/random\*(C'\fR (\s-1UNIX\s0) or \f(CW\*(C`CryptGenRandom\*(C'\fR (Win32).
.PP
.Vb 3
\& $pk\->generate_key($size, $e);
\& # $size .. key size: 128\-512 bytes (DEFAULT is 256)
\& # $e ..... exponent: 3, 17, 257 or 65537 (DEFAULT is 65537)
.Ve
.SS "import_key"
.IX Subsection "import_key"
Loads private or public key in \s-1DER\s0 or \s-1PEM\s0 format.
.PP
.Vb 3
\& $pk\->import_key($priv_or_pub_key_filename);
\& #or
\& $pk\->import_key(\e$buffer_containing_priv_or_pub_key);
.Ve
.PP
Support for password protected \s-1PEM\s0 keys
.PP
.Vb 3
\& $pk\->import_key($pem_filename, $password);
\& #or
\& $pk\->import_key(\e$buffer_containing_pem_key, $password);
.Ve
.PP
Loading private or public keys form perl hash:
.PP
.Vb 1
\& $pk\->import_key($hashref);
\&
\& # the $hashref is either a key exported via key2hash
\& $pk\->import_key({
\& e => "10001", #public exponent
\& d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
\& N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
\& p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
\& q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
\& qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
\& dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p \- 1) CRT param
\& dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q \- 1) CRT param
\& });
\&
\& # or a hash with items corresponding to JWK (JSON Web Key)
\& $pk\->import_key({
\& {
\& kty => "RSA",
\& n => "0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ\-G_xBniIqbw0Ls1jF44\-csFCur\-kEgU8awapJzKnqDKgw",
\& e => "AQAB",
\& d => "X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH\-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
\& p => "83i\-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20\-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
\& q => "3dfOR9cuYq\-0S\-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
\& dp => "G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
\& dq => "s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
\& qi => "GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I\-pux_mHZG",
\& });
.Ve
.PP
Supported key formats:
.PP
.Vb 2
\& # all formats can be loaded from a file
\& my $pk = Crypt::PK::RSA\->new($filename);
\&
\& # or from a buffer containing the key
\& my $pk = Crypt::PK::RSA\->new(\e$buffer_with_key);
.Ve
.IP "\(bu" 4
\&\s-1RSA\s0 public keys
.Sp
.Vb 6
\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-
\& MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5
\& vEzAXpUOL9tDtdPUl96brIbbdMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7Vvb
\& VUjAn/2HHDDL0U1utqqlMJhaffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfK
\& B2uzcNq60sMIfp6siQIDAQAB
\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
.Ve
.IP "\(bu" 4
\&\s-1RSA\s0 private keys
.Sp
.Vb 10
\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\-
\& MIICXQIBAAKBgQDHlYKg9DeHB3/dY1D9WCyJTnl5vEzAXpUOL9tDtdPUl96brIbb
\& dMLooO1hKjsq98kLs1q4vOn/pxvzk0BRwhiu7VvbVUjAn/2HHDDL0U1utqqlMJha
\& ffeLI3HEq5o/lSMFY7sSkZU/E4YX1yqAN0SE7xfKB2uzcNq60sMIfp6siQIDAQAB
\& AoGBAI5+GgNcGQDYw9uF+t7FwxZM5sGZRJrbbEPyuvL+sDxKKW6voKCyHi4EJzaF
\& 9jRZMDqgVJcsmUwjPPuMGBHHJ+MI5Zb3L0jbZkyx8u+U5gf88oy9eZmfGOjmHcMB
\& oCgzyoLmJETuyADg2onLanuY3jggFb3tq/jimKjO8xM2R6zhAkEA7uXWWyJI9cCN
\& zrVt5R5v6oosjZ4r5VILGMqBRLrzfTvH+WDMK6Rl/2MHE+YDeLajzunaM8qY2456
\& GTYEXQsIdQJBANXfMEtXocSdPtoVj3ME8Do/0r+ApgTdcDPCwXOzkmkEJW/UFMSn
\& b8CYF5G6sZQN9L5z3s2nvi55PaFV8Q0LMUUCQBh9GvIQm6YFbQPpeTBpZFOIgnSp
\& 6BoDxPtvlryy5U7LF/6qO4OlwIbjYdBaXbS8FCKbujBg7jZjboSzEtNu1BkCQDGT
\& w0Yz0jQZn3A+fzpScr2N/fSWheWqz0+wXdfMUKw3YdZCe236wlUK7KvDc1a2xX1A
\& ru1NbTCoujikC3TSm2ECQQDKQshchJlZJmFv9vCFQlGCA/EX+4406xvOOiixbPYC
\& pIB4Ee2cmvEdAqSaOjrvgs5zvaCCFBO0MecPStCAxUX6
\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\-
.Ve
.IP "\(bu" 4
\&\s-1RSA\s0 private keys in password protected \s-1PEM\s0 format
.Sp
.Vb 3
\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\-
\& Proc\-Type: 4,ENCRYPTED
\& DEK\-Info: DES\-EDE3\-CBC,4D697440FF5AEF18
\&
\& C09H49Gn99o8b8O2r4+Hqao4r3udvC+QSSfsk20sXatyuZSEmbhyqKAB+13NRj+3
\& KIsRTqnL9VkeibIGgLHuekOFKAqeSVZ0PmR4bGWEFxUPAYUvg9N9pIa6hGtNZG+y
\& TEpOAfFITb1pbHQhp3j8y7qmKc5kY5LrZSFE8WwA24NTG773E07wJgRxKDkXNGOl
\& kki6oYArNEps0DdtHFxzgdRg0+yaotXuFJRuC5V4YzKGG/oSRcgYyXKTwCndb3xt
\& aHgI2WprQAPg+qOpLABzoi7bEjCqbHWrwkvnAngylbim2Uyvw1e1xKnzlgIHU7pv
\& e/J+s00pTItfqW1IpY2mh4C9nkfkfVKBKaAv7jO0s6aPySATqsdlrzv2kpF6Ub4J
\& kgaZDOfZ4K3qkyAYVLWcQeDqg4glv9Ah2J05bTm4qrIMmthYnThyQlGvcjUfCMXs
\& 0t+mEQbsRY7xKt0o6HzzvQlJ+JsFlLORoslAubJX9iLqpEdnlrj1lD9bo6uIClZ5
\& 5+aoLcAyz1D4OsauuP5i8VFu+Is+QG4SN/vHVuArjkqi3VpLwSAjNDY+KWbq042l
\& CqlM2mwm6FIGUZQFxiLHJD7WDmk1xmae++m+XG9CEDTfrUQ5v+l0O6BTrl80XUfU
\& w3gzAWbSjz3UK0FpKeABVFPE9fjNP9fTcS6qL5YJWBPflwxCAbVgsBOW4bOMpDGK
\& BJDQTeShWn4BlYCe/vgThI9ERdgZhRz4NcFeDgVA/CqQzVqptvz4PSqH46fqUN2n
\& 4PtJgKE5cASYUBuAjlD71FecSVVM/OTzL1uxYzXBilzvVn2vSHgo9g==
\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\-
.Ve
.IP "\(bu" 4
PKCS#8 encoded private keys
.Sp
.Vb 10
\& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
\& MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANPN17xW4EkH5PXG
\& 1i/i3rE1EXFcCHyxmz95VRBDs1p3MuYf9mxntbfYAmuzS3KrRWh3IyX/Eh80N/v9
\& OXPlwZbVqSTX+L3pCEJtRtsWn0zmswGThjMZiwle0oWuap63L35F1QN8EDaSPSBC
\& yGELNRr6rwVYq0w5b+LOcaCZ+/H1AgMBAAECgYEApfu3aGpww+rC3HUhX0+ckyTy
\& cXLdV9LbxidwqRlVEb0+DyfXNucjelp2sy5EHy3na9GJovo8mmWSxhCRGKliRkQ6
\& XgrEMZdCSaWI2AazuHAGlUJRFEVkvdla3AuBAn6y0YdDp/3kbg0yahmKyD8Gq74z
\& nUYbDL3R5JtR2Ad/KlUCQQDvSEICTHbO/BF7hVmlKRYZSNHKEPrv8X/OlppS14Kv
\& QRwc+CZ5+l6T1Y+l5cHJQUXrXZoWS1K741TXdUhjjUd7AkEA4pod804Ex8sttdWi
\& pHMfeyj+IbPAk5XnBc91jT7AYIeL8ccjtfl99xhMsGFaxrh3wA/4SGEvwzWkbxcq
\& H8G5TwJAKNG+0P2SVwURRm0dOdukdXPCtiHnbP9Zujhe4zr4hEUrMpXymmRntfh8
\& pORpBpgoAVraams3Fe5WDttnGfSD+QJAOOC6V9HjfUrQhG3FT0XeRwm5EDiQQ/tC
\& a8DxHqz7mL8tL1ju68ReC+G7jiJBqNOwqzLW/UP3uyYByiikWChGHQJAHUau7jIM
\& 45ErO096n94Vh95p76ANxOroWszOt39TyvJOykIfoPwFagLrBWV9Jjos2/D54KE+
\& fyoy4t3yHT+/nw==
\& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
.Ve
.IP "\(bu" 4
PKCS#8 encrypted private keys \- password protected keys (supported since: CryptX\-0.062)
.Sp
.Vb 10
\& \-\-\-\-\-BEGIN ENCRYPTED PRIVATE KEY\-\-\-\-\-
\& MIICojAcBgoqhkiG9w0BDAEDMA4ECCQk+Rr1yzzcAgIIAASCAoD/mgpUFjxxM/Ty
\& Yt+NeT0Fo4echgoGksqs6+rYhO16oshG664emZfkuNoFGGzJ38X6GVuqIXhlPnYQ
\& biKvL37dN/KnoGytFHq9Wnk8dDwjGHPtwajhW5WuIV3NuhW/AO1PF/cRZKFjWrPt
\& NWY5CrpfH6t6zojoe+5uyXpH29lQy4OqvSRdPIt/12UcB+tzV7XzSWEuXh8HAi8a
\& sYUu6tuCFnq4GrD2ffM4KWFmL5GqBAwN6m0KkyrNni9XT+RaA6zEhv/lVcwg2esa
\& 4/EzRs0ixzzZDKaml8oCMl9RHtFAbQmdlfV7Ip4rGK9BwY6UFiDMIVru6HynOVQK
\& vvZ+j//bgO+3ubrv7psX+vC9Fy/MoH2Tc7MIwDN/QVTciPZlzjWBnBNxMfeFKtEn
\& d7NFiapgfLuRQIiDTMrW/clcqvO54NphxhrcgUEoxos4twKZARntqPZHtf8nEM2x
\& 2sEF5kI65aEF/5Yy16qvP0vZAA2B1kcIdXZ8XLZCp4c3olhkIrmgUpo1gyFXdCoC
\& 7dT5Cz7/YLkq5hkcFrtp4V9BZMR24fSttc4p24N5xuZ+JneGnGkLX6B+nJAtm9vw
\& bZA6P+23GI0qeMzL3HJXwCOTSsWfm/H9W5+2Zmw851aAmE+pZLni/pk3e3iNSWgs
\& 946x/doA5O0uCFsU7oxme+WAIp2SjhxGoe808Lf1CCFMPboFi1O/E0NsX8SIEX+i
\& U+UHi4kxZqVkr3Q5SB/9kiSv8K1bE787yueQOT/dsTYYaMsjAbkEZo0o/47F32T6
\& A2ioXHOV/pr5zNHqE5tL+qKEcLYbAUF1O+WvmdqYz+vHQjRQBatAqTmncvLDYr/j
\& 1HPwZX2d
\& \-\-\-\-\-END ENCRYPTED PRIVATE KEY\-\-\-\-\-
.Ve
.IP "\(bu" 4
\&\s-1RSA\s0 public key from X509 certificate
.Sp
.Vb 10
\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
\& MIIC8zCCAdugAwIBAgIJAPi+LvMU3uGWMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV
\& BAMMBXBva3VzMB4XDTE3MDcxNDE0MTAyMFoXDTIwMDQwOTE0MTAyMFowEDEOMAwG
\& A1UEAwwFcG9rdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCQima
\& SUIMIdz5uVevzcScbcj06xs1OLaFKUoPJ8v+xP6Ut61BQhAvc8GYuw2uRx223hZC
\& r3HYLfSdWIfmOIAtlL8cPYPVoSivJtpSGE6fBG1tlBjVgXWRmJGR/oxx6Y5QDwcB
\& Q4GZKga8TtHQoY5idZuatYOFZGfMIcIUC0Uoda+YSypnw7A90F/JvlpcTUh3Fnem
\& VinqEA6XOegU9dCZk/29sXqauBjbdGihh8DvpklOhY16eQoiR3909AywQ0KUmI+R
\& Sa9E8oIsmUDetFuXEvana+sD3y42tU+cd2nhBPRETbSXPcum0B3uF4yKgweuJy5D
\& cvtVQIFVkkh4+AWNAgMBAAGjUDBOMB0GA1UdDgQWBBSS6V5PVGyN92NoB0AVLcOb
\& pzR3SzAfBgNVHSMEGDAWgBSS6V5PVGyN92NoB0AVLcObpzR3SzAMBgNVHRMEBTAD
\& AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBIszrBjoJ39axsS6Btbvwvo8vAmgiSWsav
\& 7AmjXOAwknHPaCcDmrdOys5POD0DNRwNeRsnxFiZ/UL8Vmj2JGDLgAw+/v32MwfX
\& Ig7m+oIbO8KqDzlYvS5kd3suJ5C21hHy1/JUtfofZLovZH7ZRzhTAoRvCYaodW90
\& 2o8ZqmyCdcXPzjFmoJ2xYzs/Sf8/E1cHfb+4HjOpeRnKxDvG0gwWzcsXpUrw2pNO
\& Oztj6Rd0THNrf/anIeYVtAHX4aqZA8Kbv2TyJd+9g78usFw1cn+8vfmilm6Pn0DQ
\& a+I5GyGd7BJI8wYuWqIStzvrJHbQQaNrSk7hgjWYiYlcsPh6w2QP
\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
.Ve
.IP "\(bu" 4
\&\s-1SSH\s0 public \s-1RSA\s0 keys
.Sp
.Vb 1
\& ssh\-rsa AAAAB3NzaC1yc2EAAAADAQA...6mdYs5iJNGu/ltUdc=
.Ve
.IP "\(bu" 4
\&\s-1SSH\s0 public \s-1RSA\s0 keys (\s-1RFC\-4716\s0 format)
.Sp
.Vb 6
\& \-\-\-\- BEGIN SSH2 PUBLIC KEY \-\-\-\-
\& Comment: "768\-bit RSA, converted from OpenSSH"
\& AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6x
\& D/DzKem8761GdCpqsLrGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+
\& L26mdYs5iJNGu/ltUdc=
\& \-\-\-\- END SSH2 PUBLIC KEY \-\-\-\-
.Ve
.IP "\(bu" 4
\&\s-1RSA\s0 private keys in \s-1JSON\s0 Web Key (\s-1JWK\s0) format
.Sp
See <http://tools.ietf.org/html/draft\-ietf\-jose\-json\-web\-key>
.Sp
.Vb 11
\& {
\& "kty":"RSA",
\& "n":"0vx7agoebGcQSuuPiLJXZpt...eZu0fM4lFd2NcRwr3XPksINHaQ\-G_xBniIqbw0Ls1jF44\-csFCur\-kEgU8awapJzKnqDKgw",
\& "e":"AQAB",
\& "d":"X4cTteJY_gn4FYPsXB8rdXi...FLN5EEaG6RoVH\-HLKD9Mdx5ooGURknhnrRwUkC7h5fJLMWbFAKLWY2v7B6NqSzUvx0_YSf",
\& "p":"83i\-7IvMGXoMXCskv73TKr8...Z27zvoj6pbUQyLPBQxtPnwD20\-60eTmD2ujMt5PoMrm8RmNhVWtjjMmMjOpSicFHjXOuVI",
\& "q":"3dfOR9cuYq\-0S\-mkFLzgItg...q3hWeMuG0ouqnb3obLyuqjVZQ1dIrdgTnCdYzBcOW5r37AFXjift_NGiovonzhKpoVVS78",
\& "dp":"G4sPXkc6Ya9y8oJW9_ILj4...zi_H7TkS8x5SdX3oE0oiYwxIiemTAu0UOa5pgFGyJ4c8t2VF40XRugKTP8akhFo5tA77Qe",
\& "dq":"s9lAH9fggBsoFR8Oac2R_E...T2kGOhvIllTE1efA6huUvMfBcpn8lqW6vzzYY5SSF7pMd_agI3G8IbpBUb0JiraRNUfLhc",
\& "qi":"GyM_p6JrXySiz1toFgKbWV...4ypu9bMWx3QJBfm0FoYzUIZEVEcOqwmRN81oDAaaBk0KWGDjJHDdDmFW3AN7I\-pux_mHZG",
\& }
.Ve
.Sp
\&\fB\s-1BEWARE:\s0\fR For \s-1JWK\s0 support you need to have \s-1JSON\s0 module installed.
.IP "\(bu" 4
\&\s-1RSA\s0 public keys in \s-1JSON\s0 Web Key (\s-1JWK\s0) format
.Sp
.Vb 5
\& {
\& "kty":"RSA",
\& "n": "0vx7agoebGcQSuuPiLJXZp...tN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECP",
\& "e":"AQAB",
\& }
.Ve
.Sp
\&\fB\s-1BEWARE:\s0\fR For \s-1JWK\s0 support you need to have \s-1JSON\s0 module installed.
.SS "export_key_der"
.IX Subsection "export_key_der"
.Vb 3
\& my $private_der = $pk\->export_key_der(\*(Aqprivate\*(Aq);
\& #or
\& my $public_der = $pk\->export_key_der(\*(Aqpublic\*(Aq);
.Ve
.SS "export_key_pem"
.IX Subsection "export_key_pem"
.Vb 5
\& my $private_pem = $pk\->export_key_pem(\*(Aqprivate\*(Aq);
\& #or
\& my $public_pem = $pk\->export_key_pem(\*(Aqpublic\*(Aq);
\& #or
\& my $public_pem = $pk\->export_key_pem(\*(Aqpublic_x509\*(Aq);
.Ve
.PP
With parameter \f(CW\*(Aqpublic\*(Aq\fR uses header and footer lines:
.PP
.Vb 2
\& \-\-\-\-\-BEGIN RSA PUBLIC KEY\-\-\-\-\-\-
\& \-\-\-\-\-END RSA PUBLIC KEY\-\-\-\-\-\-
.Ve
.PP
With parameter \f(CW\*(Aqpublic_x509\*(Aq\fR uses header and footer lines:
.PP
.Vb 2
\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-\-
\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\-\-
.Ve
.PP
Support for password protected \s-1PEM\s0 keys
.PP
.Vb 3
\& my $private_pem = $pk\->export_key_pem(\*(Aqprivate\*(Aq, $password);
\& #or
\& my $private_pem = $pk\->export_key_pem(\*(Aqprivate\*(Aq, $password, $cipher);
\&
\& # supported ciphers: \*(AqDES\-CBC\*(Aq
\& # \*(AqDES\-EDE3\-CBC\*(Aq
\& # \*(AqSEED\-CBC\*(Aq
\& # \*(AqCAMELLIA\-128\-CBC\*(Aq
\& # \*(AqCAMELLIA\-192\-CBC\*(Aq
\& # \*(AqCAMELLIA\-256\-CBC\*(Aq
\& # \*(AqAES\-128\-CBC\*(Aq
\& # \*(AqAES\-192\-CBC\*(Aq
\& # \*(AqAES\-256\-CBC\*(Aq (DEFAULT)
.Ve
.SS "export_key_jwk"
.IX Subsection "export_key_jwk"
\&\fISince: CryptX\-0.022\fR
.PP
Exports public/private keys as a \s-1JSON\s0 Web Key (\s-1JWK\s0).
.PP
.Vb 3
\& my $private_json_text = $pk\->export_key_jwk(\*(Aqprivate\*(Aq);
\& #or
\& my $public_json_text = $pk\->export_key_jwk(\*(Aqpublic\*(Aq);
.Ve
.PP
Also exports public/private keys as a perl \s-1HASH\s0 with \s-1JWK\s0 structure.
.PP
.Vb 3
\& my $jwk_hash = $pk\->export_key_jwk(\*(Aqprivate\*(Aq, 1);
\& #or
\& my $jwk_hash = $pk\->export_key_jwk(\*(Aqpublic\*(Aq, 1);
.Ve
.PP
\&\fB\s-1BEWARE:\s0\fR For \s-1JWK\s0 support you need to have \s-1JSON\s0 module installed.
.SS "export_key_jwk_thumbprint"
.IX Subsection "export_key_jwk_thumbprint"
\&\fISince: CryptX\-0.031\fR
.PP
Exports the key's \s-1JSON\s0 Web Key Thumbprint as a string.
.PP
If you don't know what this is, see \s-1RFC 7638\s0 <https://tools.ietf.org/html/rfc7638>.
.PP
.Vb 1
\& my $thumbprint = $pk\->export_key_jwk_thumbprint(\*(AqSHA256\*(Aq);
.Ve
.SS "encrypt"
.IX Subsection "encrypt"
.Vb 6
\& my $pk = Crypt::PK::RSA\->new($pub_key_filename);
\& my $ct = $pk\->encrypt($message);
\& #or
\& my $ct = $pk\->encrypt($message, $padding);
\& #or
\& my $ct = $pk\->encrypt($message, \*(Aqoaep\*(Aq, $hash_name, $lparam);
\&
\& # $padding .................... \*(Aqoaep\*(Aq (DEFAULT), \*(Aqv1.5\*(Aq or \*(Aqnone\*(Aq (INSECURE)
\& # $hash_name (only for oaep) .. \*(AqSHA1\*(Aq (DEFAULT), \*(AqSHA256\*(Aq or any other hash supported by Crypt::Digest
\& # $lparam (only for oaep) ..... DEFAULT is empty string
.Ve
.SS "decrypt"
.IX Subsection "decrypt"
.Vb 6
\& my $pk = Crypt::PK::RSA\->new($priv_key_filename);
\& my $pt = $pk\->decrypt($ciphertext);
\& #or
\& my $pt = $pk\->decrypt($ciphertext, $padding);
\& #or
\& my $pt = $pk\->decrypt($ciphertext, \*(Aqoaep\*(Aq, $hash_name, $lparam);
\&
\& # $padding .................... \*(Aqoaep\*(Aq (DEFAULT), \*(Aqv1.5\*(Aq or \*(Aqnone\*(Aq (INSECURE)
\& # $hash_name (only for oaep) .. \*(AqSHA1\*(Aq (DEFAULT), \*(AqSHA256\*(Aq or any other hash supported by Crypt::Digest
\& # $lparam (only for oaep) ..... DEFAULT is empty string
.Ve
.SS "sign_message"
.IX Subsection "sign_message"
.Vb 8
\& my $pk = Crypt::PK::RSA\->new($priv_key_filename);
\& my $signature = $priv\->sign_message($message);
\& #or
\& my $signature = $priv\->sign_message($message, $hash_name);
\& #or
\& my $signature = $priv\->sign_message($message, $hash_name, $padding);
\& #or
\& my $signature = $priv\->sign_message($message, $hash_name, \*(Aqpss\*(Aq, $saltlen);
\&
\& # $hash_name ............... \*(AqSHA1\*(Aq (DEFAULT), \*(AqSHA256\*(Aq or any other hash supported by Crypt::Digest
\& # $padding ................. \*(Aqpss\*(Aq (DEFAULT) or \*(Aqv1.5\*(Aq or \*(Aqnone\*(Aq (INSECURE)
\& # $saltlen (only for pss) .. DEFAULT is 12
.Ve
.SS "verify_message"
.IX Subsection "verify_message"
.Vb 8
\& my $pk = Crypt::PK::RSA\->new($pub_key_filename);
\& my $valid = $pub\->verify_message($signature, $message);
\& #or
\& my $valid = $pub\->verify_message($signature, $message, $hash_name);
\& #or
\& my $valid = $pub\->verify_message($signature, $message, $hash_name, $padding);
\& #or
\& my $valid = $pub\->verify_message($signature, $message, $hash_name, \*(Aqpss\*(Aq, $saltlen);
\&
\& # $hash_name ............... \*(AqSHA1\*(Aq (DEFAULT), \*(AqSHA256\*(Aq or any other hash supported by Crypt::Digest
\& # $padding ................. \*(Aqpss\*(Aq (DEFAULT) or \*(Aqv1.5\*(Aq or \*(Aqnone\*(Aq (INSECURE)
\& # $saltlen (only for pss) .. DEFAULT is 12
.Ve
.SS "sign_hash"
.IX Subsection "sign_hash"
.Vb 8
\& my $pk = Crypt::PK::RSA\->new($priv_key_filename);
\& my $signature = $priv\->sign_hash($message_hash);
\& #or
\& my $signature = $priv\->sign_hash($message_hash, $hash_name);
\& #or
\& my $signature = $priv\->sign_hash($message_hash, $hash_name, $padding);
\& #or
\& my $signature = $priv\->sign_hash($message_hash, $hash_name, \*(Aqpss\*(Aq, $saltlen);
\&
\& # $hash_name ............... \*(AqSHA1\*(Aq (DEFAULT), \*(AqSHA256\*(Aq or any other hash supported by Crypt::Digest
\& # $padding ................. \*(Aqpss\*(Aq (DEFAULT) or \*(Aqv1.5\*(Aq or \*(Aqnone\*(Aq (INSECURE)
\& # $saltlen (only for pss) .. DEFAULT is 12
.Ve
.SS "verify_hash"
.IX Subsection "verify_hash"
.Vb 8
\& my $pk = Crypt::PK::RSA\->new($pub_key_filename);
\& my $valid = $pub\->verify_hash($signature, $message_hash);
\& #or
\& my $valid = $pub\->verify_hash($signature, $message_hash, $hash_name);
\& #or
\& my $valid = $pub\->verify_hash($signature, $message_hash, $hash_name, $padding);
\& #or
\& my $valid = $pub\->verify_hash($signature, $message_hash, $hash_name, \*(Aqpss\*(Aq, $saltlen);
\&
\& # $hash_name ............... \*(AqSHA1\*(Aq (DEFAULT), \*(AqSHA256\*(Aq or any other hash supported by Crypt::Digest
\& # $padding ................. \*(Aqpss\*(Aq (DEFAULT) or \*(Aqv1.5\*(Aq or \*(Aqnone\*(Aq (INSECURE)
\& # $saltlen (only for pss) .. DEFAULT is 12
.Ve
.SS "is_private"
.IX Subsection "is_private"
.Vb 4
\& my $rv = $pk\->is_private;
\& # 1 .. private key loaded
\& # 0 .. public key loaded
\& # undef .. no key loaded
.Ve
.SS "size"
.IX Subsection "size"
.Vb 2
\& my $size = $pk\->size;
\& # returns key size in bytes or undef if no key loaded
.Ve
.SS "key2hash"
.IX Subsection "key2hash"
.Vb 1
\& my $hash = $pk\->key2hash;
\&
\& # returns hash like this (or undef if no key loaded):
\& {
\& type => 1, # integer: 1 .. private, 0 .. public
\& size => 256, # integer: key size in bytes
\& # all the rest are hex strings
\& e => "10001", #public exponent
\& d => "9ED5C3D3F866E06957CA0E9478A273C39BBDA4EEAC5B...", #private exponent
\& N => "D0A5CCCAE03DF9C2F5C4C8C0CE840D62CDE279990DC6...", #modulus
\& p => "D3EF0028FFAB508E2773C659E428A80FB0E9211346B4...", #p factor of N
\& q => "FC07E46B163CAB6A83B8E467D169534B2077DCDEECAE...", #q factor of N
\& qP => "88C6D406F833DF73C8B734548E0385261AD51F4187CF...", #1/q mod p CRT param
\& dP => "486F142FEF0A1F53269AC43D2EE4D263E2841B60DA36...", #d mod (p \- 1) CRT param
\& dQ => "4597284B2968B72C4212DB7E8F24360B987B80514DA9...", #d mod (q \- 1) CRT param
\& }
.Ve
.SH "FUNCTIONS"
.IX Header "FUNCTIONS"
.SS "rsa_encrypt"
.IX Subsection "rsa_encrypt"
\&\s-1RSA\s0 based encryption. See method \*(L"encrypt\*(R" below.
.PP
.Vb 7
\& my $ct = rsa_encrypt($pub_key_filename, $message);
\& #or
\& my $ct = rsa_encrypt(\e$buffer_containing_pub_key, $message);
\& #or
\& my $ct = rsa_encrypt($pub_key, $message, $padding);
\& #or
\& my $ct = rsa_encrypt($pub_key, $message, \*(Aqoaep\*(Aq, $hash_name, $lparam);
\&
\& # $padding .................... \*(Aqoaep\*(Aq (DEFAULT), \*(Aqv1.5\*(Aq or \*(Aqnone\*(Aq (INSECURE)
\& # $hash_name (only for oaep) .. \*(AqSHA1\*(Aq (DEFAULT), \*(AqSHA256\*(Aq or any other hash supported by Crypt::Digest
\& # $lparam (only for oaep) ..... DEFAULT is empty string
.Ve
.SS "rsa_decrypt"
.IX Subsection "rsa_decrypt"
\&\s-1RSA\s0 based decryption. See method \*(L"decrypt\*(R" below.
.PP
.Vb 7
\& my $pt = rsa_decrypt($priv_key_filename, $ciphertext);
\& #or
\& my $pt = rsa_decrypt(\e$buffer_containing_priv_key, $ciphertext);
\& #or
\& my $pt = rsa_decrypt($priv_key, $ciphertext, $padding);
\& #or
\& my $pt = rsa_decrypt($priv_key, $ciphertext, \*(Aqoaep\*(Aq, $hash_name, $lparam);
\&
\& # $padding .................... \*(Aqoaep\*(Aq (DEFAULT), \*(Aqv1.5\*(Aq or \*(Aqnone\*(Aq (INSECURE)
\& # $hash_name (only for oaep) .. \*(AqSHA1\*(Aq (DEFAULT), \*(AqSHA256\*(Aq or any other hash supported by Crypt::Digest
\& # $lparam (only for oaep) ..... DEFAULT is empty string
.Ve
.SS "rsa_sign_message"
.IX Subsection "rsa_sign_message"
Generate \s-1RSA\s0 signature. See method \*(L"sign_message\*(R" below.
.PP
.Vb 9
\& my $sig = rsa_sign_message($priv_key_filename, $message);
\& #or
\& my $sig = rsa_sign_message(\e$buffer_containing_priv_key, $message);
\& #or
\& my $sig = rsa_sign_message($priv_key, $message, $hash_name);
\& #or
\& my $sig = rsa_sign_message($priv_key, $message, $hash_name, $padding);
\& #or
\& my $sig = rsa_sign_message($priv_key, $message, $hash_name, \*(Aqpss\*(Aq, $saltlen);
\&
\& # $hash_name ............... \*(AqSHA1\*(Aq (DEFAULT), \*(AqSHA256\*(Aq or any other hash supported by Crypt::Digest
\& # $padding ................. \*(Aqpss\*(Aq (DEFAULT) or \*(Aqv1.5\*(Aq or \*(Aqnone\*(Aq (INSECURE)
\& # $saltlen (only for pss) .. DEFAULT is 12
.Ve
.SS "rsa_verify_message"
.IX Subsection "rsa_verify_message"
Verify \s-1RSA\s0 signature. See method \*(L"verify_message\*(R" below.
.PP
.Vb 9
\& rsa_verify_message($pub_key_filename, $signature, $message) or die "ERROR";
\& #or
\& rsa_verify_message(\e$buffer_containing_pub_key, $signature, $message) or die "ERROR";
\& #or
\& rsa_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";
\& #or
\& rsa_verify_message($pub_key, $signature, $message, $hash_name, $padding) or die "ERROR";
\& #or
\& rsa_verify_message($pub_key, $signature, $message, $hash_name, \*(Aqpss\*(Aq, $saltlen) or die "ERROR";
\&
\& # $hash_name ............... \*(AqSHA1\*(Aq (DEFAULT), \*(AqSHA256\*(Aq or any other hash supported by Crypt::Digest
\& # $padding ................. \*(Aqpss\*(Aq (DEFAULT) or \*(Aqv1.5\*(Aq or \*(Aqnone\*(Aq (INSECURE)
\& # $saltlen (only for pss) .. DEFAULT is 12
.Ve
.SS "rsa_sign_hash"
.IX Subsection "rsa_sign_hash"
Generate \s-1RSA\s0 signature. See method \*(L"sign_hash\*(R" below.
.PP
.Vb 9
\& my $sig = rsa_sign_hash($priv_key_filename, $message_hash);
\& #or
\& my $sig = rsa_sign_hash(\e$buffer_containing_priv_key, $message_hash);
\& #or
\& my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name);
\& #or
\& my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, $padding);
\& #or
\& my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, \*(Aqpss\*(Aq, $saltlen);
\&
\& # $hash_name ............... \*(AqSHA1\*(Aq (DEFAULT), \*(AqSHA256\*(Aq or any other hash supported by Crypt::Digest
\& # $padding ................. \*(Aqpss\*(Aq (DEFAULT) or \*(Aqv1.5\*(Aq or \*(Aqnone\*(Aq (INSECURE)
\& # $saltlen (only for pss) .. DEFAULT is 12
.Ve
.SS "rsa_verify_hash"
.IX Subsection "rsa_verify_hash"
Verify \s-1RSA\s0 signature. See method \*(L"verify_hash\*(R" below.
.PP
.Vb 9
\& rsa_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR";
\& #or
\& rsa_verify_hash(\e$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";
\& #or
\& rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name) or die "ERROR";
\& #or
\& rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, $padding) or die "ERROR";
\& #or
\& rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, \*(Aqpss\*(Aq, $saltlen) or die "ERROR";
\&
\& # $hash_name ............... \*(AqSHA1\*(Aq (DEFAULT), \*(AqSHA256\*(Aq or any other hash supported by Crypt::Digest
\& # $padding ................. \*(Aqpss\*(Aq (DEFAULT) or \*(Aqv1.5\*(Aq or \*(Aqnone\*(Aq (INSECURE)
\& # $saltlen (only for pss) .. DEFAULT is 12
.Ve
.SH "OpenSSL interoperability"
.IX Header "OpenSSL interoperability"
.Vb 4
\& ### let\*(Aqs have:
\& # RSA private key in PEM format \- rsakey.priv.pem
\& # RSA public key in PEM format \- rsakey.pub.pem
\& # data file to be signed or encrypted \- input.data
.Ve
.SS "Encrypt by OpenSSL, decrypt by Crypt::PK::RSA"
.IX Subsection "Encrypt by OpenSSL, decrypt by Crypt::PK::RSA"
Create encrypted file (from commandline):
.PP
.Vb 1
\& openssl rsautl \-encrypt \-inkey rsakey.pub.pem \-pubin \-out input.encrypted.rsa \-in input.data
.Ve
.PP
Decrypt file (Perl code):
.PP
.Vb 2
\& use Crypt::PK::RSA;
\& use Crypt::Misc \*(Aqread_rawfile\*(Aq;
\&
\& my $pkrsa = Crypt::PK::RSA\->new("rsakey.priv.pem");
\& my $encfile = read_rawfile("input.encrypted.rsa");
\& my $plaintext = $pkrsa\->decrypt($encfile, \*(Aqv1.5\*(Aq);
\& print $plaintext;
.Ve
.SS "Encrypt by Crypt::PK::RSA, decrypt by OpenSSL"
.IX Subsection "Encrypt by Crypt::PK::RSA, decrypt by OpenSSL"
Create encrypted file (Perl code):
.PP
.Vb 2
\& use Crypt::PK::RSA;
\& use Crypt::Misc \*(Aqwrite_rawfile\*(Aq;
\&
\& my $plaintext = \*(Aqsecret message\*(Aq;
\& my $pkrsa = Crypt::PK::RSA\->new("rsakey.pub.pem");
\& my $encrypted = $pkrsa\->encrypt($plaintext, \*(Aqv1.5\*(Aq);
\& write_rawfile("input.encrypted.rsa", $encrypted);
.Ve
.PP
Decrypt file (from commandline):
.PP
.Vb 1
\& openssl rsautl \-decrypt \-inkey rsakey.priv.pem \-in input.encrypted.rsa
.Ve
.SS "Sign by OpenSSL, verify by Crypt::PK::RSA"
.IX Subsection "Sign by OpenSSL, verify by Crypt::PK::RSA"
Create signature (from commandline):
.PP
.Vb 1
\& openssl dgst \-sha1 \-sign rsakey.priv.pem \-out input.sha1\-rsa.sig input.data
.Ve
.PP
Verify signature (Perl code):
.PP
.Vb 3
\& use Crypt::PK::RSA;
\& use Crypt::Digest \*(Aqdigest_file\*(Aq;
\& use Crypt::Misc \*(Aqread_rawfile\*(Aq;
\&
\& my $pkrsa = Crypt::PK::RSA\->new("rsakey.pub.pem");
\& my $signature = read_rawfile("input.sha1\-rsa.sig");
\& my $valid = $pkrsa\->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5");
\& print $valid ? "SUCCESS" : "FAILURE";
.Ve
.SS "Sign by Crypt::PK::RSA, verify by OpenSSL"
.IX Subsection "Sign by Crypt::PK::RSA, verify by OpenSSL"
Create signature (Perl code):
.PP
.Vb 3
\& use Crypt::PK::RSA;
\& use Crypt::Digest \*(Aqdigest_file\*(Aq;
\& use Crypt::Misc \*(Aqwrite_rawfile\*(Aq;
\&
\& my $pkrsa = Crypt::PK::RSA\->new("rsakey.priv.pem");
\& my $signature = $pkrsa\->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5");
\& write_rawfile("input.sha1\-rsa.sig", $signature);
.Ve
.PP
Verify signature (from commandline):
.PP
.Vb 1
\& openssl dgst \-sha1 \-verify rsakey.pub.pem \-signature input.sha1\-rsa.sig input.data
.Ve
.SS "Keys generated by Crypt::PK::RSA"
.IX Subsection "Keys generated by Crypt::PK::RSA"
Generate keys (Perl code):
.PP
.Vb 2
\& use Crypt::PK::RSA;
\& use Crypt::Misc \*(Aqwrite_rawfile\*(Aq;
\&
\& my $pkrsa = Crypt::PK::RSA\->new;
\& $pkrsa\->generate_key(256, 65537);
\& write_rawfile("rsakey.pub.der", $pkrsa\->export_key_der(\*(Aqpublic\*(Aq));
\& write_rawfile("rsakey.priv.der", $pkrsa\->export_key_der(\*(Aqprivate\*(Aq));
\& write_rawfile("rsakey.pub.pem", $pkrsa\->export_key_pem(\*(Aqpublic_x509\*(Aq));
\& write_rawfile("rsakey.priv.pem", $pkrsa\->export_key_pem(\*(Aqprivate\*(Aq));
\& write_rawfile("rsakey\-passwd.priv.pem", $pkrsa\->export_key_pem(\*(Aqprivate\*(Aq, \*(Aqsecret\*(Aq));
.Ve
.PP
Use keys by OpenSSL:
.PP
.Vb 5
\& openssl rsa \-in rsakey.priv.der \-text \-inform der
\& openssl rsa \-in rsakey.priv.pem \-text
\& openssl rsa \-in rsakey\-passwd.priv.pem \-text \-inform pem \-passin pass:secret
\& openssl rsa \-in rsakey.pub.der \-pubin \-text \-inform der
\& openssl rsa \-in rsakey.pub.pem \-pubin \-text
.Ve
.SS "Keys generated by OpenSSL"
.IX Subsection "Keys generated by OpenSSL"
Generate keys:
.PP
.Vb 5
\& openssl genrsa \-out rsakey.priv.pem 1024
\& openssl rsa \-in rsakey.priv.pem \-out rsakey.priv.der \-outform der
\& openssl rsa \-in rsakey.priv.pem \-out rsakey.pub.pem \-pubout
\& openssl rsa \-in rsakey.priv.pem \-out rsakey.pub.der \-outform der \-pubout
\& openssl rsa \-in rsakey.priv.pem \-passout pass:secret \-des3 \-out rsakey\-passwd.priv.pem
.Ve
.PP
Load keys (Perl code):
.PP
.Vb 1
\& use Crypt::PK::RSA;
\&
\& my $pkrsa = Crypt::PK::RSA\->new;
\& $pkrsa\->import_key("rsakey.pub.der");
\& $pkrsa\->import_key("rsakey.priv.der");
\& $pkrsa\->import_key("rsakey.pub.pem");
\& $pkrsa\->import_key("rsakey.priv.pem");
\& $pkrsa\->import_key("rsakey\-passwd.priv.pem", "secret");
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
.IP "\(bu" 4
<https://en.wikipedia.org/wiki/RSA_%28algorithm%29>