Crypt::PK::Ed25519 − Digital signature based on Ed25519
use
Crypt::PK::Ed25519;
#Signature: Alice
my $priv =
Crypt::PK::Ed25519−>new('Alice_priv_ed25519.der');
my $sig = $priv−>sign_message($message);
#Signature: Bob (received $message + $sig)
my $pub =
Crypt::PK::Ed25519−>new('Alice_pub_ed25519.der');
$pub−>verify_message($sig, $message) or die
"ERROR";
#Load key
my $pk = Crypt::PK::Ed25519−>new;
my $pk_hex =
"A05D1AEA5830AC9A65CDFB384660D497E3697C46B419CF2CEC85DE8BD245459D";
$pk−>import_key_raw(pack("H*", $pk_hex),
"public");
my $sk = Crypt::PK::Ed25519−>new;
my $sk_hex =
"45C109BA6FD24E8B67D23EFB6B92D99CD457E2137172C0D749FE2B5A0C142DAD";
$sk−>import_key_raw(pack("H*", $sk_hex),
"private");
#Key generation
my $pk =
Crypt::PK::Ed25519−>new−>generate_key;
my $private_der = $pk−>export_key_der('private');
my $public_der = $pk−>export_key_der('public');
my $private_pem = $pk−>export_key_pem('private');
my $public_pem = $pk−>export_key_pem('public');
my $private_raw = $pk−>export_key_raw('private');
my $public_raw = $pk−>export_key_raw('public');
my $private_jwk = $pk−>export_key_jwk('private');
my $public_jwk = $pk−>export_key_jwk('public');
Since: CryptX−0.067
my $pk =
Crypt::PK::Ed25519−>new();
#or
my $pk =
Crypt::PK::Ed25519−>new($priv_or_pub_key_filename);
#or
my $pk =
Crypt::PK::Ed25519−>new(\$buffer_containing_priv_or_pub_key);
Support for password protected PEM keys
my $pk =
Crypt::PK::Ed25519−>new($priv_pem_key_filename,
$password);
#or
my $pk =
Crypt::PK::Ed25519−>new(\$buffer_containing_priv_pem_key,
$password);
Uses Yarrow-based cryptographically strong random number generator seeded with random data taken from "/dev/random" (UNIX) or "CryptGenRandom" (Win32).
$pk−>generate_key;
Loads private or public key in DER or PEM format.
$pk−>import_key($filename);
#or
$pk−>import_key(\$buffer_containing_key);
Support for password protected PEM keys:
$pk−>import_key($filename,
$password);
#or
$pk−>import_key(\$buffer_containing_key,
$password);
Loading private or public keys form perl hash:
$pk−>import_key($hashref);
# the $hashref is either a key exported via key2hash
$pk−>import_key({
curve => "ed25519",
pub =>
"A05D1AEA5830AC9A65CDFB384660D497E3697C46B419CF2CEC85DE8BD245459D",
priv =>
"45C109BA6FD24E8B67D23EFB6B92D99CD457E2137172C0D749FE2B5A0C142DAD",
});
# or a hash with items corresponding to JWK (JSON Web Key)
$pk−>import_key({
kty => "OKP",
crv => "Ed25519",
d =>
"RcEJum_STotn0j77a5LZnNRX4hNxcsDXSf4rWgwULa0",
x =>
"oF0a6lgwrJplzfs4RmDUl−NpfEa0Gc8s7IXei9JFRZ0",
});
Supported key formats:
# all formats
can be loaded from a file
my $pk = Crypt::PK::Ed25519−>new($filename);
# or from a buffer containing the key
my $pk =
Crypt::PK::Ed25519−>new(\$buffer_with_key);
• |
Ed25519 private keys in PEM format |
−−−−−BEGIN
ED25519 PRIVATE KEY−−−−−
MC4CAQAwBQYDK2VwBCIEIEXBCbpv0k6LZ9I++2uS2ZzUV+ITcXLA10n+K1oMFC2t
−−−−−END ED25519 PRIVATE
KEY−−−−−
• |
Ed25519 private keys in password protected PEM format |
−−−−−BEGIN
ED25519 PRIVATE KEY−−−−−
Proc−Type: 4,ENCRYPTED
DEK−Info: DES−CBC,6A64D756D49C1EFF
8xQ7OyfQ10IITNEKcJGZA53Z1yk+NJQU7hrKqXwChZtgWNInhMBJRl9pozLKDSkH
v7u6EOve8NY=
−−−−−END ED25519 PRIVATE
KEY−−−−−
• |
PKCS#8 private keys |
−−−−−BEGIN
PRIVATE KEY−−−−−
MC4CAQAwBQYDK2VwBCIEIEXBCbpv0k6LZ9I++2uS2ZzUV+ITcXLA10n+K1oMFC2t
−−−−−END PRIVATE
KEY−−−−−
• |
PKCS#8 encrypted private keys |
−−−−−BEGIN
ENCRYPTED PRIVATE KEY−−−−−
MIGHMEsGCSqGSIb3DQEFDTA+MCkGCSqGSIb3DQEFDDAcBAjPx9JkdpRH2QICCAAw
DAYIKoZIhvcNAgkFADARBgUrDgMCBwQIWWieQojaWTcEOGj43SxqHUys4Eb2M27N
AkhqpmhosOxKrpGi0L3h8m8ipHE8EwI94NeOMsjfVw60aJuCrssY5vKN
−−−−−END ENCRYPTED PRIVATE
KEY−−−−−
• |
Ed25519 public keys in PEM format |
−−−−−BEGIN
PUBLIC KEY−−−−−
MCowBQYDK2VwAyEAoF0a6lgwrJplzfs4RmDUl+NpfEa0Gc8s7IXei9JFRZ0=
−−−−−END PUBLIC
KEY−−−−−
• |
Ed25519 public key from X509 certificate |
−−−−−BEGIN
CERTIFICATE−−−−−
MIIBODCB66ADAgECAhRWDU9FZBBUZ7KTdX8f7Bco8jsoaTAFBgMrZXAwETEPMA0G
A1UEAwwGQ3J5cHRYMCAXDTIwMDExOTEzMDIwMloYDzIyOTMxMTAyMTMwMjAyWjAR
MQ8wDQYDVQQDDAZDcnlwdFgwKjAFBgMrZXADIQCgXRrqWDCsmmXN+zhGYNSX42l8
RrQZzyzshd6L0kVFnaNTMFEwHQYDVR0OBBYEFHCGFtVibAxxWYyRt5wazMpqSZDV
MB8GA1UdIwQYMBaAFHCGFtVibAxxWYyRt5wazMpqSZDVMA8GA1UdEwEB/wQFMAMB
Af8wBQYDK2VwA0EAqG/+98smzqF/wmFX3zHXSaA67as202HnBJod1Tiurw1f+lr3
BX6OMtsDpgRq9O77IF1Qyx/MdJEwwErczOIbAA==
−−−−−END
CERTIFICATE−−−−−
• |
SSH public Ed25519 keys |
ssh−ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0XsiFcRDp6Hpsoak8OdiiBMJhM2UKszNTxoGS7dJ++
• |
SSH public Ed25519 keys (RFC−4716 format) |
−−−−
BEGIN SSH2 PUBLIC KEY −−−−
Comment: "256−bit ED25519, converted from
OpenSSH"
AAAAC3NzaC1lZDI1NTE5AAAAIL0XsiFcRDp6Hpsoak8OdiiBMJhM2UKszNTxoGS7dJ++
−−−− END SSH2 PUBLIC KEY
−−−−
• |
Ed25519 private keys in JSON Web Key (JWK) format |
See <https://tools.ietf.org/html/rfc8037>
{
"kty":"OKP",
"crv":"Ed25519",
"x":"oF0a6lgwrJplzfs4RmDUl−NpfEa0Gc8s7IXei9JFRZ0",
"d":"RcEJum_STotn0j77a5LZnNRX4hNxcsDXSf4rWgwULa0",
}
BEWARE: For JWK support you need to have JSON module installed.
• |
Ed25519 public keys in JSON Web Key (JWK) format |
{
"kty":"OKP",
"crv":"Ed25519",
"x":"oF0a6lgwrJplzfs4RmDUl−NpfEa0Gc8s7IXei9JFRZ0",
}
BEWARE: For JWK support you need to have JSON module installed.
Import raw public/private key − can load raw key data exported by "export_key_raw".
$pk−>import_key_raw($key,
'public');
$pk−>import_key_raw($key, 'private');
my $private_der
= $pk−>export_key_der('private');
#or
my $public_der = $pk−>export_key_der('public');
my $private_pem
= $pk−>export_key_pem('private');
#or
my $public_pem = $pk−>export_key_pem('public');
Support for password protected PEM keys
my $private_pem
= $pk−>export_key_pem('private', $password);
#or
my $private_pem = $pk−>export_key_pem('private',
$password, $cipher);
# supported ciphers: 'DES−CBC'
# 'DES−EDE3−CBC'
# 'SEED−CBC'
# 'CAMELLIA−128−CBC'
# 'CAMELLIA−192−CBC'
# 'CAMELLIA−256−CBC'
# 'AES−128−CBC'
# 'AES−192−CBC'
# 'AES−256−CBC' (DEFAULT)
Exports public/private keys as a JSON Web Key (JWK).
my
$private_json_text =
$pk−>export_key_jwk('private');
#or
my $public_json_text =
$pk−>export_key_jwk('public');
Also exports public/private keys as a perl HASH with JWK structure.
my $jwk_hash =
$pk−>export_key_jwk('private', 1);
#or
my $jwk_hash = $pk−>export_key_jwk('public',
1);
BEWARE: For JWK support you need to have JSON module installed.
Export raw public/private key
my
$private_bytes = $pk−>export_key_raw('private');
#or
my $public_bytes =
$pk−>export_key_raw('public');
my $signature = $priv−>sign_message($message);
my $valid = $pub−>verify_message($signature, $message)
my $rv =
$pk−>is_private;
# 1 .. private key loaded
# 0 .. public key loaded
# undef .. no key loaded
my $hash =
$pk−>key2hash;
# returns hash like this (or undef if no key loaded):
{
curve => "ed25519",
# raw public key as a hexadecimal string
pub =>
"A05D1AEA5830AC9A65CDFB384660D497E3697C46B419CF2CEC85DE8BD245459D",
# raw private key as a hexadecimal string. undef if key is
public only
priv =>
"45C109BA6FD24E8B67D23EFB6B92D99CD457E2137172C0D749FE2B5A0C142DAD",
}
• |
<https://en.wikipedia.org/wiki/EdDSA#Ed25519> |
|||
• |
<https://en.wikipedia.org/wiki/Curve25519> |
|||
• |
<https://tools.ietf.org/html/rfc8032> |