GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  CRYPT::PK::ECC (3)

.ds Aq ’

NAME

Crypt::PK::ECC - Public key cryptography based on EC

CONTENTS

SYNOPSIS



 ### OO interface

 #Encryption: Alice
 my $pub = Crypt::PK::ECC->new(Bob_pub_ecc1.der);
 my $ct = $pub->encrypt("secret message");
 #
 #Encryption: Bob (received ciphertext $ct)
 my $priv = Crypt::PK::ECC->new(Bob_priv_ecc1.der);
 my $pt = $priv->decrypt($ct);

 #Signature: Alice
 my $priv = Crypt::PK::ECC->new(Alice_priv_ecc1.der);
 my $sig = $priv->sign_message($message);
 #
 #Signature: Bob (received $message + $sig)
 my $pub = Crypt::PK::ECC->new(Alice_pub_ecc1.der);
 $pub->verify_message($sig, $message) or die "ERROR";

 #Shared secret
 my $priv = Crypt::PK::ECC->new(Alice_priv_ecc1.der);
 my $pub = Crypt::PK::ECC->new(Bob_pub_ecc1.der);
 my $shared_secret = $priv->shared_secret($pub);

 #Key generation
 my $pk = Crypt::PK::ECC->new();
 $pk->generate_key(secp160r1);
 my $private_der = $pk->export_key_der(private);
 my $public_der = $pk->export_key_der(public);
 my $private_pem = $pk->export_key_pem(private);
 my $public_pem = $pk->export_key_pem(public);
 my $public_raw = $pk->export_key_raw(public);

 ### Functional interface

 #Encryption: Alice
 my $ct = ecc_encrypt(Bob_pub_ecc1.der, "secret message");
 #Encryption: Bob (received ciphertext $ct)
 my $pt = ecc_decrypt(Bob_priv_ecc1.der, $ct);

 #Signature: Alice
 my $sig = ecc_sign_message(Alice_priv_ecc1.der, $message);
 #Signature: Bob (received $message + $sig)
 ecc_verify_message(Alice_pub_ecc1.der, $sig, $message) or die "ERROR";

 #Shared secret
 my $shared_secret = ecc_shared_secret(Alice_priv_ecc1.der, Bob_pub_ecc1.der);



DESCRIPTION

The module provides a set of core ECC functions as well as implementation of ECDSA and ECDH.

Supports elliptic curves y^2 = x^3 + a*x + b over prime fields Fp = Z/pZ (binary fields not supported).

METHODS

    new



 my $pk = Crypt::PK::ECC->new();
 #or
 my $pk = Crypt::PK::ECC->new($priv_or_pub_key_filename);
 #or
 my $pk = Crypt::PK::ECC->new(\$buffer_containing_priv_or_pub_key);



Support for password protected PEM keys



 my $pk = Crypt::PK::ECC->new($priv_pem_key_filename, $password);
 #or
 my $pk = Crypt::PK::ECC->new(\$buffer_containing_priv_pem_key, $password);



    generate_key

Uses Yarrow-based cryptographically strong random number generator seeded with random data taken from /dev/random (UNIX) or CryptGenRandom (Win32).



 $pk->generate_key($curve_name);
 #or
 $pk->generate_key($hashref_with_curve_params);



The following pre-defined $curve_name values are supported:



 # curves from http://www.ecc-brainpool.org/download/Domain-parameters.pdf
 brainpoolp160r1
 brainpoolp192r1
 brainpoolp224r1
 brainpoolp256r1
 brainpoolp320r1
 brainpoolp384r1
 brainpoolp512r1
 # curves from http://www.secg.org/collateral/sec2_final.pdf
 secp112r1
 secp112r2
 secp128r1
 secp128r2
 secp160k1
 secp160r1
 secp160r2
 secp192k1
 secp192r1   ... same as nistp192, prime192v1
 secp224k1
 secp224r1   ... same as nistp224
 secp256k1   ... used by Bitcoin
 secp256r1   ... same as nistp256, prime256v1
 secp384r1   ... same as nistp384
 secp521r1   ... same as nistp521
 #curves from http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
 nistp192    ... same as secp192r1, prime192v1
 nistp224    ... same as secp224r1
 nistp256    ... same as secp256r1, prime256v1
 nistp384    ... same as secp384r1
 nistp521    ... same as secp521r1
 # curves from ANS X9.62
 prime192v1   ... same as nistp192, secp192r1
 prime192v2
 prime192v3
 prime239v1
 prime239v2
 prime239v3
 prime256v1   ... same as nistp256, secp256r1



Using custom curve parameters:



 $pk->generate_key({ prime    => FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF,
                     A        => FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC,
                     B        => 22123DC2395A05CAA7423DAECCC94760A7D462256BD56916,
                     Gx       => 7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896,
                     Gy       => 38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0,
                     order    => FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13,
                     cofactor => 1 });



See <http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>, <http://www.secg.org/collateral/sec2_final.pdf>, <http://www.ecc-brainpool.org/download/Domain-parameters.pdf>

    import_key

Loads private or public key in DER or PEM format.



 $pk->import_key($filename);
 #or
 $pk->import_key(\$buffer_containing_key);



Support for password protected PEM keys:



 $pk->import_key($filename, $password);
 #or
 $pk->import_key(\$buffer_containing_key, $password);



Loading private or public keys form perl hash:



 $pk->import_key($hashref);

 # the $hashref is either a key exported via key2hash
 $pk->import_key({
      curve_A        => "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
      curve_B        => "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
      curve_bits     => 160,
      curve_bytes    => 20,
      curve_cofactor => 1,
      curve_Gx       => "4A96B5688EF573284664698968C38BB913CBFC82",
      curve_Gy       => "23A628553168947D59DCC912042351377AC5FB32",
      curve_order    => "0100000000000000000001F4C8F927AED3CA752257",
      curve_prime    => "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
      k              => "B0EE84A749FE95DF997E33B8F333E12101E824C3",
      pub_x          => "5AE1ACE3ED0AEA9707CE5C0BCE014F6A2F15023A",
      pub_y          => "895D57E992D0A15F88D6680B27B701F615FCDC0F",
 });

 # or with the curve defined just by name
 $pk->import_key({
      curve_name => "secp160r1",
      k          => "B0EE84A749FE95DF997E33B8F333E12101E824C3",
      pub_x      => "5AE1ACE3ED0AEA9707CE5C0BCE014F6A2F15023A",
      pub_y      => "895D57E992D0A15F88D6680B27B701F615FCDC0F",
 });

 # or a hash with items corresponding to JWK (JSON Web Key)
 $pk->import_key({
       kty => "EC",
       crv => "P-256",
       x   => "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
       y   => "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
       d   => "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
 });



Supported key formats:



 # all formats can be loaded from a file
 my $pk = Crypt::PK::ECC->new($filename);

 # or from a buffer containing the key
 my $pk = Crypt::PK::ECC->new(\$buffer_with_key);



o EC private keys with with all curve parameters



 -----BEGIN EC PRIVATE KEY-----
 MIIB+gIBAQQwCKEAcA6cIt6CGfyLKm57LyXWv2PgTjydrHSbvhDJTOl+7bzUW8DS
 rgSdtSPONPq1oIIBWzCCAVcCAQEwPAYHKoZIzj0BAQIxAP//////////////////
 ///////////////////////+/////wAAAAAAAAAA/////zB7BDD/////////////
 /////////////////////////////v////8AAAAAAAAAAP////wEMLMxL6fiPufk
 mI4Fa+P4LRkYHZxu/oFBEgMUCI9QE4daxlY5jYou0Z0qhcjt0+wq7wMVAKM1kmqj
 GaJ6HQCJamdzpIJ6zaxzBGEEqofKIr6LBTeOscce8yCtdG4dO2KLp5uYWfdB4IJU
 KjhVAvJdv1UpbDpUXjhydgq3NhfeSpYmLG9dnpi/kpLcKfj0Hb0omhR86doxE7Xw
 uMAKYLHOHX6BnXpDHXyQ6g5fAjEA////////////////////////////////x2NN
 gfQ3Ld9YGg2ySLCneuzsGWrMxSlzAgEBoWQDYgAEeGyHPLmHcszPQ9MIIYnznpzi
 QbvuJtYSjCqtIGxDfzgcLcc3nCc5tBxo+qX6OJEzcWdDAC0bwplY+9Z9jHR3ylNy
 ovlHoK4ItdWkVO8NH89SLSRyVuOF8N5t3CHIo93B
 -----END EC PRIVATE KEY-----



o EC private keys with curve defined by OID (short form)



 -----BEGIN EC PRIVATE KEY-----
 MHcCAQEEIBG1c3z52T8XwMsahGVdOZWgKCQJfv+l7djuJjgetdbDoAoGCCqGSM49
 AwEHoUQDQgAEoBUyo8CQAFPeYPvv78ylh5MwFZjTCLQeb042TjiMJxG+9DLFmRSM
 lBQ9T/RsLLc+PmpB1+7yPAR+oR5gZn3kJQ==
 -----END EC PRIVATE KEY-----



o EC private keys in password protected PEM format



 -----BEGIN EC PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: AES-128-CBC,98245C830C9282F7937E13D1D5BA11EC

 0Y85oZ2+BKXYwrkBjsZdj6gnhOAfS5yDVmEsxFCDug+R3+Kw3QvyIfO4MVo9iWoA
 D7wtoRfbt2OlBaLVl553+6QrUoa2DyKf8kLHQs1x1/J7tJOMM4SCXjlrOaToQ0dT
 o7fOnjQjHne16pjgBVqGilY/I79Ab85AnE4uw7vgEucBEiU0d3nrhwuS2Opnhzyx
 009q9VLDPwY2+q7tXjTqnk9mCmQgsiaDJqY09wlauSukYPgVuOJFmi1VdkRSDKYZ
 rUUsQvz6Q6Q+QirSlfHna+NhUgQ2eyhGszwcP6NU8iqIxI+NCwfFVuAzw539yYwS
 8SICczoC/YRlaclayXuomQ==
 -----END EC PRIVATE KEY-----



o EC public keys with all curve parameters



 -----BEGIN PUBLIC KEY-----
 MIH1MIGuBgcqhkjOPQIBMIGiAgEBMCwGByqGSM49AQECIQD/////////////////
 ///////////////////+///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb
 /NstzijZWfKBWxb4F5hIOtp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIh
 AP////////////////////66rtzmr0igO7/SXozQNkFBAgEBA0IABITjF/nKK3jg
 pjmBRXKWAv7ekR1Ko/Nb5FFPHXjH0sDrpS7qRxFALwJHv7ylGnekgfKU3vzcewNs
 lvjpBYt0Yg4=
 -----END PUBLIC KEY-----



o EC public keys with curve defined by OID (short form)



 -----BEGIN PUBLIC KEY-----
 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoBUyo8CQAFPeYPvv78ylh5MwFZjT
 CLQeb042TjiMJxG+9DLFmRSMlBQ9T/RsLLc+PmpB1+7yPAR+oR5gZn3kJQ==
 -----END PUBLIC KEY-----



o PKCS#8 private keys with all curve parameters



 -----BEGIN PRIVATE KEY-----
 MIIBMAIBADCB0wYHKoZIzj0CATCBxwIBATAkBgcqhkjOPQEBAhkA////////////
 /////////v//////////MEsEGP////////////////////7//////////AQYIhI9
 wjlaBcqnQj2uzMlHYKfUYiVr1WkWAxUAxGloRDXes3jEtlypWR4qV2MFmi4EMQR9
 KXeBAMZaHaF4NxZYjc4ri0rujiKPGJY4qQ8iY3M3M0tJ3LZqbcj5l4rKdkipQ7AC
 GQD///////////////96YtAxyD9ClPZA7BMCAQEEVTBTAgEBBBiKolTGIsTgOCtl
 6dpdos0LvuaExCDFyT6hNAMyAAREwaCX0VY1LZxLW3G75tmft4p9uhc0J7/+NGaP
 DN3Tr7SXkT9+co2a+8KPJhQy10k=
 -----END PRIVATE KEY-----



o PKCS#8 private keys with curve defined by OID (short form)



 -----BEGIN PRIVATE KEY-----
 MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEVTBTAgEBBBjFP/caeQV4WO3fnWWS
 f917PGzwtypd/t+hNAMyAATSg6pBT7RO6l/p+aKcrFsGuthUdfwJWS5V3NGcVt1b
 lEHQYjWya2YnHaPq/iMFa7A=
 -----END PRIVATE KEY-----



o PKCS#8 encrypted private keys ARE NOT SUPPORTED YET!



 -----BEGIN ENCRYPTED PRIVATE KEY-----
 MIGYMBwGCiqGSIb3DQEMAQMwDgQINApjTa6oFl0CAggABHi+59l4d4e6KtG9yci2
 BSC65LEsQSnrnFAExfKptNU1zMFsDLCRvDeDQDbxc6HlfoxyqFL4SmH1g3RvC/Vv
 NfckdL5O2L8MRnM+ljkFtV2Te4fszWcJFdd7KiNOkPpn+7sWLfzQdvhHChLKUzmz
 4INKZyMv/G7VpZ0=
 -----END ENCRYPTED PRIVATE KEY-----



o SSH public EC keys



 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT...T3xYfJIs=



o SSH public EC keys (RFC-4716 format)



 ---- BEGIN SSH2 PUBLIC KEY ----
 Comment: "521-bit ECDSA, converted from OpenSSH"
 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFk35srteP9twCwYK
 vU9ovMBi77Dd6lEBPrFaMEb0CZdZ5MC3nSqflGHRWkSbUpjdPdO7cYQNpK9YXHbNSO5hbU
 1gFZgyiGFxwJYYz8NAjedBXMgyH4JWplK5FQm5P5cvaglItC9qkKioUXhCc67YMYBtivXl
 Ue0PgIq6kbHTqbX6+5Nw==
 ---- END SSH2 PUBLIC KEY ----



o EC private keys in JSON Web Key (JWK) format

See <http://tools.ietf.org/html/draft-ietf-jose-json-web-key>



 {
  "kty":"EC",
  "crv":"P-256",
  "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
  "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
  "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
 }



<B>BEWARE:B> For JWK support you need to have JSON::PP, JSON::XS or Cpanel::JSON::XS module.

o EC public keys in JSON Web Key (JWK) format



 {
  "kty":"EC",
  "crv":"P-256",
  "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
  "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
 }



<B>BEWARE:B> For JWK support you need to have JSON::PP, JSON::XS or Cpanel::JSON::XS module.

    import_key_raw

Import raw public/private key - can load data exported by export_key_raw.



 $pk->import_key_raw($key, $curve);
 # $key .... data exported by export_key_raw()
 # $curve .. curve name or hashref with curve parameters - same as by generate_key()



    export_key_der



 my $private_der = $pk->export_key_der(private);
 #or
 my $public_der = $pk->export_key_der(public);



    export_key_pem



 my $private_pem = $pk->export_key_pem(private);
 #or
 my $public_pem = $pk->export_key_pem(public);



Support for password protected PEM keys



 my $private_pem = $pk->export_key_pem(private, $password);
 #or
 my $private_pem = $pk->export_key_pem(private, $password, $cipher);

 # supported ciphers: DES-CBC
 #                    DES-EDE3-CBC
 #                    SEED-CBC
 #                    CAMELLIA-128-CBC
 #                    CAMELLIA-192-CBC
 #                    CAMELLIA-256-CBC
 #                    AES-128-CBC
 #                    AES-192-CBC
 #                    AES-256-CBC (DEFAULT)



    export_key_jwk

Exports public/private keys as a JSON Web Key (JWK).



 my $private_json_text = $pk->export_key_jwk(private);
 #or
 my $public_json_text = $pk->export_key_jwk(public);



Also exports public/private keys as a perl HASH with JWK structure.



 my $jwk_hash = $pk->export_key_jwk(private, 1);
 #or
 my $jwk_hash = $pk->export_key_jwk(public, 1);



<B>BEWARE:B> For JWK support you need to have JSON::PP, JSON::XS or Cpanel::JSON::XS module.

    export_key_raw

Export raw public/private key. Public key is exported in ANS X9.63 format (compressed or uncompressed), private key is exported as raw bytes (padded with leading zeros to have the same size as the ECC curve).



 my $pubkey_octets  = $pk->export_key_raw(public);
 #or
 my $pubckey_octets = $pk->export_key_raw(public_compressed);
 #or
 my $privkey_octets = $pk->export_key_raw(private);



    encrypt



 my $pk = Crypt::PK::ECC->new($pub_key_filename);
 my $ct = $pk->encrypt($message);
 #or
 my $ct = $pk->encrypt($message, $hash_name);

 #NOTE: $hash_name can be SHA1 (DEFAULT), SHA256 or any other hash supported by Crypt::Digest



    decrypt



 my $pk = Crypt::PK::ECC->new($priv_key_filename);
 my $pt = $pk->decrypt($ciphertext);



    sign_message



 my $pk = Crypt::PK::ECC->new($priv_key_filename);
 my $signature = $priv->sign_message($message);
 #or
 my $signature = $priv->sign_message($message, $hash_name);

 #NOTE: $hash_name can be SHA1 (DEFAULT), SHA256 or any other hash supported by Crypt::Digest



    sign_message_rfc7518

Same as sign_message only the signature format is as defined by <https://tools.ietf.org/html/rfc7518> (JWA - JSON Web Algorithms).

    verify_message



 my $pk = Crypt::PK::ECC->new($pub_key_filename);
 my $valid = $pub->verify_message($signature, $message)
 #or
 my $valid = $pub->verify_message($signature, $message, $hash_name);

 #NOTE: $hash_name can be SHA1 (DEFAULT), SHA256 or any other hash supported by Crypt::Digest



    verify_message_rfc7518

Same as verify_message only the signature format is as defined by <https://tools.ietf.org/html/rfc7518> (JWA - JSON Web Algorithms).

    sign_hash



 my $pk = Crypt::PK::ECC->new($priv_key_filename);
 my $signature = $priv->sign_hash($message_hash);



    verify_hash



 my $pk = Crypt::PK::ECC->new($pub_key_filename);
 my $valid = $pub->verify_hash($signature, $message_hash);



    shared_secret



  # Alice having her priv key $pk and Bobs public key $pkb
  my $pk  = Crypt::PK::ECC->new($priv_key_filename);
  my $pkb = Crypt::PK::ECC->new($pub_key_filename);
  my $shared_secret = $pk->shared_secret($pkb);

  # Bob having his priv key $pk and Alices public key $pka
  my $pk = Crypt::PK::ECC->new($priv_key_filename);
  my $pka = Crypt::PK::ECC->new($pub_key_filename);
  my $shared_secret = $pk->shared_secret($pka);  # same value as computed by Alice



    is_private



 my $rv = $pk->is_private;
 # 1 .. private key loaded
 # 0 .. public key loaded
 # undef .. no key loaded



    size



 my $size = $pk->size;
 # returns key size in bytes or undef if no key loaded



    key2hash



 my $hash = $pk->key2hash;

 # returns hash like this (or undef if no key loaded):
 {
   size           => 20, # integer: key (curve) size in bytes
   type           => 1,  # integer: 1 .. private, 0 .. public
   #curve parameters
   curve_A        => "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
   curve_B        => "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
   curve_bits     => 160,
   curve_bytes    => 20,
   curve_cofactor => 1,
   curve_Gx       => "4A96B5688EF573284664698968C38BB913CBFC82",
   curve_Gy       => "23A628553168947D59DCC912042351377AC5FB32",
   curve_name     => "secp160r1",
   curve_order    => "0100000000000000000001F4C8F927AED3CA752257",
   curve_prime    => "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
   #private key
   k              => "B0EE84A749FE95DF997E33B8F333E12101E824C3",
   #public key point coordinates
   pub_x          => "5AE1ACE3ED0AEA9707CE5C0BCE014F6A2F15023A",
   pub_y          => "895D57E992D0A15F88D6680B27B701F615FCDC0F",
 }



    curve2hash



 my $crv = $pk->curve2hash;

 # returns a hash that can be passed to: $pk->generate_key($crv)
 {
   A        => "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
   B        => "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
   cofactor => 1,
   Gx       => "4A96B5688EF573284664698968C38BB913CBFC82",
   Gy       => "23A628553168947D59DCC912042351377AC5FB32",
   order    => "0100000000000000000001F4C8F927AED3CA752257",
   prime    => "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
 }



FUNCTIONS

    ecc_encrypt

Elliptic Curve Diffie-Hellman (ECDH) encryption as implemented by libtomcrypt. See method encrypt below.



 my $ct = ecc_encrypt($pub_key_filename, $message);
 #or
 my $ct = ecc_encrypt(\$buffer_containing_pub_key, $message);
 #or
 my $ct = ecc_encrypt($pub_key_filename, $message, $hash_name);

 #NOTE: $hash_name can be SHA1 (DEFAULT), SHA256 or any other hash supported by Crypt::Digest



ECCDH Encryption is performed by producing a random key, hashing it, and XOR’ing the digest against the plaintext.

    ecc_decrypt

Elliptic Curve Diffie-Hellman (ECDH) decryption as implemented by libtomcrypt. See method decrypt below.



 my $pt = ecc_decrypt($priv_key_filename, $ciphertext);
 #or
 my $pt = ecc_decrypt(\$buffer_containing_priv_key, $ciphertext);



    ecc_sign_message

Elliptic Curve Digital Signature Algorithm (ECDSA) - signature generation. See method sign_message below.



 my $sig = ecc_sign_message($priv_key_filename, $message);
 #or
 my $sig = ecc_sign_message(\$buffer_containing_priv_key, $message);
 #or
 my $sig = ecc_sign_message($priv_key, $message, $hash_name);



    ecc_verify_message

Elliptic Curve Digital Signature Algorithm (ECDSA) - signature verification. See method verify_message below.



 ecc_verify_message($pub_key_filename, $signature, $message) or die "ERROR";
 #or
 ecc_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR";
 #or
 ecc_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";



    ecc_sign_hash

Elliptic Curve Digital Signature Algorithm (ECDSA) - signature generation. See method sign_hash below.



 my $sig = ecc_sign_hash($priv_key_filename, $message_hash);
 #or
 my $sig = ecc_sign_hash(\$buffer_containing_priv_key, $message_hash);



    ecc_verify_hash

Elliptic Curve Digital Signature Algorithm (ECDSA) - signature verification. See method verify_hash below.



 ecc_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR";
 #or
 ecc_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";



    ecc_shared_secret

Elliptic curve Diffie-Hellman (ECDH) - construct a Diffie-Hellman shared secret with a private and public ECC key. See method shared_secret below.



 #on Alice side
 my $shared_secret = ecc_shared_secret(Alice_priv_ecc1.der, Bob_pub_ecc1.der);

 #on Bob side
 my $shared_secret = ecc_shared_secret(Bob_priv_ecc1.der, Alice_pub_ecc1.der);



OpenSSL interoperability



 ### lets have:
 # ECC private key in PEM format - eckey.priv.pem
 # ECC public key in PEM format  - eckey.pub.pem
 # data file to be signed - input.data



    Sign by OpenSSL, verify by Crypt::PK::ECC

Create signature (from commandline):



 openssl dgst -sha1 -sign eckey.priv.pem -out input.sha1-ec.sig input.data



Verify signature (Perl code):



 use Crypt::PK::ECC;
 use Crypt::Digest digest_file;
 use File::Slurp read_file;

 my $pkec = Crypt::PK::ECC->new("eckey.pub.pem");
 my $signature = read_file("input.sha1-ec.sig", binmode=>:raw);
 my $valid = $pkec->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5");
 print $valid ? "SUCCESS" : "FAILURE";



    Sign by Crypt::PK::ECC, verify by OpenSSL

Create signature (Perl code):



 use Crypt::PK::ECC;
 use Crypt::Digest digest_file;
 use File::Slurp write_file;

 my $pkec = Crypt::PK::ECC->new("eckey.priv.pem");
 my $signature = $pkec->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5");
 write_file("input.sha1-ec.sig", {binmode=>:raw}, $signature);



Verify signature (from commandline):



 openssl dgst -sha1 -verify eckey.pub.pem -signature input.sha1-ec.sig input.data



    Keys generated by Crypt::PK::ECC

Generate keys (Perl code):



 use Crypt::PK::ECC;
 use File::Slurp write_file;

 my $pkec = Crypt::PK::ECC->new;
 $pkec->generate_key(secp160k1);
 write_file("eckey.pub.der",  {binmode=>:raw}, $pkec->export_key_der(public));
 write_file("eckey.priv.der", {binmode=>:raw}, $pkec->export_key_der(private));
 write_file("eckey.pub.pem",  $pkec->export_key_pem(public));
 write_file("eckey.priv.pem", $pkec->export_key_pem(private));
 write_file("eckey-passwd.priv.pem", $pkec->export_key_pem(private, secret));



Use keys by OpenSSL:



 openssl ec -in eckey.priv.der -text -inform der
 openssl ec -in eckey.priv.pem -text
 openssl ec -in eckey-passwd.priv.pem -text -inform pem -passin pass:secret
 openssl ec -in eckey.pub.der -pubin -text -inform der
 openssl ec -in eckey.pub.pem -pubin -text



    Keys generated by OpenSSL

Generate keys:



 openssl ecparam -param_enc explicit -name prime192v3 -genkey -out eckey.priv.pem
 openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.pub.pem -pubout
 openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.priv.der -outform der
 openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.pub.der -outform der -pubout
 openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.privc.der -outform der -conv_form compressed
 openssl ec -param_enc explicit -in eckey.priv.pem -out eckey.pubc.der -outform der -pubout -conv_form compressed
 openssl ec -param_enc explicit -in eckey.priv.pem -passout pass:secret -des3 -out eckey-passwd.priv.pem



Load keys (Perl code):



 use Crypt::PK::ECC;
 use File::Slurp write_file;

 my $pkec = Crypt::PK::ECC->new;
 $pkec->import_key("eckey.pub.der");
 $pkec->import_key("eckey.pubc.der");
 $pkec->import_key("eckey.priv.der");
 $pkec->import_key("eckey.privc.der");
 $pkec->import_key("eckey.pub.pem");
 $pkec->import_key("eckey.priv.pem");
 $pkec->import_key("eckey-passwd.priv.pem", "secret");



SEE ALSO

o <https://en.wikipedia.org/wiki/Elliptic_curve_cryptography>
o <https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman>
o <https://en.wikipedia.org/wiki/ECDSA>
Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 CRYPT::PK::ECC (3) 2016-01-25

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.