module Rsa:sig
..end
Keys are taken to be trusted material, and their properties are not checked.
Messages are checked not to exceed the key size, and this is signalled via exceptions.
Private-key operations are optionally protected through RSA blinding.
exception Insufficient_key
It is additionally raised if the message is 0
and the mode does not
involve padding.
type
pub = {
|
e : |
(* |
Public exponent
| *) |
|
n : |
(* |
Modulus
| *) |
Sexplib
convertible.
type
priv = {
|
e : |
(* |
Public exponent
| *) |
|
d : |
(* |
Private exponent
| *) |
|
n : |
(* |
Modulus
| *) |
|
p : |
(* |
Prime factor
p | *) |
|
q : |
(* |
Prime factor
q | *) |
|
dp : |
(* | d mod (p-1) | *) |
|
dq : |
(* | d mod (q-1) | *) |
|
q' : |
(* | q^(-1) mod p | *) |
Sexplib
convertible.
typemask =
[ `No | `Yes | `Yes_with of Nocrypto.Rng.g ]
val pub_bits : pub -> int
val priv_bits : priv -> int
val priv_of_primes : e:Z.t -> p:Z.t -> q:Z.t -> priv
priv_of_primes e p q
creates priv from a minimal description:
the public exponent and the two primes.val pub_of_priv : priv -> pub
val encrypt : key:pub -> Cstruct.t -> Cstruct.t
val decrypt : ?mask:mask -> key:priv -> Cstruct.t -> Cstruct.t
decrypt mask key ciphertext
is the decrypted ciphertext
, left-padded
with 0x00
up to key
size.Insufficient_key
(see Insufficient_key)val generate : ?g:Nocrypto.Rng.g -> ?e:Z.t -> int -> priv
generate g e bits
is a new priv. e
defaults to 2^16+1
.Invalid_argument
if e
is bad or bits
is too small.module PKCS1:sig
..end
module OAEP:
module PSS: