ballerina/crypto

Overview

This module provides common cryptographic mechanisms based on different algorithms.

The Ballerina crypto module facilitates APIs to do operations like hashing, HMAC generation, checksum generation, encryption, decryption, signing data digitally, verifying digitally signed data, etc., with different cryptographic algorithms.

Hashes

The crypto module supports generating hashes with 5 different hash algorithms MD5, SHA1, SHA256, SHA384, and SHA512. Also, it supports generating the CRC32B checksum.

HMAC

The crypto module supports generating HMAC with 5 different hash algorithms: MD5, SHA1, SHA256, SHA384, and SHA512.

Decode Private/Public Key

The crypto module supports decoding the RSA private key from a .p12 file and a key file in the PEM format. Also, it supports decoding a public key from a .p12 file and a certificate file in the X509 format. Additionally, this supports building an RSA public key with the modulus and exponent parameters.

Encrypt and Decrypt

The crypto module supports both symmetric key encryption/decryption and asymmetric key encryption/decryption. The RSA algorithm can be used for symmetric-key encryption/decryption with the use of private and public keys. The AES algorithm can be used for asymmetric-key encryption/decryption with the use of a shared key.

Sign and Verify

The crypto module supports signing data using the RSA private key and verification of the signature using the RSA public key. This supports MD5, SHA1, SHA256, SHA384, and SHA512 digesting algorithms as well.

Functions

[34]

buildRsaPublicKey

Builds the RSA public key from the given modulus and exponent parameters.

crc32b

Returns the Hex-encoded CRC32B value for the given data.

decodeRsaPrivateKeyFromKeyFile

Decodes the RSA private key from the given private key and private key password.

decodeRsaPrivateKeyFromKeyStore

Decodes the RSA private key from the given PKCS#12 archive file.

decodeRsaPublicKeyFromCertFile

Decodes the RSA public key from the given public certificate file.

decodeRsaPublicKeyFromTrustStore

Decodes the RSA public key from the given PKCS#12 archive file.

decryptAesCbc

Returns the AES-CBC-decrypted value for the given AES-CBC-encrypted data.

decryptAesEcb

Returns the AES-ECB-decrypted value for the given AES-ECB-encrypted data.

decryptAesGcm

Returns the AES-GCM-decrypted value for the given AES-GCM-encrypted data.

decryptRsaEcb

Returns the RSA-decrypted value for the given RSA-encrypted data.

encryptAesCbc

Returns the AES-CBC-encrypted value for the given data.

encryptAesEcb

Returns the AES-ECB-encrypted value for the given data.

encryptAesGcm

Returns the AES-GCM-encrypted value for the given data.

encryptRsaEcb

Returns the RSA-encrypted value for the given data.

hashMd5

Returns the MD5 hash of the given data.

hashSha1

Returns the SHA-1 hash of the given data.

hashSha256

Returns the SHA-256 hash of the given data.

hashSha384

Returns the SHA-384 hash of the given data.

hashSha512

Returns the SHA-512 hash of the given data.

hmacMd5

Returns the HMAC using the MD5 hash function of the given data.

hmacSha1

Returns the HMAC using the SHA-1 hash function of the given data.

hmacSha256

Returns the HMAC using the SHA-256 hash function of the given data.

hmacSha384

Returns the HMAC using the SHA-384 hash function of the given data.

hmacSha512

Returns the HMAC using the SHA-512 hash function of the given data.

signRsaMd5

Returns the RSA-MD5 based signature value for the given data.

signRsaSha1

Returns the RSA-SHA1 based signature value for the given data.

signRsaSha256

Returns the RSA-SHA256 based signature value for the given data.

signRsaSha384

Returns the RSA-SHA384 based signature value for the given data.

signRsaSha512

Returns the RSA-SHA512 based signature value for the given data.

verifyRsaMd5Signature

Verifies the RSA-MD5 based signature.

verifyRsaSha1Signature

Verifies the RSA-SHA1 based signature.

verifyRsaSha256Signature

Verifies the RSA-SHA256 based signature.

verifyRsaSha384Signature

Verifies the RSA-SHA384 based signature.

verifyRsaSha512Signature

Verifies the RSA-SHA512 based signature.

Records

[5]

Certificate

Represents the X509 public key certificate information.

KeyStore

Represents the keystore-related configurations.

PrivateKey

Represents the private key used in cryptographic operations.

PublicKey

Represents the public key used in cryptographic operations.

TrustStore

Represents the truststore-related configurations.

Constants

[9]

NONE

No padding.

OAEPwithMD5andMGF1

The OAEPwithMD5andMGF1 padding mode.

OAEPWithSHA1AndMGF1

The OAEPWithSHA1AndMGF1 padding mode.

OAEPWithSHA256AndMGF1

The OAEPWithSHA256AndMGF1 padding mode.

OAEPwithSHA384andMGF1

The OAEPwithSHA384andMGF1 padding mode.

OAEPwithSHA512andMGF1

The OAEPwithSHA512andMGF1 padding mode.

PKCS1

The PKCS1 padding mode.

PKCS5

The PKCS5 padding mode.

RSA

The RSA algorithm.

Types

[3]

AesPadding

Represents the padding algorithms supported by AES encryption and decryption.

KeyAlgorithm

Represents the supported key algorithms.

RsaPadding

Represents the padding algorithms supported with RSA encryption and decryption.

Errors

[1]

Error

Represents the error type of the module.