ballerina/crypto

2.2.2

Overview

This module provides common cryptographic mechanisms based on different algorithms.

The Ballerina crypto module facilitates APIs to do operations like hashing, HMAC generation, checksum generation, encryption, decryption, signing data digitally, verifying digitally signed data, etc., with different cryptographic algorithms.

Hashes

The crypto module supports generating hashes with 5 different hash algorithms MD5, SHA1, SHA256, SHA384, and SHA512. Also, it supports generating the CRC32B checksum.

HMAC

The crypto module supports generating HMAC with 5 different hash algorithms: MD5, SHA1, SHA256, SHA384, and SHA512.

Decode private/public key

The crypto module supports decoding the RSA private key from a .p12 file and a key file in the PEM format. Also, it supports decoding a public key from a .p12 file and a certificate file in the X509 format. Additionally, this supports building an RSA public key with the modulus and exponent parameters.

Encrypt and decrypt

The crypto module supports both symmetric key encryption/decryption and asymmetric key encryption/decryption. The RSA algorithm can be used for asymmetric-key encryption/decryption with the use of private and public keys. The AES algorithm can be used for symmetric-key encryption/decryption with the use of a shared key.

Sign and verify

The crypto module supports signing data using the RSA private key and verification of the signature using the RSA public key. This supports MD5, SHA1, SHA256, SHA384, and SHA512 digesting algorithms as well.

Functions

buildRsaPublicKey

Isolated Function

function buildRsaPublicKey(string modulus, string exponent) returns PublicKey|Error

Builds the RSA public key from the given modulus and exponent parameters.

Parameters

modulus string - Modulus value ('n' parameter) for the RSA public key

exponent string - Exponent value ('e' paramenter) for the RSA public key

Return Type

PublicKey|Error - Reference to the public key or else a crypto:Error if the modulus or exponent is invalid

crc32b

Isolated Function

function crc32b(byte[] input) returns string

Returns the Hex-encoded CRC32B value for the given data.

Parameters

input byte[] - Value for checksum generation

Return Type

string - The generated checksum

decodeRsaPrivateKeyFromKeyFile

Isolated Function

function decodeRsaPrivateKeyFromKeyFile(string keyFile, string? keyPassword) returns PrivateKey|Error

Decodes the RSA private key from the given private key and private key password.

Parameters

keyFile string - Path to the key file

keyPassword string? (default ()) - Password of the key file if it is encrypted

Return Type

PrivateKey|Error - Reference to the private key or else a crypto:Error if the private key was unreadable

decodeRsaPrivateKeyFromKeyStore

Isolated Function

function decodeRsaPrivateKeyFromKeyStore(KeyStore keyStore, string keyAlias, string keyPassword) returns PrivateKey|Error

Decodes the RSA private key from the given PKCS#12 archive file.

Parameters

keyStore KeyStore - KeyStore configurations

keyAlias string - Key alias

keyPassword string - Key password

Return Type

PrivateKey|Error - Reference to the private key or else a crypto:Error if the private key was unreadable

decodeRsaPublicKeyFromCertFile

Isolated Function

function decodeRsaPublicKeyFromCertFile(string certFile) returns PublicKey|Error

Decodes the RSA public key from the given public certificate file.

Parameters

certFile string - Path to the ceritificate file

Return Type

PublicKey|Error - Reference to the public key or else a crypto:Error if the public key was unreadable

decodeRsaPublicKeyFromTrustStore

Isolated Function

function decodeRsaPublicKeyFromTrustStore(TrustStore trustStore, string keyAlias) returns PublicKey|Error

Decodes the RSA public key from the given PKCS#12 archive file.

Parameters

trustStore TrustStore - TrustStore configurations

keyAlias string - Key alias

Return Type

PublicKey|Error - Reference to the public key or else a crypto:Error if the public key was unreadable

decryptAesCbc

Isolated Function

function decryptAesCbc(byte[] input, byte[] key, byte[] iv, AesPadding padding) returns byte[]|Error

Returns the AES-CBC-decrypted value for the given AES-CBC-encrypted data.

Parameters

input byte[] - The content to be decrypted

key byte[] - Encryption key

iv byte[] - Initialization vector

padding AesPadding (default PKCS5) - The padding algorithm

Return Type

byte[]|Error - Decrypted data or else a crypto:Error if the key is invalid

decryptAesEcb

Isolated Function

function decryptAesEcb(byte[] input, byte[] key, AesPadding padding) returns byte[]|Error

Returns the AES-ECB-decrypted value for the given AES-ECB-encrypted data.

Parameters

input byte[] - The content to be decrypted

key byte[] - Encryption key

padding AesPadding (default PKCS5) - The padding algorithm

Return Type

byte[]|Error - Decrypted data or else a crypto:Error if the key is invalid

decryptAesGcm

Isolated Function

function decryptAesGcm(byte[] input, byte[] key, byte[] iv, AesPadding padding, int tagSize) returns byte[]|Error

Returns the AES-GCM-decrypted value for the given AES-GCM-encrypted data.

Parameters

input byte[] - The content to be decrypted

key byte[] - Encryption key

iv byte[] - Initialization vector

padding AesPadding (default PKCS5) - The padding algorithm

tagSize int (default 128) - Tag size

Return Type

byte[]|Error - Decrypted data or else a crypto:Error if the key is invalid

decryptRsaEcb

Isolated Function

function decryptRsaEcb(byte[] input, PrivateKey|PublicKey key, RsaPadding padding) returns byte[]|Error

Returns the RSA-decrypted value for the given RSA-encrypted data.

Parameters

input byte[] - The content to be decrypted

key PrivateKey|PublicKey - Private or public key used for encryption

padding RsaPadding (default PKCS1) - The padding algorithm

Return Type

byte[]|Error - Decrypted data or else a crypto:Error if the key is invalid

encryptAesCbc

Isolated Function

function encryptAesCbc(byte[] input, byte[] key, byte[] iv, AesPadding padding) returns byte[]|Error

Returns the AES-CBC-encrypted value for the given data.

Parameters

input byte[] - The content to be encrypted

key byte[] - Encryption key

iv byte[] - Initialization vector

padding AesPadding (default PKCS5) - The padding algorithm

Return Type

byte[]|Error - Encrypted data or else a crypto:Error if the key is invalid

encryptAesEcb

Isolated Function

function encryptAesEcb(byte[] input, byte[] key, AesPadding padding) returns byte[]|Error

Returns the AES-ECB-encrypted value for the given data.

Parameters

input byte[] - The content to be encrypted

key byte[] - Encryption key

padding AesPadding (default PKCS5) - The padding algorithm

Return Type

byte[]|Error - Encrypted data or else a crypto:Error if the key is invalid

encryptAesGcm

Isolated Function

function encryptAesGcm(byte[] input, byte[] key, byte[] iv, AesPadding padding, int tagSize) returns byte[]|Error

Returns the AES-GCM-encrypted value for the given data.

Parameters

input byte[] - The content to be encrypted

key byte[] - Encryption key

iv byte[] - Initialization vector

padding AesPadding (default PKCS5) - The padding algorithm

tagSize int (default 128) - Tag size

Return Type

byte[]|Error - Encrypted data or else a crypto:Error if the key is invalid

encryptRsaEcb

Isolated Function

function encryptRsaEcb(byte[] input, PrivateKey|PublicKey key, RsaPadding padding) returns byte[]|Error

Returns the RSA-encrypted value for the given data.

Parameters

input byte[] - The content to be encrypted

key PrivateKey|PublicKey - Private or public key used for encryption

padding RsaPadding (default PKCS1) - The padding algorithm

Return Type

byte[]|Error - Encrypted data or else a crypto:Error if the key is invalid

hashMd5

Isolated Function

function hashMd5(byte[] input, byte[]? salt) returns byte[]

Returns the MD5 hash of the given data.

Parameters

input byte[] - Value to be hashed

salt byte[]? (default ()) - Salt to be added

Return Type

byte[] - Hashed output

hashSha1

Isolated Function

function hashSha1(byte[] input, byte[]? salt) returns byte[]

Returns the SHA-1 hash of the given data.

Parameters

input byte[] - Value to be hashed

salt byte[]? (default ()) - Salt to be added

Return Type

byte[] - Hashed output

hashSha256

Isolated Function

function hashSha256(byte[] input, byte[]? salt) returns byte[]

Returns the SHA-256 hash of the given data.

Parameters

input byte[] - Value to be hashed

salt byte[]? (default ()) - Salt to be added

Return Type

byte[] - Hashed output

hashSha384

Isolated Function

function hashSha384(byte[] input, byte[]? salt) returns byte[]

Returns the SHA-384 hash of the given data.

Parameters

input byte[] - Value to be hashed

salt byte[]? (default ()) - Salt to be added

Return Type

byte[] - Hashed output

hashSha512

Isolated Function

function hashSha512(byte[] input, byte[]? salt) returns byte[]

Returns the SHA-512 hash of the given data.

Parameters

input byte[] - Value to be hashed

salt byte[]? (default ()) - Salt to be added

Return Type

byte[] - Hashed output

hmacMd5

Isolated Function

function hmacMd5(byte[] input, byte[] key) returns byte[]|Error

Returns the HMAC using the MD5 hash function of the given data.

Parameters

input byte[] - Value to be hashed

key byte[] - Key used for HMAC generation

Return Type

byte[]|Error - The HMAC output or a crypto:Error if an error occurred

hmacSha1

Isolated Function

function hmacSha1(byte[] input, byte[] key) returns byte[]|Error

Returns the HMAC using the SHA-1 hash function of the given data.

Parameters

input byte[] - Value to be hashed

key byte[] - Key used for HMAC generation

Return Type

byte[]|Error - The HMAC output or a crypto:Error if an error occurred

hmacSha256

Isolated Function

function hmacSha256(byte[] input, byte[] key) returns byte[]|Error

Returns the HMAC using the SHA-256 hash function of the given data.

Parameters

input byte[] - Value to be hashed

key byte[] - Key used for HMAC generation

Return Type

byte[]|Error - The HMAC output or a crypto:Error if an error occurred

hmacSha384

Isolated Function

function hmacSha384(byte[] input, byte[] key) returns byte[]|Error

Returns the HMAC using the SHA-384 hash function of the given data.

Parameters

input byte[] - Value to be hashed

key byte[] - Key used for HMAC generation

Return Type

byte[]|Error - The HMAC output or a crypto:Error if an error occurred

hmacSha512

Isolated Function

function hmacSha512(byte[] input, byte[] key) returns byte[]|Error

Returns the HMAC using the SHA-512 hash function of the given data.

Parameters

input byte[] - Value to be hashed

key byte[] - Key used for HMAC generation

Return Type

byte[]|Error - The HMAC output or a crypto:Error if an error occurred

signRsaMd5

Isolated Function

function signRsaMd5(byte[] input, PrivateKey privateKey) returns byte[]|Error

Returns the RSA-MD5 based signature value for the given data.

Parameters

input byte[] - The content to be signed

privateKey PrivateKey - Private key used for signing

Return Type

byte[]|Error - The generated signature or else a crypto:Error if the private key is invalid

signRsaSha1

Isolated Function

function signRsaSha1(byte[] input, PrivateKey privateKey) returns byte[]|Error

Returns the RSA-SHA1 based signature value for the given data.

Parameters

input byte[] - The content to be signed

privateKey PrivateKey - Private key used for signing

Return Type

byte[]|Error - The generated signature or else a crypto:Error if the private key is invalid

signRsaSha256

Isolated Function

function signRsaSha256(byte[] input, PrivateKey privateKey) returns byte[]|Error

Returns the RSA-SHA256 based signature value for the given data.

Parameters

input byte[] - The content to be signed

privateKey PrivateKey - Private key used for signing

Return Type

byte[]|Error - The generated signature or else a crypto:Error if the private key is invalid

signRsaSha384

Isolated Function

function signRsaSha384(byte[] input, PrivateKey privateKey) returns byte[]|Error

Returns the RSA-SHA384 based signature value for the given data.

Parameters

input byte[] - The content to be signed

privateKey PrivateKey - Private key used for signing

Return Type

byte[]|Error - The generated signature or else a crypto:Error if the private key is invalid

signRsaSha512

Isolated Function

function signRsaSha512(byte[] input, PrivateKey privateKey) returns byte[]|Error

Returns the RSA-SHA512 based signature value for the given data.

Parameters

input byte[] - The content to be signed

privateKey PrivateKey - Private key used for signing

Return Type

byte[]|Error - The generated signature or else a crypto:Error if the private key is invalid

verifyRsaMd5Signature

Isolated Function

function verifyRsaMd5Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error

Verifies the RSA-MD5 based signature.

Parameters

data byte[] - The content to be verified

signature byte[] - Signature value

publicKey PublicKey - Public key used for verification

Return Type

boolean|Error - Validity of the signature or else a crypto:Error if the public key is invalid

verifyRsaSha1Signature

Isolated Function

function verifyRsaSha1Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error

Verifies the RSA-SHA1 based signature.

Parameters

data byte[] - The content to be verified

signature byte[] - Signature value

publicKey PublicKey - Public key used for verification

Return Type

boolean|Error - Validity of the signature or else a crypto:Error if the public key is invalid

verifyRsaSha256Signature

Isolated Function

function verifyRsaSha256Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error

Verifies the RSA-SHA256 based signature.

Parameters

data byte[] - The content to be verified

signature byte[] - Signature value

publicKey PublicKey - Public key used for verification

Return Type

boolean|Error - Validity of the signature or else a crypto:Error if the public key is invalid

verifyRsaSha384Signature

Isolated Function

function verifyRsaSha384Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error

Verifies the RSA-SHA384 based signature.

Parameters

data byte[] - The content to be verified

signature byte[] - Signature value

publicKey PublicKey - Public key used for verification

Return Type

boolean|Error - Validity of the signature or else a crypto:Error if the public key is invalid

verifyRsaSha512Signature

Isolated Function

function verifyRsaSha512Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error

Verifies the RSA-SHA512 based signature.

Parameters

data byte[] - The content to be verified

signature byte[] - Signature value

publicKey PublicKey - Public key used for verification

Return Type

boolean|Error - Validity of the signature or else a crypto:Error if the public key is invalid

Records

crypto: Certificate

Closed record

Represents the X509 public key certificate information.

Fields

version0 int - Version number

serial int - Serial number

issuer string - Issuer name

subject string - Subject name

notBefore Utc - Not before validity period of certificate

notAfter Utc - Not after validity period of certificate

signature byte[] - Raw signature bits

signingAlgorithm string - Signature algorithm

crypto: KeyStore

Closed record

Represents the KeyStore-related configurations.

Fields

path string - Path to the KeyStore file

password string - KeyStore password

crypto: PrivateKey

Closed record

Represents the private key used in cryptographic operations.

Fields

algorithm KeyAlgorithm - Key algorithm

crypto: PublicKey

Closed record

Represents the public key used in cryptographic operations.

Fields

algorithm KeyAlgorithm - Key algorithm

certificate Certificate? - Public key certificate

crypto: TrustStore

Closed record

Represents the truststore-related configurations.

Fields

path string - Path to the TrustStore file

password string - TrustStore password

Constants

crypto: NONE

string "NONE"

No padding.

crypto: OAEPwithMD5andMGF1

string "OAEPwithMD5andMGF1"

The OAEPwithMD5andMGF1 padding mode.

crypto: OAEPWithSHA1AndMGF1

string "OAEPWithSHA1AndMGF1"

The OAEPWithSHA1AndMGF1 padding mode.

crypto: OAEPWithSHA256AndMGF1

string "OAEPWithSHA256AndMGF1"

The OAEPWithSHA256AndMGF1 padding mode.

crypto: OAEPwithSHA384andMGF1

string "OAEPwithSHA384andMGF1"

The OAEPwithSHA384andMGF1 padding mode.

crypto: OAEPwithSHA512andMGF1

string "OAEPwithSHA512andMGF1"

The OAEPwithSHA512andMGF1 padding mode.

crypto: PKCS1

string "PKCS1"

The PKCS1 padding mode.

crypto: PKCS5

string "PKCS5"

The PKCS5 padding mode.

crypto: RSA

string "RSA"

The RSA algorithm.

Types

crypto: AesPadding

NONE|PKCS5

Represents the padding algorithms supported by AES encryption and decryption.

crypto: KeyAlgorithm

RSA

Represents the supported key algorithms.

crypto: RsaPadding

Represents the padding algorithms supported with RSA encryption and decryption.

Errors

crypto: Error

Distinct

Represents the error type of the module.

Other versions

2.3.1 2.3.0

2.2.2

2.2.1 2.2.0

Cookie policy

functions

records

constants

types

errors

ballerina/crypto

Overview

Hashes

HMAC

Decode private/public key

Encrypt and decrypt

Sign and verify

Functions

buildRsaPublicKey

Parameters

Return Type

crc32b

Parameters

Return Type

decodeRsaPrivateKeyFromKeyFile

Parameters

Return Type

decodeRsaPrivateKeyFromKeyStore

Parameters

Return Type

decodeRsaPublicKeyFromCertFile

Parameters

Return Type

decodeRsaPublicKeyFromTrustStore

Parameters

Return Type

decryptAesCbc

Parameters

Return Type

decryptAesEcb

Parameters

Return Type

decryptAesGcm

Parameters

Return Type

decryptRsaEcb

Parameters

Return Type

encryptAesCbc

Parameters

Return Type

encryptAesEcb

Parameters

Return Type

encryptAesGcm

Parameters

Return Type

encryptRsaEcb

Parameters

Return Type

hashMd5

Parameters

Return Type

hashSha1

Parameters

Return Type

hashSha256

Parameters

Return Type

hashSha384

Parameters

Return Type

hashSha512

Parameters

Return Type

hmacMd5

Parameters

Return Type

hmacSha1

Parameters

Return Type

hmacSha256

Parameters

Return Type

hmacSha384