The RSA module implements RSA public-key cryptography. Public-key cryptography is asymmetric: two distinct keys are used for encrypting a message, then decrypting it. Moreover, while one of the keys must remain secret, the other can be made public, since it is computationally very hard to reconstruct the private key from the public key. This feature supports both public-key encryption (anyone can encode with the public key, but only the owner of the private key can decrypt) and digital signature (only the owner of the private key can sign, but anyone can check the signature with the public key).
type key = {size : int;Size of the modulus n, in bits
n : string;Modulus n = p.q
e : string;Public exponent e
d : string;Private exponent d
p : string;Prime factor p of n
q : string;The other prime factor q of n
dp : string;dp is d mod (p-1)
dq : string;dq is d mod (q-1)
qinv : string;qinv is a multiplicative inverse of q modulo p
}The type of RSA keys. Components size, n and e define the public part of the key. Components size, n and d define the private part of the key. To speed up private key operations through the use of the Chinese remainder theorem (CRT), additional components p, q, dp, dq and qinv are provided. These are part of the private key.
val wipe_key : key -> unitErase all components of a RSA key.
val new_key : ?rng:Random.rng -> ?e:int -> int -> keyGenerate a new, random RSA key. The non-optional int argument is the desired size for the modulus, in bits (e.g. 2048). The optional rng argument specifies a random number generator to use for generating the key; it defaults to Cryptokit.Random.secure_rng. The optional e argument specifies the public exponent desired. If not specified, e is chosen randomly. Small values of e such as e = 65537 significantly speeds up encryption and signature checking compared with a random e. Very small values of e such as e = 3 can weaken security and are best avoided. The result of new_key is a complete RSA key with all components defined: public, private, and private for use with the CRT.
val encrypt : key -> string -> stringencrypt k msg encrypts the string msg with the public part of key k (components n and e). msg must be smaller than key.n when both strings are viewed as natural numbers in big-endian notation. In practice, msg should be of length key.size / 8 - 1, using padding if necessary. If you need to encrypt longer plaintexts using RSA, encrypt them with a symmetric cipher, using a randomly-generated key, and encrypt only that key with RSA.
val decrypt : key -> string -> stringdecrypt k msg decrypts the ciphertext string msg with the private part of key k (components n and d). The size of msg is limited as described for Cryptokit.RSA.encrypt.
val decrypt_CRT : key -> string -> stringdecrypt_CRT k msg decrypts the ciphertext string msg with the CRT private part of key k (components n, p, q, dp, dq and qinv). The use of the Chinese remainder theorem (CRT) allows significantly faster decryption than Cryptokit.RSA.decrypt, at no loss in security. The size of msg is limited as described for Cryptokit.RSA.encrypt.
val sign : key -> string -> stringsign k msg encrypts the plaintext string msg with the private part of key k (components n and d), thus performing a digital signature on msg. The size of msg is limited as described for Cryptokit.RSA.encrypt. If you need to sign longer messages, compute a cryptographic hash of the message and sign only the hash with RSA.
val sign_CRT : key -> string -> stringsign_CRT k msg encrypts the plaintext string msg with the CRT private part of key k (components n, p, q, dp, dq and qinv), thus performing a digital signature on msg. The use of the Chinese remainder theorem (CRT) allows significantly faster signature than Cryptokit.RSA.sign, at no loss in security. The size of msg is limited as described for Cryptokit.RSA.encrypt.
val unwrap_signature : key -> string -> stringunwrap_signature k msg decrypts the ciphertext string msg with the public part of key k (components n and d), thus extracting the plaintext that was signed by the sender. The size of msg is limited as described for Cryptokit.RSA.encrypt.