crypto
Module crypto
API
Declarations
ballerina/crypto Ballerina library
Overview
This module provides common cryptographic mechanisms based on different algorithms.
The Ballerina crypto
module facilitates APIs to do operations like hashing, HMAC generation, checksum generation, encryption, decryption, signing data digitally, verifying digitally signed data, etc., with different cryptographic algorithms.
Hashes
The crypto
module supports generating hashes with 5 different hash algorithms MD5, SHA1, SHA256, SHA384, and SHA512. Also, it supports generating the CRC32B checksum.
HMAC
The crypto
module supports generating HMAC with 5 different hash algorithms: MD5, SHA1, SHA256, SHA384, and SHA512.
Decode private/public key
The crypto
module supports decoding the RSA private key from a .p12
file and a key file in the PEM
format. Also, it supports decoding a public key from a .p12
file and a certificate file in the X509
format. Additionally, this supports building an RSA public key with the modulus and exponent parameters.
Encrypt and decrypt
The crypto
module supports both symmetric key encryption/decryption and asymmetric key encryption/decryption. The RSA algorithm can be used for asymmetric-key encryption/decryption with the use of private and public keys. The AES algorithm can be used for symmetric-key encryption/decryption with the use of a shared key.
Sign and verify
The crypto
module supports signing data using the RSA private key and verification of the signature using the RSA public key. This supports MD5, SHA1, SHA256, SHA384, and SHA512 digesting algorithms as well.
Functions
buildRsaPublicKey
Builds the RSA public key from the given modulus and exponent parameters.
string modulus = "luZFdW1ynitztkWLC6xKegbRWxky..."; string exponent = "AQAB"; crypto:PublicKey publicKey = check crypto:buildRsaPublicKey(modulus, exponent);
crc32b
function crc32b(byte[] input) returns string
Returns the Hex-encoded CRC32B value for the given data.
string stringData = "Hello Ballerina"; byte[] data = stringData.toBytes(); string checksum = crypto:crc32b(data);
Parameters
- input byte[] - Value for checksum generation
Return Type
- string - The generated checksum
decodeEcPrivateKeyFromKeyFile
function decodeEcPrivateKeyFromKeyFile(string keyFile, string? keyPassword) returns PrivateKey|Error
Decodes the EC private key from the given private key and private key password.
string keyFile = "/path/to/private.key"; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyFile(keyFile, "keyPassword");
Parameters
- keyFile string - Path to the key file
- keyPassword string? (default ()) - Password of the key file if it is encrypted
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Error
if the private key was unreadable
decodeEcPrivateKeyFromKeyStore
function decodeEcPrivateKeyFromKeyStore(KeyStore keyStore, string keyAlias, string keyPassword) returns PrivateKey|Error
Decodes the EC private key from the given PKCS#12 archive file.
crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword");
Parameters
- keyStore KeyStore - KeyStore configurations
- keyAlias string - Key alias
- keyPassword string - Key password
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Error
if the private key was unreadable
decodeEcPublicKeyFromCertFile
Decodes the EC public key from the given public certificate file.
string certFile = "/path/to/public.cert"; crypto:PublicKey publicKey = check crypto:decodeEcPublicKeyFromCertFile(certFile);
Parameters
- certFile string - Path to the certificate file
decodeEcPublicKeyFromTrustStore
function decodeEcPublicKeyFromTrustStore(TrustStore trustStore, string keyAlias) returns PublicKey|Error
Decodes the EC public key from the given PKCS#12 archive file.
crypto:TrustStore trustStore = { path: "/path/tp/truststore.p12", password: "truststorePassword" }; crypto:PublicKey publicKey = check crypto:decodeEcPublicKeyFromTrustStore(trustStore, "keyAlias");
decodeRsaPrivateKeyFromKeyFile
function decodeRsaPrivateKeyFromKeyFile(string keyFile, string? keyPassword) returns PrivateKey|Error
Decodes the RSA private key from the given private key and private key password.
string keyFile = "/path/to/private.key"; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyFile(keyFile, "keyPassword");
Parameters
- keyFile string - Path to the key file
- keyPassword string? (default ()) - Password of the key file if it is encrypted
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Error
if the private key was unreadable
decodeRsaPrivateKeyFromKeyStore
function decodeRsaPrivateKeyFromKeyStore(KeyStore keyStore, string keyAlias, string keyPassword) returns PrivateKey|Error
Decodes the RSA private key from the given PKCS#12 archive file.
crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword");
Parameters
- keyStore KeyStore - KeyStore configurations
- keyAlias string - Key alias
- keyPassword string - Key password
Return Type
- PrivateKey|Error - Reference to the private key or else a
crypto:Error
if the private key was unreadable
decodeRsaPublicKeyFromCertFile
Decodes the RSA public key from the given public certificate file.
string certFile = "/path/to/public.cert"; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromCertFile(certFile);
Parameters
- certFile string - Path to the certificate file
decodeRsaPublicKeyFromTrustStore
function decodeRsaPublicKeyFromTrustStore(TrustStore trustStore, string keyAlias) returns PublicKey|Error
Decodes the RSA public key from the given PKCS#12 archive file.
crypto:TrustStore trustStore = { path: "/path/tp/truststore.p12", password: "truststorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(trustStore, "keyAlias");
decryptAesCbc
function decryptAesCbc(byte[] input, byte[] key, byte[] iv, AesPadding padding) returns byte[]|Error
Returns the AES-CBC-decrypted value for the given AES-CBC-encrypted data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255)); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = <byte>(check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesCbc(data, key, initialVector); byte[] plainText = check crypto:decryptAesCbc(cipherText, key, initialVector);
Parameters
- input byte[] - The content to be decrypted
- key byte[] - Encryption key
- iv byte[] - Initialization vector
- padding AesPadding (default PKCS5) - The padding algorithm
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Error
if the key is invalid
decryptAesEcb
function decryptAesEcb(byte[] input, byte[] key, AesPadding padding) returns byte[]|Error
Returns the AES-ECB-decrypted value for the given AES-ECB-encrypted data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesEcb(data, key); byte[] plainText = check crypto:decryptAesEcb(cipherText, key);
Parameters
- input byte[] - The content to be decrypted
- key byte[] - Encryption key
- padding AesPadding (default PKCS5) - The padding algorithm
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Error
if the key is invalid
decryptAesGcm
function decryptAesGcm(byte[] input, byte[] key, byte[] iv, AesPadding padding, int tagSize) returns byte[]|Error
Returns the AES-GCM-decrypted value for the given AES-GCM-encrypted data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255)); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = <byte>(check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesGcm(data, key, initialVector); byte[] plainText = check crypto:decryptAesGcm(cipherText, key, initialVector);
Parameters
- input byte[] - The content to be decrypted
- key byte[] - Encryption key
- iv byte[] - Initialization vector
- padding AesPadding (default PKCS5) - The padding algorithm
- tagSize int (default 128) - Tag size
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Error
if the key is invalid
decryptRsaEcb
function decryptRsaEcb(byte[] input, PrivateKey|PublicKey key, RsaPadding padding) returns byte[]|Error
Returns the RSA-decrypted value for the given RSA-encrypted data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] cipherText = check crypto:encryptRsaEcb(data, publicKey); byte[] plainText = check crypto:decryptRsaEcb(cipherText, privateKey);
Parameters
- input byte[] - The content to be decrypted
- key PrivateKey|PublicKey - Private or public key used for encryption
- padding RsaPadding (default PKCS1) - The padding algorithm
Return Type
- byte[]|Error - Decrypted data or else a
crypto:Error
if the key is invalid
encryptAesCbc
function encryptAesCbc(byte[] input, byte[] key, byte[] iv, AesPadding padding) returns byte[]|Error
Returns the AES-CBC-encrypted value for the given data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255)); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = <byte>(check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesCbc(data, key, initialVector);
Parameters
- input byte[] - The content to be encrypted
- key byte[] - Encryption key
- iv byte[] - Initialization vector
- padding AesPadding (default PKCS5) - The padding algorithm
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Error
if the key is invalid
encryptAesEcb
function encryptAesEcb(byte[] input, byte[] key, AesPadding padding) returns byte[]|Error
Returns the AES-ECB-encrypted value for the given data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesEcb(data, key);
Parameters
- input byte[] - The content to be encrypted
- key byte[] - Encryption key
- padding AesPadding (default PKCS5) - The padding algorithm
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Error
if the key is invalid
encryptAesGcm
function encryptAesGcm(byte[] input, byte[] key, byte[] iv, AesPadding padding, int tagSize) returns byte[]|Error
Returns the AES-GCM-encrypted value for the given data.
string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = <byte>(check random:createIntInRange(0, 255)); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = <byte>(check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesGcm(data, key, initialVector);
Parameters
- input byte[] - The content to be encrypted
- key byte[] - Encryption key
- iv byte[] - Initialization vector
- padding AesPadding (default NONE) - The padding algorithm
- tagSize int (default 128) - Tag size
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Error
if the key is invalid
encryptRsaEcb
function encryptRsaEcb(byte[] input, PrivateKey|PublicKey key, RsaPadding padding) returns byte[]|Error
Returns the RSA-encrypted value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); byte[] cipherText = check crypto:encryptRsaEcb(data, publicKey);
Parameters
- input byte[] - The content to be encrypted
- key PrivateKey|PublicKey - Private or public key used for encryption
- padding RsaPadding (default PKCS1) - The padding algorithm
Return Type
- byte[]|Error - Encrypted data or else a
crypto:Error
if the key is invalid
hashMd5
function hashMd5(byte[] input, byte[]? salt) returns byte[]
Returns the MD5 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashMd5(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hashSha1
function hashSha1(byte[] input, byte[]? salt) returns byte[]
Returns the SHA-1 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashSha1(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hashSha256
function hashSha256(byte[] input, byte[]? salt) returns byte[]
Returns the SHA-256 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashSha256(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hashSha384
function hashSha384(byte[] input, byte[]? salt) returns byte[]
Returns the SHA-384 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashSha384(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hashSha512
function hashSha512(byte[] input, byte[]? salt) returns byte[]
Returns the SHA-512 hash of the given data.
string dataString = "Hello Ballerina"; byte[] data = dataString.toBytes(); byte[] hash = crypto:hashSha512(data);
Parameters
- input byte[] - Value to be hashed
- salt byte[]? (default ()) - Salt to be added
Return Type
- byte[] - Hashed output
hmacMd5
function hmacMd5(byte[] input, byte[] key) returns byte[]|Error
Returns the HMAC using the MD5 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = check crypto:hmacMd5(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Error
if an error occurred
hmacSha1
function hmacSha1(byte[] input, byte[] key) returns byte[]|Error
Returns the HMAC using the SHA-1 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = check crypto:hmacSha1(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Error
if an error occurred
hmacSha256
function hmacSha256(byte[] input, byte[] key) returns byte[]|Error
Returns the HMAC using the SHA-256 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = check crypto:hmacSha256(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Error
if an error occurred
hmacSha384
function hmacSha384(byte[] input, byte[] key) returns byte[]|Error
Returns the HMAC using the SHA-384 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = check crypto:hmacSha384(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Error
if an error occurred
hmacSha512
function hmacSha512(byte[] input, byte[] key) returns byte[]|Error
Returns the HMAC using the SHA-512 hash function of the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); string secret = "some-secret"; byte[] key = secret.toBytes(); byte[] hmac = check crypto:hmacSha512(data, key);
Parameters
- input byte[] - Value to be hashed
- key byte[] - Key used for HMAC generation
Return Type
- byte[]|Error - The HMAC output or a
crypto:Error
if an error occurred
signRsaMd5
function signRsaMd5(byte[] input, PrivateKey privateKey) returns byte[]|Error
Returns the RSA-MD5 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaMd5(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Error
if the private key is invalid
signRsaSha1
function signRsaSha1(byte[] input, PrivateKey privateKey) returns byte[]|Error
Returns the RSA-SHA1 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha1(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Error
if the private key is invalid
signRsaSha256
function signRsaSha256(byte[] input, PrivateKey privateKey) returns byte[]|Error
Returns the RSA-SHA256 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha256(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Error
if the private key is invalid
signRsaSha384
function signRsaSha384(byte[] input, PrivateKey privateKey) returns byte[]|Error
Returns the RSA-SHA384 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha384(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Error
if the private key is invalid
signRsaSha512
function signRsaSha512(byte[] input, PrivateKey privateKey) returns byte[]|Error
Returns the RSA-SHA512 based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha512(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Error
if the private key is invalid
signSha384withEcdsa
function signSha384withEcdsa(byte[] input, PrivateKey privateKey) returns byte[]|Error
Returns the SHA384withECDSA based signature value for the given data.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signSha384withEcdsa(data, privateKey);
Parameters
- input byte[] - The content to be signed
- privateKey PrivateKey - Private key used for signing
Return Type
- byte[]|Error - The generated signature or else a
crypto:Error
if the private key is invalid
verifyRsaMd5Signature
function verifyRsaMd5Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error
Verifies the RSA-MD5 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaMd5(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaMd5Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaSha1Signature
function verifyRsaSha1Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error
Verifies the RSA-SHA1 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha1(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha1Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaSha256Signature
function verifyRsaSha256Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error
Verifies the RSA-SHA256 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha256(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha256Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaSha384Signature
function verifyRsaSha384Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error
Verifies the RSA-SHA384 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha384(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha384Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifyRsaSha512Signature
function verifyRsaSha512Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error
Verifies the RSA-SHA512 based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha512(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha512Signature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
verifySha384withEcdsaSignature
function verifySha384withEcdsaSignature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error
Verifies the SHA384withECDSA based signature.
string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signSha384withEcdsa(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeEcPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifySha384withEcdsaSignature(data, signature, publicKey);
Parameters
- data byte[] - The content to be verified
- signature byte[] - Signature value
- publicKey PublicKey - Public key used for verification
Constants
crypto: NONE
No padding.
crypto: OAEPwithMD5andMGF1
The OAEPwithMD5andMGF1
padding mode.
crypto: OAEPWithSHA1AndMGF1
The OAEPWithSHA1AndMGF1
padding mode.
crypto: OAEPWithSHA256AndMGF1
The OAEPWithSHA256AndMGF1
padding mode.
crypto: OAEPwithSHA384andMGF1
The OAEPwithSHA384andMGF1
padding mode.
crypto: OAEPwithSHA512andMGF1
The OAEPwithSHA512andMGF1
padding mode.
crypto: PKCS1
The PKCS1
padding mode.
crypto: PKCS5
The PKCS5
padding mode.
crypto: RSA
The RSA
algorithm.
Records
crypto: Certificate
Represents the X509 public key certificate information.
Fields
- version0 int - Version number
- serial int - Serial number
- issuer string - Issuer name
- subject string - Subject name
- notBefore Utc - Not before validity period of certificate
- notAfter Utc - Not after validity period of certificate
- signature byte[] - Raw signature bits
- signingAlgorithm string - Signature algorithm
crypto: KeyStore
Represents the KeyStore-related configurations.
Fields
- path string - Path to the KeyStore file
- password string - KeyStore password
crypto: PrivateKey
Represents the private key used in cryptographic operations.
Fields
- algorithm KeyAlgorithm - Key algorithm
crypto: PublicKey
Represents the public key used in cryptographic operations.
Fields
- algorithm KeyAlgorithm - Key algorithm
- certificate Certificate? - Public key certificate
crypto: TrustStore
Represents the truststore-related configurations.
Fields
- path string - Path to the TrustStore file
- password string - TrustStore password
Errors
crypto: Error
Represents the error type of the module.
Union types
crypto: AesPadding
AesPadding
Represents the padding algorithms supported by AES encryption and decryption.
crypto: RsaPadding
RsaPadding
Represents the padding algorithms supported with RSA encryption and decryption.
Simple name reference types
crypto: KeyAlgorithm
KeyAlgorithm
Represents the supported key algorithms.
Import
import ballerina/crypto;
Metadata
Released date: 11 months ago
Version: 2.6.1
License: Apache-2.0
Compatibility
Platform: java17
Ballerina version: 2201.8.0
GraalVM compatible: Yes
Pull count
Total: 831171
Current verison: 5941
Weekly downloads
Keywords
security
hash
hmac
sign
encrypt
decrypt
private key
public key
Contributors