--- /dev/null
+ RSA Sample Code Info
+ last update 4/24/02 dmitch
+
+Introduction
+------------
+This directory contains a program which demonstrates how to
+write code associated with the RSA Public Key Cryptosystem using
+the CDSA API. One command-line executable program, called rsatool,
+currently resides here.
+
+Building
+--------
+
+See the README in the parent directory (CDSA_Examples) for
+information on building this program.
+
+Running rsatool
+---------------
+
+Rsatool is a UNIX command-line program which operates on files.
+It can generate key pairs (storing them in files), encrypt a file
+(placing the result in another file), decrypt, sign a file (placing
+the signature in another file), and verify signatures.
+
+Please note that this type of operation, in which private keys
+are stored in files which anyone can read, is certainly not
+recommended security procedure; the purpose of this tool is to
+demonstrate the use of the CDSA API.
+
+To get a full list of rsatool's command-line options, just run it
+with no arguments:
+
+localhost> rsatool
+usage: ./rsatool op [options]
+ op:
+ g generate key pair
+ e encrypt
+ d decrypt
+ s sign
+ v verify
+ S SHA-1 digest
+ M MD5 digest
+ options:
+ k=keyfileBase keys are keyFileBase_pub.der, keyFileBase_priv.der)
+ p=plainFile
+ c=cipherFile
+ s=sigfile
+ b=keySizeInBits (default 512)
+ w (swap key class)
+ r (raw sign/verify)
+ P (no padding)
+ a=alg d=DSA r=RSA, e=ECDSA, default = RSA
+localhost>
+
+
+Some examples:
+--------------
+
+To perform any operations using RSA, one must first have a key pair.
+You generate them like so:
+
+localhost> rsatool g k=mykey b=1024
+...wrote 140 bytes to mykey_pub.der
+...wrote 636 bytes to mykey_priv.der
+localhostl>
+
+This generates a 1024-bit key pair, places the public key
+in mykey_pub.der, and the private key in mykey_priv.der.
+
+Now, say you want to encrypt a file. You encrypt with a public key.
+So first we create a file to encrypt:
+
+localhost:> cat > plaintext
+this is what we will encrypt
+localhostl>
+
+Now we encrypt it, placing the result in ciphertext:
+
+localhost> rsatool e k=mykey p=plaintext c=ciphertext
+...wrote 128 bytes to ciphertext
+localhost>
+
+The result looks like this:
+
+localhost> hexdump ciphertext
+0000000 8272 4ff9 d7ab 8ff0 3dee 543d 3f36 3d89
+0000010 ef80 f958 3b4f 1be1 bde8 6557 c215 9728
+0000020 4262 0c6a b81b 5782 444d 225c db3e 17d7
+0000030 7079 d3af 7e1e c215 2b14 bf35 20f7 ed33
+0000040 f311 6258 fd85 6679 e0bb ae33 4b26 c1f8
+0000050 4f33 ac24 1972 e048 915c 8386 5fc3 7f56
+0000060 e7b3 9b4a ad6b a192 84c3 fa6e 25ba 91a0
+0000070 05ef fe42 ebba 0290 99b1 5cc9 5e36 7954
+0000080
+localhost>
+
+We decrypt it like so:
+
+localhost> rsatool d k=mykey p=recovered c=ciphertext
+...wrote 29 bytes to recovered
+localhost>
+
+Yielding:
+
+localhost> cat recovered
+this is what we will encrypt
+localhost>
+
+To generate a digital signature, putting the signature in sigfile:
+
+localhost> rsatool s k=mykey p=plaintext s=sigfile
+...wrote 128 bytes to sigfile
+localhost>
+
+To verify the signature:
+
+localhost> rsatool v k=mykey p=plaintext s=sigfile
+...signature verifies OK
+localhost>
+
+Note what happens if we specify a file other than 'plaintext' to
+verify with plaintext's signature:
+
+localhost> rsatool v k=mykey p=ciphertext s=sigfile
+CSSM_VerifyData: CSP_VERIFY_FAILED
+sigVerify: CSP_VERIFY_FAILED
+localhost>
projects / apple / security.git / blobdiff