+++ /dev/null
- RSA Sample Code Info
- last update 4/24/02 dmitch
-
-Introduction
-------------
-This directory contains a program which demonstrates how to
-write code associated with the RSA Public Key Cryptosystem using
-the CDSA API. One command-line executable program, called rsatool,
-currently resides here.
-
-Building
---------
-
-See the README in the parent directory (CDSA_Examples) for
-information on building this program.
-
-Running rsatool
----------------
-
-Rsatool is a UNIX command-line program which operates on files.
-It can generate key pairs (storing them in files), encrypt a file
-(placing the result in another file), decrypt, sign a file (placing
-the signature in another file), and verify signatures.
-
-Please note that this type of operation, in which private keys
-are stored in files which anyone can read, is certainly not
-recommended security procedure; the purpose of this tool is to
-demonstrate the use of the CDSA API.
-
-To get a full list of rsatool's command-line options, just run it
-with no arguments:
-
-localhost> rsatool
-usage: ./rsatool op [options]
- op:
- g generate key pair
- e encrypt
- d decrypt
- s sign
- v verify
- S SHA-1 digest
- M MD5 digest
- options:
- k=keyfileBase keys are keyFileBase_pub.der, keyFileBase_priv.der)
- p=plainFile
- c=cipherFile
- s=sigfile
- b=keySizeInBits (default 512)
- w (swap key class)
- r (raw sign/verify)
- P (no padding)
- a=alg d=DSA r=RSA, e=ECDSA, default = RSA
-localhost>
-
-
-Some examples:
---------------
-
-To perform any operations using RSA, one must first have a key pair.
-You generate them like so:
-
-localhost> rsatool g k=mykey b=1024
-...wrote 140 bytes to mykey_pub.der
-...wrote 636 bytes to mykey_priv.der
-localhostl>
-
-This generates a 1024-bit key pair, places the public key
-in mykey_pub.der, and the private key in mykey_priv.der.
-
-Now, say you want to encrypt a file. You encrypt with a public key.
-So first we create a file to encrypt:
-
-localhost:> cat > plaintext
-this is what we will encrypt
-localhostl>
-
-Now we encrypt it, placing the result in ciphertext:
-
-localhost> rsatool e k=mykey p=plaintext c=ciphertext
-...wrote 128 bytes to ciphertext
-localhost>
-
-The result looks like this:
-
-localhost> hexdump ciphertext
-0000000 8272 4ff9 d7ab 8ff0 3dee 543d 3f36 3d89
-0000010 ef80 f958 3b4f 1be1 bde8 6557 c215 9728
-0000020 4262 0c6a b81b 5782 444d 225c db3e 17d7
-0000030 7079 d3af 7e1e c215 2b14 bf35 20f7 ed33
-0000040 f311 6258 fd85 6679 e0bb ae33 4b26 c1f8
-0000050 4f33 ac24 1972 e048 915c 8386 5fc3 7f56
-0000060 e7b3 9b4a ad6b a192 84c3 fa6e 25ba 91a0
-0000070 05ef fe42 ebba 0290 99b1 5cc9 5e36 7954
-0000080
-localhost>
-
-We decrypt it like so:
-
-localhost> rsatool d k=mykey p=recovered c=ciphertext
-...wrote 29 bytes to recovered
-localhost>
-
-Yielding:
-
-localhost> cat recovered
-this is what we will encrypt
-localhost>
-
-To generate a digital signature, putting the signature in sigfile:
-
-localhost> rsatool s k=mykey p=plaintext s=sigfile
-...wrote 128 bytes to sigfile
-localhost>
-
-To verify the signature:
-
-localhost> rsatool v k=mykey p=plaintext s=sigfile
-...signature verifies OK
-localhost>
-
-Note what happens if we specify a file other than 'plaintext' to
-verify with plaintext's signature:
-
-localhost> rsatool v k=mykey p=ciphertext s=sigfile
-CSSM_VerifyData: CSP_VERIFY_FAILED
-sigVerify: CSP_VERIFY_FAILED
-localhost>
projects / apple / security.git / blobdiff