(lispkit crypto)
Last updated
Last updated
Library (lispkit crypto) provides an API for cryptographic operations, including message digests, the creation and management of secure keys, and cryptographic algorithms for encrypting, decrypting, signing, and verifying messages.
The following sample code illustrates how (lispkit crypto) can be used to implement public key cryptography:
Library (lispkit crypto) provides a number of cryptographic hash functions, sometimes also called message digest functions. A cryptographic hash function maps variable-length, potentially long sequences of bytes to fixed length, relatively short hashes, also called digests.
(md5 bytevector) (md5 bytevector start) (md5 bytevector start end)
Implementation of the MD5 message-digest algorithm. Computes a 128-bit hash for the bytes of bytevector between index start (including) and end (excluding) and returns the result as a bytevector. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.
(sha1 bytevector) (sha1 bytevector start) (sha1 bytevector start end)
Implementation of the "Secure Hash Algorithm 1". Computes a 160-bit hash for the bytes of bytevector between index start (including) and end (excluding) and returns the result as a bytevector. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.
(sha256 bytevector) (sha256 bytevector start) (sha256 bytevector start end)
Implementation of the "Secure Hash Algorithm 2" with a 256-bit digest. Computes a 256-bit hash for the bytes of bytevector between index start (including) and end (excluding) and returns the result as a bytevector. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.
Implementation of the "Secure Hash Algorithm 2" with a 384-bit digest. Computes a 384-bit hash for the bytes of bytevector between index start (including) and end (excluding) and returns the result as a bytevector. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.
Implementation of the "Secure Hash Algorithm 2" with a 512-bit digest. Computes a 512-bit hash for the bytes of bytevector between index start (including) and end (excluding) and returns the result as a bytevector. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.
Symbol representing the secure-key type. The type-for procedure of library (lispkit type) returns this symbol for all secure key objects.
Creates a new private key for the cryptographic system cs and returns it as a secure-key object. Cryptographic systems are identified via symbols. Currently only rsa is supported as value for cs. size defines the size of the key in bits; default is 1024. tag is an optional string identifying the application generating the key. If tag is not provided, a random UUID string is being used as application tag.
Returns a public key for the given private key as a secure-key object.
Returns #t if obj is a secure key; otherwise #f is returned.
Returns #t if the secure key is suitable to be used with the cryptographic system cs; otherwise #f is returned. Cryptographic systems are identified via symbols. Currently only rsa is supported as value for cs.
Returns #t if the secure key is a private key; otherwise #f is returned.
Returns #t if the secure key is a public key; otherwise #f is returned.
Returns #t if secure key can be used to encrypt messages via algorithm algo, otherwise #f is returned. algo is a symbol identifying the encryption algorithm (see section on Crypto Algorithms). If algo is not provided, secure-key-can-encrypt? returns #t if key can be used to encrypt messages in general, independent of a concrete algorithm.
Returns #t if secure key can be used to decrypt messages via algorithm algo, otherwise #f is returned. algo is a symbol identifying the encryption algorithm (see section on Crypto Algorithms). If algo is not provided, secure-key-can-decrypt? returns #t if key can be used to decrypt messages in general, independent of a concrete algorithm.
Returns #t if secure key can be used to sign messages via algorithm algo, otherwise #f is returned. algo is a symbol identifying the encryption algorithm (see section on Crypto Algorithms). If algo is not provided, secure-key-can-sign? returns #t if key can be used to sign messages in general, independent of a concrete algorithm.
Returns #t if secure key can be used to verify messages via algorithm algo, otherwise #f is returned. algo is a symbol identifying the encryption algorithm (see section on Crypto Algorithms). If algo is not provided, secure-key-can-verify? returns #t if key can be used to verify messages in general, independent of a concrete algorithm.
Returns the size of the given secure key in bits. If effective is #f or omitted, the total number of bits in the secure key are returned, otherwise, the effective number of bits used by this secure key are returned.
Returns the block length associated with the given secure key in bytes. If the secure key is an RSA key, for instance, this is the size of the modulus.
Returns the attributes associated with the given secure key as an association list. Each attribute is represented by a cons whose car is the key of an attribute and whose cdr is the corresponding value.
Defines an identity relationship for secure keys. secure-key=? returns #t if each key ... is the same key object as key0, otherwise #f gets returned.
Defines an equivalence relationship for secure keys based on the equivalence of a serialized representation of a secure key. secure-key-data=? returns #t if each key ... is representing an equivalent key with the same serialized external representation as key0. Otherwise, #f gets returned.
Serializes the given secure key into a new bytevector and returns the bytevector.
Turns a serialized representation of a secure key in bytevector between indices start (inclusive) and end (exclusive) into a new private key of the given cryptographic system cs. Cryptographic systems are identified via symbols. Currently only rsa is supported as value for cs. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.
Turns a serialized representation of a secure key in bytevector between indices start (inclusive) and end (exclusive) into a new public key of the given cryptographic system cs. Cryptographic systems are identified via symbols. Currently only rsa is supported as value for cs. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.
Returns a PEM (Privacy Encoded Mail)-encoded string representation of the given secure key.
Turns a PEM (Privacy Encoded Mail)-encoded representation of a secure key str (a string) into a new secure key object and returns this object. An error is raised if it is not possible to extract a secure key supported by this library.
In library (lispkit crypto), cryptographic algorithms are identified via interned symbols. The following cryptographic algorithms are supported:
RSA Encryption
rsa-encryption-raw
rsa-encryption-pkcs1
RSA Encryption OAEP
rsa-encryption-oaep-sha1
rsa-encryption-oaep-sha256
rsa-encryption-oaep-sha384
rsa-encryption-oaep-sha512
RSA Encryption OAEP AESGCM
rsa-encryption-oaep-sha1-aesgcm
rsa-encryption-oaep-sha256-aesgcm
rsa-encryption-oaep-sha384-aesgcm
rsa-encryption-oaep-sha512-aesgcm
RSA Signature Raw
rsa-signature-raw
RSA Signature Digest PKCS1v15
rsa-signature-digest-pkcs1v15-raw
rsa-signature-digest-pkcs1v15-sha1
rsa-signature-digest-pkcs1v15-sha256
rsa-signature-digest-pkcs1v15-sha384
rsa-signature-digest-pkcs1v15-sha512
RSA Signature Message PKCS1v15
rsa-signature-message-pkcs1v15-sha1
rsa-signature-message-pkcs1v15-sha256
rsa-signature-message-pkcs1v15-sha384
rsa-signature-message-pkcs1v15-sha512
RSA Signature Digest PSS
rsa-signature-digest-pss-sha1
rsa-signature-digest-pss-sha256
rsa-signature-digest-pss-sha384
rsa-signature-digest-pss-sha512
RSA Signature Message PSS
rsa-signature-message-pss-sha1
rsa-signature-message-pss-sha256
rsa-signature-message-pss-sha384
rsa-signature-message-pss-sha512
Encrypts a message represented by bytevector between indices start (inclusive) and end (exclusive) using the given secure key and encryption algorithm algo. The encrypted message is returned as a new bytevector.
algo is a symbol identifying the encryption algorithm. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.
Decrypts an encrypted message represented by bytevector between indices start (inclusive) and end (exclusive) using the given secure key and encryption algorithm algo. The decrypted message is returned as a new bytevector.
algo is a symbol identifying the encryption algorithm. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.
Signs a message represented by bytevector between indices start (inclusive) and end (exclusive) using the given secure key and signature algorithm algo. The signature of the message is returned as a new bytevector.
algo is a symbol identifying the signature algorithm. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.
Verifies a signature represented by bytevector between indices start (inclusive) and end (exclusive) using the given secure key and signature algorithm algo. verify returns #t if the signature could be verified, otherwise #f is returned.
algo is a symbol identifying the signature algorithm. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.
(sha384 bytevector) (sha384 bytevector start) (sha384 bytevector start end)
(sha512 bytevector) (sha512 bytevector start) (sha512 bytevector start end)
secure-key-type-tag
(make-private-key cs) (make-private-key cs size) (make-private-key cs size tag)
(public-key key)
(secure-key? obj)
(secure-key-type? key cs)
(secure-key-private? key)
(secure-key-public? key)
(secure-key-can-encrypt? key) (secure-key-can-encrypt? key algo)
(secure-key-can-decrypt? key) (secure-key-can-decrypt? key algo)
(secure-key-can-sign? key) (secure-key-can-sign? key algo)
(secure-key-can-verify? key) (secure-key-can-verify? key algo)
(secure-key-size key) (secure-key-size key effective)
(secure-key-block-size key)
(secure-key-attributes key)
(secure-key=? key0 key ...)
(secure-key-data=? key ...)
(secure-key->bytevector key)
(bytevector->private-key cs bytevector) (bytevector->private-key cs bytevector start) (bytevector->private-key cs bytevector start end)
(bytevector->public-key obj)
(secure-key->string key)
(string->secure-key str)
(encrypt key algo bytevector) (encrypt key algo bytevector start) (encrypt key algo bytevector start end)
(decrypt key algo bytevector) (decrypt key algo bytevector start) (decrypt key algo bytevector start end)
(sign key algo bytevector) (sign key algo bytevector start) (sign key algo bytevector start end)
(verify key algo bytevector) (verify key algo bytevector start) (verify key algo bytevector start end)
