OpenSSLMBS.CipherNames as String()

// see hash and encryption algorithms available
Var CipherNames() as string = OpenSSLMBS.CipherNames
Var DigestNames() as string = OpenSSLMBS.DigestNames
Break

The list may not be the same for Mac, Windows and Linux.

Current list:

blake2b512, blake2s256, id-rsassa-pkcs1-v1_5-with-sha3-224, id-rsassa-pkcs1-v1_5-with-sha3-256, id-rsassa-pkcs1-v1_5-with-sha3-384, id-rsassa-pkcs1-v1_5-with-sha3-512, md4, md4WithRSAEncryption, md5, md5-sha1, md5WithRSAEncryption, mdc2, mdc2WithRSA, ripemd, ripemd160, ripemd160WithRSA, rmd160, RSA-MD4, RSA-MD5, RSA-MDC2, RSA-RIPEMD160, RSA-SHA1, RSA-SHA1-2, RSA-SHA224, RSA-SHA256, RSA-SHA3-224, RSA-SHA3-256, RSA-SHA3-384, RSA-SHA3-512, RSA-SHA384, RSA-SHA512, RSA-SHA512/224, RSA-SHA512/256, RSA-SM3, sha1, sha1WithRSAEncryption, sha224, sha224WithRSAEncryption, sha256, sha256WithRSAEncryption, sha3-224, sha3-256, sha3-384, sha3-512, sha384, sha384WithRSAEncryption, sha512, sha512-224, sha512-224WithRSAEncryption, sha512-256, sha512-256WithRSAEncryption, sha512WithRSAEncryption, shake128, shake256, sm3, sm3WithRSAEncryption, ssl3-md5, ssl3-sha1, whirlpool

OpenSSLMBS.DigestNames as String()

// see hash and encryption algorithms available
Var CipherNames() as string = OpenSSLMBS.CipherNames
Var DigestNames() as string = OpenSSLMBS.DigestNames
Break

The list may not be the same for Mac, Windows and Linux.

Current list:

blake2b512, blake2s256, id-rsassa-pkcs1-v1_5-with-sha3-224, id-rsassa-pkcs1-v1_5-with-sha3-256, id-rsassa-pkcs1-v1_5-with-sha3-384, id-rsassa-pkcs1-v1_5-with-sha3-512, md4, md4WithRSAEncryption, md5, md5-sha1, md5WithRSAEncryption, mdc2, mdc2WithRSA, ripemd, ripemd160, ripemd160WithRSA, rmd160, RSA-MD4, RSA-MD5, RSA-MDC2, RSA-RIPEMD160, RSA-SHA1, RSA-SHA1-2, RSA-SHA224, RSA-SHA256, RSA-SHA3-224, RSA-SHA3-256, RSA-SHA3-384, RSA-SHA3-512, RSA-SHA384, RSA-SHA512, RSA-SHA512/224, RSA-SHA512/256, RSA-SM3, sha1, sha1WithRSAEncryption, sha224, sha224WithRSAEncryption, sha256, sha256WithRSAEncryption, sha3-224, sha3-256, sha3-384, sha3-512, sha384, sha384WithRSAEncryption, sha512, sha512-224, sha512-224WithRSAEncryption, sha512-256, sha512-256WithRSAEncryption, sha512WithRSAEncryption, shake128, shake256, sm3, sm3WithRSAEncryption, ssl3-md5, ssl3-sha1, whirlpool

OpenSSLMBS.ErrorString(ErrorCode as Integer) as string

MsgBox OpenSSLMBS.ErrorString(336109761)

OpenSSLMBS.GeneratePrivateKey(Bits as Integer = 4096, Exp as Integer = 65537, Password as string = "", Algorithm as string = "") as string

Var privateKey as string = OpenSSLMBS.GeneratePrivateKey
Var publicKey as string = OpenSSLMBS.GetPublicKey(privateKey)

break // got key pair

Bit size of key should be high.
See RSA key documentation on the web about details.

In Plugin version 16.2 and later this function yields time to other Xojo threads.
Algorithm specifies the encryption algorithm for key encryption. See CipherMBS for cipher names, e.g. "AES-128-CBC". (new in 17.5)

OpenSSLMBS.GetPublicKey(PrivateKey as String, PrivateKeyPassword as string = "") as string

Var privateKey as string = OpenSSLMBS.GeneratePrivateKey
Var publicKey as string = OpenSSLMBS.GetPublicKey(privateKey)

break // got key pair

Optionally you can define a password for private key.

OpenSSLMBS.OpenSSLVersion as String

MsgBox OpenSSLMBS.OpenSSLVersion

OpenSSLMBS.PKCS7Sign(flags as Integer, InputData as string, SignKey as string, PrivateKey as String, PrivateKeyPassword as string, intermediaCertsData() as string, OutputBinary as boolean) as string

Var testPrivKey      as string = ReadFile("passkey.pem")
Var testCertificate  as string = ReadFile("passcertificate.pem")
Var data             as string = ReadFile("test.txt")
Var privKeyPassword  as string = "12345"

Var intermediateCertificates() as string
intermediateCertificates.Append ReadFile("WWDR.pem")
Var Sign as string = OpenSSLMBS.PKCS7Sign(0, data, testCertificate, testPrivKey, privKeyPassword, intermediateCertificates, true)

// write result
Var f as FolderItem = SpecialFolder.Desktop.Child("output")
Var b as BinaryStream = BinaryStream.Create(f, true)
b.Write sign

Returns the signature. If OutputBinary is true, we use DER output, else text based output.
intermediaCertsData array can be empty if you have no intermediate certificates.

OpenSSLMBS.PKCS7SignData(Certificate as X509MBS, PrivateKey as PKeyMBS, certs() as X509MBS = nil, data as string, flags as Integer = 0) as string

Returns the signature (binary format = DER).
intermediaCertsData array can be empty or nil if you have no intermediate certificates.

Some examples using this method:

• /DynaPDF/Create PDF with Custom Signature

OpenSSLMBS.PKCS7SignedData(DataP7M as String) as String

// get a file
Var f As FolderItem = GetFolderItem("/Users/cs/Desktop/p7m/work.xml.p7m", FolderItem.PathTypeNative)

// read
Var b As BinaryStream = BinaryStream.Open(f)
Var s As String = b.Read(b.Length)

// decode
Var data As String = OpenSSLMBS.PKCS7SignedData(s)

Break

Please pass content of a P7M file, so we can read signed content.
Returns data or empty string if this failed.

OpenSSLMBS.ProviderNames as String()

MessageBox join( OpenSSLMBS.ProviderNames, EndOfLine)

The list may not be the same for Mac, Windows and Linux.

Current list:

aes-128-cbc, aes-128-cbc-hmac-sha1, aes-128-ccm, aes-128-cfb, aes-128-cfb1, aes-128-cfb8, aes-128-ctr, aes-128-ecb, aes-128-gcm, aes-128-ocb, aes-128-ofb, aes-128-xts, aes-192-cbc, aes-192-ccm, aes-192-cfb, aes-192-cfb1, aes-192-cfb8, aes-192-ctr, aes-192-ecb, aes-192-gcm, aes-192-ocb, aes-192-ofb, aes-256-cbc, aes-256-cbc-hmac-sha1, aes-256-ccm, aes-256-cfb, aes-256-cfb1, aes-256-cfb8, aes-256-ctr, aes-256-ecb, aes-256-gcm, aes-256-ocb, aes-256-ofb, aes-256-xts, aes128, aes128-wrap, aes192, aes192-wrap, aes256, aes256-wrap, aria-128-cbc, aria-128-ccm, aria-128-cfb, aria-128-cfb1, aria-128-cfb8, aria-128-ctr, aria-128-ecb, aria-128-gcm, aria-128-ofb, aria-192-cbc, aria-192-ccm, aria-192-cfb, aria-192-cfb1, aria-192-cfb8, aria-192-ctr, aria-192-ecb, aria-192-gcm, aria-192-ofb, aria-256-cbc, aria-256-ccm, aria-256-cfb, aria-256-cfb1, aria-256-cfb8, aria-256-ctr, aria-256-ecb, aria-256-gcm, aria-256-ofb, aria128, aria192, aria256, bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb, blowfish, camellia-128-cbc, camellia-128-cfb, camellia-128-cfb1, camellia-128-cfb8, camellia-128-ctr, camellia-128-ecb, camellia-128-ofb, camellia-192-cbc, camellia-192-cfb, camellia-192-cfb1, camellia-192-cfb8, camellia-192-ctr, camellia-192-ecb, camellia-192-ofb, camellia-256-cbc, camellia-256-cfb, camellia-256-cfb1, camellia-256-cfb8, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb, camellia128, camellia192, camellia256, cast, cast-cbc, cast5-cbc, cast5-cfb, cast5-ecb, cast5-ofb, chacha20, chacha20-poly1305, des, des-cbc, des-cfb, des-cfb1, des-cfb8, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ecb, des-ede-ofb, des-ede3, des-ede3-cbc, des-ede3-cfb, des-ede3-cfb1, des-ede3-cfb8, des-ede3-ecb, des-ede3-ofb, des-ofb, des3, des3-wrap, desx, desx-cbc, id-aes128-CCM, id-aes128-GCM, id-aes128-wrap, id-aes128-wrap-pad, id-aes192-CCM, id-aes192-GCM, id-aes192-wrap, id-aes192-wrap-pad, id-aes256-CCM, id-aes256-GCM, id-aes256-wrap, id-aes256-wrap-pad, id-smime-alg-CMS3DESwrap, idea, idea-cbc, idea-cfb, idea-ecb, idea-ofb, rc2, rc2-128, rc2-40, rc2-40-cbc, rc2-64, rc2-64-cbc, rc2-cbc, rc2-cfb, rc2-ecb, rc2-ofb, rc4, rc4-40, rc4-hmac-md5, RC5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb, seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb, sm4, sm4-cbc, sm4-cfb, sm4-ctr, sm4-ecb, sm4-ofb

OpenSSLMBS.RandomBytes(count as Integer) as MemoryBlock

Var m As MemoryBlock = OpenSSLMBS.RandomBytes(16)
MsgBox EncodeHex(m)

Puts count cryptographically strong pseudo-random bytes into MemoryBlock.

OpenSSLMBS.RandomBytesString(count as Integer) as String

Var p As String = OpenSSLMBS.RandomBytesString(16)
MsgBox EncodeHex(p)

Puts count cryptographically strong pseudo-random bytes into string.

OpenSSLMBS.RSAPrivateDecrypt(data as string, PrivateKey as string, padding as Integer = 1, Password as string = "") as String

// encrypt with public, decrypt with private key

Var f1 as FolderItem = GetFolderItem("test.pem")
Var b1 as BinaryStream = BinaryStream.Open(f1)
Var PrivKey as string = B1.Read(b1.Length)

Var f2 as FolderItem = GetFolderItem("test.pub")
Var b2 as BinaryStream = BinaryStream.Open(f2)
Var PubKey as string = B2.Read(b2.Length)

Var UnencryptedData as string = "Hello World. This is just a test."
Var EncryptedData as string = OpenSSLMBS.RSAPublicEncrypt(UnencryptedData, PubKey)
Var decryptedData as string = OpenSSLMBS.RSAPrivateDecrypt(EncryptedData, PrivKey)

Break // check in debugger

See kPadding constants for Padding parameter.
Password is optional for decrypting encrypted keys.
Returns empty string on failure or raises exceptions.

RSA can only decrypt data if it's <= length of key.

Some examples using this method:

• /Encryption/Public and Private RSA Key Encryption/Public and Private RSA Key Encryption

OpenSSLMBS.RSAPrivateEncrypt(data as string, PrivateKey as string, padding as Integer = 1, Password as string = "") as String

// encrypt with private, decrypt with public key

Var f1 as FolderItem = GetFolderItem("test.pem")
Var b1 as BinaryStream = BinaryStream.Open(f1)
Var PrivKey as string = B1.Read(b1.Length)

Var f2 as FolderItem = GetFolderItem("test.pub")
Var b2 as BinaryStream = BinaryStream.Open(f2)
Var PubKey as string = B2.Read(b2.Length)

Var UnencryptedData as string = "Hello World. This is just a test."
Var EncryptedData as string = OpenSSLMBS.RSAPrivateEncrypt(UnencryptedData, PrivKey)
Var decryptedData as string = OpenSSLMBS.RSAPublicDecrypt(EncryptedData, PubKey)

Break // check in debugger

See kPadding constants for Padding parameter.
Password is optional for decrypting encrypted keys.
Returns empty string on failure or raises exceptions.

RSA can only encrypt data if it's <= length of key.

Some examples using this method:

• /Encryption/Public and Private RSA Key Encryption/Public and Private RSA Key Encryption

OpenSSLMBS.RSAPublicDecrypt(data as string, PublicKey as string, padding as Integer = 1, Password as string = "") as String

// encrypt with private, decrypt with public key

Var f1 as FolderItem = GetFolderItem("test.pem")
Var b1 as BinaryStream = BinaryStream.Open(f1)
Var PrivKey as string = B1.Read(b1.Length)

Var f2 as FolderItem = GetFolderItem("test.pub")
Var b2 as BinaryStream = BinaryStream.Open(f2)
Var PubKey as string = B2.Read(b2.Length)

Var UnencryptedData as string = "Hello World. This is just a test."
Var EncryptedData as string = OpenSSLMBS.RSAPrivateEncrypt(UnencryptedData, PrivKey)
Var decryptedData as string = OpenSSLMBS.RSAPublicDecrypt(EncryptedData, PubKey)

Break // check in debugger

See kPadding constants for Padding parameter.
Password is optional for decrypting encrypted keys.
Returns empty string on failure or raises exceptions.

RSA can only decrypt data if it's <= length of key.

Some examples using this method:

• /Encryption/Public and Private RSA Key Encryption/Public and Private RSA Key Encryption

OpenSSLMBS.RSAPublicEncrypt(data as string, PublicKey as string, padding as Integer = 1, Password as string = "") as String

// encrypt with public, decrypt with private key

Var f1 as FolderItem = GetFolderItem("test.pem")
Var b1 as BinaryStream = BinaryStream.Open(f1)
Var PrivKey as string = B1.Read(b1.Length)

Var f2 as FolderItem = GetFolderItem("test.pub")
Var b2 as BinaryStream = BinaryStream.Open(f2)
Var PubKey as string = B2.Read(b2.Length)

Var UnencryptedData as string = "Hello World. This is just a test."
Var EncryptedData as string = OpenSSLMBS.RSAPublicEncrypt(UnencryptedData, PubKey)
Var decryptedData as string = OpenSSLMBS.RSAPrivateDecrypt(EncryptedData, PrivKey)

Break // check in debugger

See kPadding constants for Padding parameter.
Password is optional for decrypting encrypted keys.
Returns empty string on failure or raises exceptions.

RSA can only encrypt data if it's <= length of key.

Some examples using this method:

• /Encryption/Public and Private RSA Key Encryption/Public and Private RSA Key Encryption

OpenSSLMBS.SignData(data as string, key as string, Password as string = "") as string

Var data as string // some data
Var test as string // the private key PEM file content
Var Signature as string = OpenSSLMBS.SignData(data, test)
msgbox EncodeHex(Signature)

Returns signature. Use EncodeHex or EncodeBase64 to make a text representation.

Internally we make a SHA1 hash of the data, open the private RSA key and do a RSA sign operation. We return the raw key as a string bytes.
On any error, we return an empty string.
Optional you can pass a password to read password protected keys.

May fail to read key data if line endings are wrong. Seems not to like Chr(13) and preferes Chr(10). You may want to use ReplaceLineEndings with EndOfLine.Unix to convert before passing key.

See also:

• SignData(data as string, key as string, Password as string = "", Algorithm as Integer) as string

OpenSSLMBS.SignData(data as string, key as string, Password as string = "", Algorithm as Integer) as string

Var test_pem         as string = ReadFile("test.pem")
Var test_pub         as string = ReadFile("test.pub")
Var data             as string = ReadFile("Create Keys.rtf") // some data file
Var signature        as string

// create signature

Signature = OpenSSLMBS.SignData(data, test_pem, OpenSSLMBS.kAlgorithmSHA512)
if Signature = "" then
  // failed
  break
end if

// verify with private key
Var r1 as Boolean = OpenSSLMBS.VerifyData(data, signature, test_pem, OpenSSLMBS.kAlgorithmSHA256)

// verify with public key
Var r2 as Boolean = OpenSSLMBS.VerifyData(data, signature, test_pub, OpenSSLMBS.kAlgorithmSHA256)

Returns signature. Use EncodeHex or EncodeBase64 to make a text representation.

Internally we make a hash of the data with given algorithm, open the private RSA key and do a RSA sign operation. We return the raw signature as a string bytes.
On any error, we return an empty string.
Optional you can pass a password to read password protected keys.

May fail to read key data if line endings are wrong. Seems not to like Chr(13) and preferes Chr(10). You may want to use ReplaceLineEndings with EndOfLine.Unix to convert before passing key.

See also:

• SignData(data as string, key as string, Password as string = "") as string

OpenSSLMBS.SignRSAPSS(data as string, key as string, Password as string = "", Algorithm as Integer, SaltLength as Integer = -1) as string   New in 25.5

Var data As String = "Hello World"
Var NoPassword As String = ""

// sign it
Var Signature As String = OpenSSLMBS.SignRSAPSS(data, priv, NoPassword, OpenSSLMBS.kAlgorithmSHA512)

// this is valid
Var valid As Boolean = OpenSSLMBS.VerifyRSAPSS(data, Signature, pub,NoPassword, OpenSSLMBS.kAlgorithmSHA512)

// if we alter signature, it becomes invalid
Var notvalid As Boolean = OpenSSLMBS.VerifyRSAPSS(data, "-"+Signature, pub,NoPassword, OpenSSLMBS.kAlgorithmSHA512)

Break

Similar to SignData function.

Returns signature. Use EncodeHex or EncodeBase64 to make a text representation.

Internally we make a hash of the data with given algorithm, open the private RSA key and do a RSA sign operation. We return the raw signature as a string bytes.
On any error, we return an empty string and raise an exception.
Optional you can pass a password to read password protected keys.

May fail to read key data if line endings are wrong. Seems not to like Chr(13) and preferes Chr(10). You may want to use ReplaceLineEndings with EndOfLine.Unix to convert before passing key.

OpenSSLMBS.SMimePKCS7Decrypt(InputData as string, Certificate as X509MBS, SignKey as PKeyMBS) as String

Raises nil object exception if certificate or key is nil.
Returns empty text on error.

Some examples using this method:

• /Encryption/SMime/SMime Test

OpenSSLMBS.SMimePKCS7Encrypt(InputData as string, Certificate as X509MBS) as String

Raises nil object exception if certificate is nil.
Returns empty text on error.

Some examples using this method:

• /Encryption/SMime/SMime Test

OpenSSLMBS.SMimePKCS7Sign(InputData as string, Certificate as X509MBS, SignKey as PKeyMBS) as String

Raises nil object exception if certificate or key is nil.
Returns empty text on error.

Some examples using this method:

• /Encryption/SMime/SMime Test

OpenSSLMBS.SMimePKCS7Verify(InputData as string, Certificate as X509MBS) as String

Raises nil object exception if certificate is nil.
Returns empty text on error.

Some examples using this method:

• /Encryption/SMime/SMime Test

OpenSSLMBS.VerifyData(data as string, Signature as string, Key as string, Password as string = "") as boolean

Key can be the public or private key, but of course normally you use the public key.
Data is the raw data to compare agains. A SHA1 hash is performed and verified with the signature.
Signature must be the string returned like from SignData function. If you used EncodeHex on it, you now need to do DecodeHex.
Returns true if signature is valid and false on any other error.
Optional you can pass a password to read password protected keys.

See also:

• VerifyData(data as string, Signature as string, Key as string, Password as string = "", Algorithm as Integer) as boolean

OpenSSLMBS.VerifyData(data as string, Signature as string, Key as string, Password as string = "", Algorithm as Integer) as boolean

Var test_pem         as string = ReadFile("test.pem")
Var test_pub         as string = ReadFile("test.pub")
Var data             as string = ReadFile("Create Keys.rtf") // some data file
Var signature        as string

// create signature

Signature = OpenSSLMBS.SignData(data, test_pem, OpenSSLMBS.kAlgorithmSHA512)
if Signature = "" then
  // failed
  break
end if

// verify with private key
Var r1 as Boolean = OpenSSLMBS.VerifyData(data, signature, test_pem, OpenSSLMBS.kAlgorithmSHA512)

// verify with public key
Var r2 as Boolean = OpenSSLMBS.VerifyData(data, signature, test_pub, OpenSSLMBS.kAlgorithmSHA512)

Key can be the public or private key, but of course normally you use the public key.
Data is the raw data to compare agains. A hash is performed with given algorithm and verified with the signature.
Signature must be the string returned like from SignData function. If you used EncodeHex on it, you now need to do DecodeHex.
Returns true if signature is valid and false on any other error.
Optional you can pass a password to read password protected keys.

See also:

• VerifyData(data as string, Signature as string, Key as string, Password as string = "") as boolean

OpenSSLMBS.VerifyRSAPSS(data as string, Signature as string, Key as string, Password as string = "", Algorithm as Integer, SaltLength as Integer = -1) as boolean   New in 25.5

Similar to VerifyData function.

Key can be the public or private key, but of course normally you use the public key.
Data is the raw data to compare agains. A hash is performed with given algorithm and verified with the signature.
Signature must be the string returned like from SignData function. If you used EncodeHex on it, you now need to do DecodeHex.
Returns true if signature is valid and false on any other error. May raise exceptions for fatal errors.
Optional you can pass a password to read password protected keys.