Platforms to show: All Mac Windows Linux Cross-Platform

The module OpenSSLMBS

module OpenSSLMBS
Type Topic Plugin Version macOS Windows Linux iOS Targets
module Encryption and Hash MBS Encryption Plugin 13.4 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
A module for OpenSSL functions.

Please request what you miss here.

  • 26 methods
    • method CipherNames as String()
    • method DigestNames as String()
    • method ErrorString(ErrorCode as Integer) as string
    • method GeneratePrivateKey(Bits as Integer = 4096, Exp as Integer = 65537, Password as string = "", Algorithm as string = "") as string
    • method GetPublicKey(PrivateKey as String, PrivateKeyPassword as string = "") as string
    • method OpenSSLVersion as String
    • method PKCS7Sign(flags as Integer, InputData as string, SignKey as string, PrivateKey as String, PrivateKeyPassword as string, intermediaCertsData() as string, OutputBinary as boolean) as string
    • method PKCS7SignData(Certificate as X509MBS, PrivateKey as PKeyMBS, certs() as X509MBS = nil, data as string, flags as Integer = 0) as string
    • method PKCS7SignedData(DataP7M as String) as String
    • method ProviderNames as String()
    • method RandomBytes(count as Integer) as MemoryBlock
    • method RandomBytesString(count as Integer) as String
    • method RSAPrivateDecrypt(data as string, PrivateKey as string, padding as Integer = 1, Password as string = "") as String
    • method RSAPrivateEncrypt(data as string, PrivateKey as string, padding as Integer = 1, Password as string = "") as String
    • method RSAPublicDecrypt(data as string, PublicKey as string, padding as Integer = 1, Password as string = "") as String
    • method RSAPublicEncrypt(data as string, PublicKey as string, padding as Integer = 1, Password as string = "") as String
    • method SignData(data as string, key as string, Password as string = "") as string
    • method SignData(data as string, key as string, Password as string = "", Algorithm as Integer) as string
    • method SignRSAPSS(data as string, key as string, Password as string = "", Algorithm as Integer, SaltLength as Integer = -1) as string
    • method SMimePKCS7Decrypt(InputData as string, Certificate as X509MBS, SignKey as PKeyMBS) as String
    • method SMimePKCS7Encrypt(InputData as string, Certificate as X509MBS) as String
    • method SMimePKCS7Sign(InputData as string, Certificate as X509MBS, SignKey as PKeyMBS) as String
    • method SMimePKCS7Verify(InputData as string, Certificate as X509MBS) as String
    • method VerifyData(data as string, Signature as string, Key as string, Password as string = "") as boolean
    • method VerifyData(data as string, Signature as string, Key as string, Password as string = "", Algorithm as Integer) as boolean
    • method VerifyRSAPSS(data as string, Signature as string, Key as string, Password as string = "", Algorithm as Integer, SaltLength as Integer = -1) as boolean
  • 14 constants

Hash Algorithms

Constant Value Description
kAlgorithmSHA1 1 SHA 1.
kAlgorithmSHA224 2 SHA 2 with 224bit.
kAlgorithmSHA256 3 SHA 2 with 256bit.
kAlgorithmSHA384 4 SHA 2 with 384bit.
kAlgorithmSHA512 5 SHA 2 with 512bit.

Padding Options

Constant Value Description
kPaddingNone 3 Raw RSA encryption. This mode should only be used to implement cryptographically sound padding modes in the application code. Encrypting user data directly with RSA is insecure.
kPaddingPKCS1 1 PKCS #1 v1.5 padding. This currently is the most widely used mode.
kPaddingPKCS1OAEP 4 EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty encoding parameter. This mode is recommended for all new applications.
kPaddingSSLv23 2 PKCS #1 v1.5 padding with an SSL-specific modification that denotes that the server is SSL3 capable.
kPaddingX931 5 X931 padding.

PSS SaltLengths

Constant Value Description
kRSA_PSS_SALTLEN_AUTO -2 Verify only: auto detect salt length.
kRSA_PSS_SALTLEN_AUTO_DIGEST_MAX -4 Set salt length to maximum possible
kRSA_PSS_SALTLEN_DIGEST -1 Salt length matches digest.
kRSA_PSS_SALTLEN_MAX -3 Auto-detect on verify, set salt length to min(maximum possible, digest * length) on sign

Some examples which use this module:

Blog Entries

Xojo Developer Magazine

Release notes

  • Version 26.0
    • Added SaltLength parameter and related constants for VerifyRSAPSS and SignRSAPSS methods in OpenSSLMBS module.
  • Version 25.5
    • Added SignRSAPSS and VerifyRSAPSS to OpenSSLMBS module for 2048-bit RSA electronic signature with PSS padding and SHA-256.
    • Fixed bug in password passing for GetPublicKey and GeneratePrivateKey function in OpenSSLMBS module.
  • Version 25.3
    • Added ProviderNames function to OpenSSLMBS module.
  • Version 24.3
    • Improved error messages for exceptions raised in OpenSSLMBS module to contain more details.
  • Version 20.5
    • Fixed a bug in OpenSSLMBS.VerifyData where it reported an error in reading key.
  • Version 20.0
    • Added RandomBytes and RandomBytesString methods to OpenSSLMBS module.
  • Version 19.3
    • Added OpenSSLMBS.PKCS7SignedData function to read data from P7M files.
  • Version 18.4
  • Version 18.0

The items on this page are in the following plugins: MBS Encryption Plugin.


The biggest plugin in space...