Platforms to show: All Mac Windows Linux Cross-Platform

Back to OpenSSLMBS module.

OpenSSLMBS.ErrorString(ErrorCode as Integer) as string

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 14.0 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Queries the human readable error string for an OpenSSL error.
Example
MsgBox OpenSSLMBS.ErrorString(336109761)

OpenSSLMBS.GeneratePrivateKey(Bits as Integer = 4096, Exp as Integer = 65537, Password as string = "", Algorithm as string = "") as string

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 16.2 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Generates a new private key.
Example
dim privateKey as string = OpenSSLMBS.GeneratePrivateKey
dim publicKey as string = OpenSSLMBS.GetPublicKey(privateKey)

break // got key pair

Bit size of key should be high.
See RSA key documentation on the web about details.

In Plugin version 16.2 and later this function yields time to other Xojo threads.
Algorithm specifies the encryption algorithm for key encryption. See CipherMBS for cipher names, e.g. "AES-128-CBC". (new in 17.5)

OpenSSLMBS.GetPublicKey(PrivateKey as String, PrivateKeyPassword as string = "") as string

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 16.2 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Extracts public key from private key.
Example
dim privateKey as string = OpenSSLMBS.GeneratePrivateKey
dim publicKey as string = OpenSSLMBS.GetPublicKey(privateKey)

break // got key pair

Optionally you can define a password for private key.

OpenSSLMBS.OpenSSLVersion as String

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 16.2 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Queries version of OpenSSL version.
Example
MsgBox OpenSSLMBS.OpenSSLVersion

OpenSSLMBS.PKCS7Sign(flags as Integer, InputData as string, SignKey as string, PrivateKey as String, PrivateKeyPassword as string, intermediaCertsData() as string, OutputBinary as boolean) as string

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 15.1 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Signs with SMIME.
Example
dim testPrivKey      as string = ReadFile("passkey.pem")
dim testCertificate as string = ReadFile("passcertificate.pem")
dim data as string = ReadFile("test.txt")
dim privKeyPassword as string = "12345"

dim intermediateCertificates() as string
intermediateCertificates.Append ReadFile("WWDR.pem")
dim Sign as string = OpenSSLMBS.PKCS7Sign(0, data, testCertificate, testPrivKey, privKeyPassword, intermediateCertificates, true)

// write result
dim f as FolderItem = SpecialFolder.Desktop.Child("output")
dim b as BinaryStream = BinaryStream.Create(f, true)
b.Write sign

Returns the signature. If OutputBinary is true, we use DER output, else text based output.
intermediaCertsData array can be empty if you have no intermediate certificates.

OpenSSLMBS.PKCS7SignData(Certificate as X509MBS, PrivateKey as PKeyMBS, certs() as X509MBS = nil, data as string, flags as Integer = 0) as string

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 18.0 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Signs with PKCS7.

Returns the signature (binary format = DER).
intermediaCertsData array can be empty or nil if you have no intermediate certificates.

Some examples using this method:

OpenSSLMBS.PKCS7SignedData(DataP7M as String) as String

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 19.3 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Reads content of signed data in PKCS7 file.
Example
// get a file
Dim f As FolderItem = GetFolderItem("/Users/cs/Desktop/p7m/work.xml.p7m", FolderItem.PathTypeNative)

// read
Dim b As BinaryStream = BinaryStream.Open(f)
Dim s As String = b.Read(b.Length)

// decode
Dim data As String = OpenSSLMBS.PKCS7SignedData(s)

Break

Please pass content of a P7M file, so we can read signed content.
Returns data or empty string if this failed.

OpenSSLMBS.RandomBytes(count as Integer) as MemoryBlock

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 20.0 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Generates random bytes.
Example
Dim m As MemoryBlock = OpenSSLMBS.RandomBytes(16)
MsgBox EncodeHex(m)

Puts count cryptographically strong pseudo-random bytes into MemoryBlock.

OpenSSLMBS.RandomBytesString(count as Integer) as String

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 20.0 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Generates random bytes.
Example
Dim p As String = OpenSSLMBS.RandomBytesString(16)
MsgBox EncodeHex(p)

Puts count cryptographically strong pseudo-random bytes into string.

OpenSSLMBS.RSAPrivateDecrypt(data as string, PrivateKey as string, padding as Integer = 1, Password as string = "") as String

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 16.2 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Decrypts data using private key.
Example
// encrypt with public, decrypt with private key

dim f1 as FolderItem = GetFolderItem("test.pem")
dim b1 as BinaryStream = BinaryStream.Open(f1)
dim PrivKey as string = B1.Read(b1.Length)

dim f2 as FolderItem = GetFolderItem("test.pub")
dim b2 as BinaryStream = BinaryStream.Open(f2)
dim PubKey as string = B2.Read(b2.Length)

dim UnencryptedData as string = "Hello World. This is just a test."
dim EncryptedData as string = OpenSSLMBS.RSAPublicEncrypt(UnencryptedData, PubKey)
dim decryptedData as string = OpenSSLMBS.RSAPrivateDecrypt(EncryptedData, PrivKey)

Break // check in debugger

See kPadding constants for Padding parameter.
Password is optional for decrypting encrypted keys.
Returns empty string on failure or raises exceptions.

RSA can only decrypt data if it's <= length of key.

Some examples using this method:

OpenSSLMBS.RSAPrivateEncrypt(data as string, PrivateKey as string, padding as Integer = 1, Password as string = "") as String

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 16.2 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Encrypts data using private key.
Example
// encrypt with private, decrypt with public key

dim f1 as FolderItem = GetFolderItem("test.pem")
dim b1 as BinaryStream = BinaryStream.Open(f1)
dim PrivKey as string = B1.Read(b1.Length)

dim f2 as FolderItem = GetFolderItem("test.pub")
dim b2 as BinaryStream = BinaryStream.Open(f2)
dim PubKey as string = B2.Read(b2.Length)

dim UnencryptedData as string = "Hello World. This is just a test."
dim EncryptedData as string = OpenSSLMBS.RSAPrivateEncrypt(UnencryptedData, PrivKey)
dim decryptedData as string = OpenSSLMBS.RSAPublicDecrypt(EncryptedData, PubKey)

Break // check in debugger

See kPadding constants for Padding parameter.
Password is optional for decrypting encrypted keys.
Returns empty string on failure or raises exceptions.

RSA can only encrypt data if it's <= length of key.

Some examples using this method:

OpenSSLMBS.RSAPublicDecrypt(data as string, PublicKey as string, padding as Integer = 1, Password as string = "") as String

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 16.2 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Decrypts data using public key.
Example
// encrypt with private, decrypt with public key

dim f1 as FolderItem = GetFolderItem("test.pem")
dim b1 as BinaryStream = BinaryStream.Open(f1)
dim PrivKey as string = B1.Read(b1.Length)

dim f2 as FolderItem = GetFolderItem("test.pub")
dim b2 as BinaryStream = BinaryStream.Open(f2)
dim PubKey as string = B2.Read(b2.Length)

dim UnencryptedData as string = "Hello World. This is just a test."
dim EncryptedData as string = OpenSSLMBS.RSAPrivateEncrypt(UnencryptedData, PrivKey)
dim decryptedData as string = OpenSSLMBS.RSAPublicDecrypt(EncryptedData, PubKey)

Break // check in debugger

See kPadding constants for Padding parameter.
Password is optional for decrypting encrypted keys.
Returns empty string on failure or raises exceptions.

RSA can only decrypt data if it's <= length of key.

Some examples using this method:

OpenSSLMBS.RSAPublicEncrypt(data as string, PublicKey as string, padding as Integer = 1, Password as string = "") as String

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 16.2 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Encrypts data using public key.
Example
// encrypt with public, decrypt with private key

dim f1 as FolderItem = GetFolderItem("test.pem")
dim b1 as BinaryStream = BinaryStream.Open(f1)
dim PrivKey as string = B1.Read(b1.Length)

dim f2 as FolderItem = GetFolderItem("test.pub")
dim b2 as BinaryStream = BinaryStream.Open(f2)
dim PubKey as string = B2.Read(b2.Length)

dim UnencryptedData as string = "Hello World. This is just a test."
dim EncryptedData as string = OpenSSLMBS.RSAPublicEncrypt(UnencryptedData, PubKey)
dim decryptedData as string = OpenSSLMBS.RSAPrivateDecrypt(EncryptedData, PrivKey)

Break // check in debugger

See kPadding constants for Padding parameter.
Password is optional for decrypting encrypted keys.
Returns empty string on failure or raises exceptions.

RSA can only encrypt data if it's <= length of key.

Some examples using this method:

OpenSSLMBS.SignData(data as string, key as string, Password as string = "") as string

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 13.4 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Signs a piece of data with a given private key.
Example
dim data as string // some data
dim test as string // the private key PEM file content
dim Signature as string = OpenSSLMBS.SignData(data, test)
msgbox EncodeHex(Signature)

Returns signature. Use EncodeHex or EncodeBase64 to make a text representation.

Internally we make a SHA1 hash of the data, open the private RSA key and do a RSA sign operation. We return the raw key as a string bytes.
On any error, we return an empty string.
Optional you can pass a password to read password protected keys.

See also:

OpenSSLMBS.SignData(data as string, key as string, Password as string = "", Algorithm as Integer) as string

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 16.0 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Signs a piece of data with a given private key.
Example
dim test_pem         as string = ReadFile("test.pem")
dim test_pub as string = ReadFile("test.pub")
dim data as string = ReadFile("Create Keys.rtf") // some data file
dim signature as string

// create signature

Signature = OpenSSLMBS.SignData(data, test_pem, OpenSSLMBS.kAlgorithmSHA512)
if Signature = "" then
// failed
break
end if

// verify with private key
dim r1 as Boolean = OpenSSLMBS.VerifyData(data, signature, test_pem, OpenSSLMBS.kAlgorithmSHA256)

// verify with public key
dim r2 as Boolean = OpenSSLMBS.VerifyData(data, signature, test_pub, OpenSSLMBS.kAlgorithmSHA256)

Returns signature. Use EncodeHex or EncodeBase64 to make a text representation.

Internally we make a hash of the data with given algorithm, open the private RSA key and do a RSA sign operation. We return the raw signature as a string bytes.
On any error, we return an empty string.
Optional you can pass a password to read password protected keys.

See also:

OpenSSLMBS.SMimePKCS7Decrypt(InputData as string, Certificate as X509MBS, SignKey as PKeyMBS) as String

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 18.4 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Decrypts S/Mime PKCS#7 encrypted data.

Raises nil object exception if certificate or key is nil.
Returns empty text on error.

Some examples using this method:

OpenSSLMBS.SMimePKCS7Encrypt(InputData as string, Certificate as X509MBS) as String

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 18.4 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Encrypts data with S/Mime PKCS#7.

Raises nil object exception if certificate is nil.
Returns empty text on error.

Some examples using this method:

OpenSSLMBS.SMimePKCS7Sign(InputData as string, Certificate as X509MBS, SignKey as PKeyMBS) as String

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 18.4 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Signs data with S/Mime PKCS#7.

Raises nil object exception if certificate or key is nil.
Returns empty text on error.

Some examples using this method:

OpenSSLMBS.SMimePKCS7Verify(InputData as string, Certificate as X509MBS) as String

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 18.4 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Verifies S/Mime PKCS#7 signature.

Raises nil object exception if certificate is nil.
Returns empty text on error.

Some examples using this method:

OpenSSLMBS.VerifyData(data as string, Signature as string, Key as string, Password as string = "") as boolean

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 13.4 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Verifies a signature with given data and public key.

Key can be the public or private key, but of course normally you use the public key.
Data is the raw data to compare agains. A SHA1 hash is performed and verified with the signature.
Signature must be the string returned like from SignData function. If you used EncodeHex on it, you now need to do DecodeHex.
Returns true if signature is valid and false on any other error.
Optional you can pass a password to read password protected keys.

See also:

OpenSSLMBS.VerifyData(data as string, Signature as string, Key as string, Password as string = "", Algorithm as Integer) as boolean

Type Topic Plugin Version macOS Windows Linux iOS Targets
method Encryption and Hash MBS Encryption Plugin 16.0 ✅ Yes ✅ Yes ✅ Yes ✅ Yes All
Verifies a signature with given data and public key.
Example
dim test_pem         as string = ReadFile("test.pem")
dim test_pub as string = ReadFile("test.pub")
dim data as string = ReadFile("Create Keys.rtf") // some data file
dim signature as string

// create signature

Signature = OpenSSLMBS.SignData(data, test_pem, OpenSSLMBS.kAlgorithmSHA512)
if Signature = "" then
// failed
break
end if

// verify with private key
dim r1 as Boolean = OpenSSLMBS.VerifyData(data, signature, test_pem, OpenSSLMBS.kAlgorithmSHA512)

// verify with public key
dim r2 as Boolean = OpenSSLMBS.VerifyData(data, signature, test_pub, OpenSSLMBS.kAlgorithmSHA512)

Key can be the public or private key, but of course normally you use the public key.
Data is the raw data to compare agains. A hash is performed with given algorithm and verified with the signature.
Signature must be the string returned like from SignData function. If you used EncodeHex on it, you now need to do DecodeHex.
Returns true if signature is valid and false on any other error.
Optional you can pass a password to read password protected keys.

See also:

The items on this page are in the following plugins: MBS Encryption Plugin.


The biggest plugin in space...