License	BSD-style
Maintainer	Olivier Chéron <olivier.cheron@gmail.com>
Stability	experimental
Portability	unknown
Safe Haskell	None
Language	Haskell2010

Crypto.Store.PKCS5

Contents

High-level API
Encryption schemes
Key derivation
Content encryption
Low-level API

Description

Password-Based Cryptography, aka PKCS #5.

Synopsis

type Password = ByteString
type EncryptedContent = ByteString
data PKCS5 = PKCS5 {
- encryptionAlgorithm :: EncryptionScheme
- encryptedData :: EncryptedContent
}
encrypt :: EncryptionScheme -> Password -> ByteString -> Either StoreError PKCS5
decrypt :: PKCS5 -> Password -> Either StoreError ByteString
data EncryptionScheme
data PBEParameter = PBEParameter {
- pbeSalt :: Salt
- pbeIterationCount :: Int
}
data PBES2Parameter = PBES2Parameter {
- pbes2KDF :: KeyDerivationFunc
- pbes2EScheme :: ContentEncryptionParams
}
data KeyDerivationFunc
- = PBKDF2 {
  - pbkdf2Salt :: Salt
  - pbkdf2IterationCount :: Int
  - pbkdf2KeyLength :: Maybe Int
  - pbkdf2Prf :: PBKDF2_PRF
  }
- | Scrypt {
  - scryptSalt :: Salt
  - scryptN :: Word64
  - scryptR :: Int
  - scryptP :: Int
  - scryptKeyLength :: Maybe Int
  }
data PBKDF2_PRF
- = PBKDF2_SHA1
- | PBKDF2_SHA256
- | PBKDF2_SHA512
type Salt = ByteString
generateSalt :: MonadRandom m => Int -> m Salt
data ContentEncryptionParams
data ContentEncryptionAlg
- = BlockCipher c => ECB (ContentEncryptionCipher c)
- | BlockCipher c => CBC (ContentEncryptionCipher c)
- | CBC_RC2
- | BlockCipher c => CFB (ContentEncryptionCipher c)
- | BlockCipher c => CTR (ContentEncryptionCipher c)
data ContentEncryptionCipher cipher where
generateEncryptionParams :: MonadRandom m => ContentEncryptionAlg -> m ContentEncryptionParams
getContentEncryptionAlg :: ContentEncryptionParams -> ContentEncryptionAlg
pbEncrypt :: EncryptionScheme -> ByteString -> Password -> Either StoreError EncryptedContent
pbDecrypt :: EncryptionScheme -> EncryptedContent -> Password -> Either StoreError ByteString

Documentation

type Password = ByteString Source #

A password stored as a sequence of UTF-8 bytes.

Some key-derivation functions add restrictions to what characters are supported.

type EncryptedContent = ByteString Source #

Encrypted content.

High-level API

data PKCS5 Source #

Content encrypted with a Password-Based Encryption Scheme (PBES).

The content will usually be the binary representation of an ASN.1 object, however the transformation may be applied to any bytestring.

Constructors

PKCS5
Fields encryptionAlgorithm :: EncryptionScheme Scheme used to encrypt content encryptedData :: EncryptedContent Encrypted content

Instances

Eq PKCS5 Source #
Instance details Defined in Crypto.Store.PKCS5 Methods (==) :: PKCS5 -> PKCS5 -> Bool # (/=) :: PKCS5 -> PKCS5 -> Bool #
Show PKCS5 Source #
Instance details Defined in Crypto.Store.PKCS5 Methods showsPrec :: Int -> PKCS5 -> ShowS # show :: PKCS5 -> String # showList :: [PKCS5] -> ShowS #
ASN1Object PKCS5 Source #
Instance details Defined in Crypto.Store.PKCS5 Methods toASN1 :: PKCS5 -> ASN1S # fromASN1 :: [ASN1] -> Either String (PKCS5, [ASN1]) #

encrypt :: EncryptionScheme -> Password -> ByteString -> Either StoreError PKCS5 Source #

Encrypt a bytestring with the specified encryption scheme and password.

decrypt :: PKCS5 -> Password -> Either StoreError ByteString Source #

Decrypt the PKCS #5 content with the specified password.

Encryption schemes

data EncryptionScheme Source #

Password-Based Encryption Scheme (PBES).

Constructors

PBES2 PBES2Parameter	PBES2
PBE_MD5_DES_CBC PBEParameter	pbeWithMD5AndDES-CBC
PBE_SHA1_DES_CBC PBEParameter	pbeWithSHA1AndDES-CBC
PBE_SHA1_RC4_128 PBEParameter	pbeWithSHAAnd128BitRC4
PBE_SHA1_RC4_40 PBEParameter	pbeWithSHAAnd40BitRC4
PBE_SHA1_DES_EDE3_CBC PBEParameter	pbeWithSHAAnd3-KeyTripleDES-CBC
PBE_SHA1_DES_EDE2_CBC PBEParameter	pbeWithSHAAnd2-KeyTripleDES-CBC
PBE_SHA1_RC2_128 PBEParameter	pbeWithSHAAnd128BitRC2-CBC
PBE_SHA1_RC2_40 PBEParameter	pbewithSHAAnd40BitRC2-CBC

Instances

Eq EncryptionScheme Source #
Instance details Defined in Crypto.Store.PKCS5 Methods (==) :: EncryptionScheme -> EncryptionScheme -> Bool # (/=) :: EncryptionScheme -> EncryptionScheme -> Bool #
Show EncryptionScheme Source #
Instance details Defined in Crypto.Store.PKCS5 Methods showsPrec :: Int -> EncryptionScheme -> ShowS # show :: EncryptionScheme -> String # showList :: [EncryptionScheme] -> ShowS #

data PBEParameter Source #

PBES1 parameters.

Constructors

PBEParameter
Fields pbeSalt :: Salt 8-octet salt value pbeIterationCount :: Int Iteration count

Instances

Eq PBEParameter Source #
Instance details Defined in Crypto.Store.PKCS5.PBES1 Methods (==) :: PBEParameter -> PBEParameter -> Bool # (/=) :: PBEParameter -> PBEParameter -> Bool #
Show PBEParameter Source #
Instance details Defined in Crypto.Store.PKCS5.PBES1 Methods showsPrec :: Int -> PBEParameter -> ShowS # show :: PBEParameter -> String # showList :: [PBEParameter] -> ShowS #

data PBES2Parameter Source #

PBES2 parameters.

Constructors

PBES2Parameter
Fields pbes2KDF :: KeyDerivationFunc Key derivation function pbes2EScheme :: ContentEncryptionParams Underlying encryption scheme

Instances

Eq PBES2Parameter Source #
Instance details Defined in Crypto.Store.PKCS5 Methods (==) :: PBES2Parameter -> PBES2Parameter -> Bool # (/=) :: PBES2Parameter -> PBES2Parameter -> Bool #
Show PBES2Parameter Source #
Instance details Defined in Crypto.Store.PKCS5 Methods showsPrec :: Int -> PBES2Parameter -> ShowS # show :: PBES2Parameter -> String # showList :: [PBES2Parameter] -> ShowS #

Key derivation

data KeyDerivationFunc Source #

Key derivation algorithm and associated parameters.

Constructors

PBKDF2	Key derivation with PBKDF2
Fields pbkdf2Salt :: Salt Salt value pbkdf2IterationCount :: Int Iteration count pbkdf2KeyLength :: Maybe Int Optional key length pbkdf2Prf :: PBKDF2_PRF Pseudorandom function
Scrypt	Key derivation with Scrypt
Fields scryptSalt :: Salt Salt value scryptN :: Word64 N value scryptR :: Int R value scryptP :: Int P value scryptKeyLength :: Maybe Int Optional key length

Instances

Eq KeyDerivationFunc Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods (==) :: KeyDerivationFunc -> KeyDerivationFunc -> Bool # (/=) :: KeyDerivationFunc -> KeyDerivationFunc -> Bool #
Show KeyDerivationFunc Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> KeyDerivationFunc -> ShowS # show :: KeyDerivationFunc -> String # showList :: [KeyDerivationFunc] -> ShowS #

data PBKDF2_PRF Source #

Pseudorandom function used for PBKDF2.

Constructors

PBKDF2_SHA1	hmacWithSHA1
PBKDF2_SHA256	hmacWithSHA256
PBKDF2_SHA512	hmacWithSHA512

Instances

Eq PBKDF2_PRF Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods (==) :: PBKDF2_PRF -> PBKDF2_PRF -> Bool # (/=) :: PBKDF2_PRF -> PBKDF2_PRF -> Bool #
Show PBKDF2_PRF Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> PBKDF2_PRF -> ShowS # show :: PBKDF2_PRF -> String # showList :: [PBKDF2_PRF] -> ShowS #
OIDable PBKDF2_PRF Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods getObjectID :: PBKDF2_PRF -> OID #
OIDNameable PBKDF2_PRF Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods fromObjectID :: OID -> Maybe PBKDF2_PRF #

type Salt = ByteString Source #

Salt value used for key derivation.

generateSalt :: MonadRandom m => Int -> m Salt Source #

Generate a random salt with the specified length in bytes. To be most effective, the length should be at least 8 bytes.

Content encryption

data ContentEncryptionParams Source #

Content encryption algorithm with associated parameters (i.e. the initialization vector).

A value can be generated with generateEncryptionParams.

Instances

Eq ContentEncryptionParams Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods (==) :: ContentEncryptionParams -> ContentEncryptionParams -> Bool # (/=) :: ContentEncryptionParams -> ContentEncryptionParams -> Bool #
Show ContentEncryptionParams Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> ContentEncryptionParams -> ShowS # show :: ContentEncryptionParams -> String # showList :: [ContentEncryptionParams] -> ShowS #
HasKeySize ContentEncryptionParams Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods getKeySizeSpecifier :: ContentEncryptionParams -> KeySizeSpecifier Source #

data ContentEncryptionAlg Source #

Cipher and mode of operation for content encryption.

Constructors

BlockCipher c => ECB (ContentEncryptionCipher c)	Electronic Codebook
BlockCipher c => CBC (ContentEncryptionCipher c)	Cipher Block Chaining
CBC_RC2	RC2 in CBC mode
BlockCipher c => CFB (ContentEncryptionCipher c)	Cipher Feedback
BlockCipher c => CTR (ContentEncryptionCipher c)	Counter

Instances

Show ContentEncryptionAlg Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> ContentEncryptionAlg -> ShowS # show :: ContentEncryptionAlg -> String # showList :: [ContentEncryptionAlg] -> ShowS #
OIDable ContentEncryptionAlg Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods getObjectID :: ContentEncryptionAlg -> OID #
OIDNameable ContentEncryptionAlg Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods fromObjectID :: OID -> Maybe ContentEncryptionAlg #

data ContentEncryptionCipher cipher where Source #

CMS content encryption cipher.

Constructors

DES :: ContentEncryptionCipher DES	DES
DES_EDE2 :: ContentEncryptionCipher DES_EDE2	Triple-DES with 2 keys used in alternative direction
DES_EDE3 :: ContentEncryptionCipher DES_EDE3	Triple-DES with 3 keys used in alternative direction
AES128 :: ContentEncryptionCipher AES128	AES with 128-bit key
AES192 :: ContentEncryptionCipher AES192	AES with 192-bit key
AES256 :: ContentEncryptionCipher AES256	AES with 256-bit key
CAST5 :: ContentEncryptionCipher CAST5	CAST5 (aka CAST-128) with key between 40 and 128 bits
Camellia128 :: ContentEncryptionCipher Camellia128	Camellia with 128-bit key

Instances

Eq (ContentEncryptionCipher cipher) Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods (==) :: ContentEncryptionCipher cipher -> ContentEncryptionCipher cipher -> Bool # (/=) :: ContentEncryptionCipher cipher -> ContentEncryptionCipher cipher -> Bool #
Show (ContentEncryptionCipher cipher) Source #
Instance details Defined in Crypto.Store.CMS.Algorithms Methods showsPrec :: Int -> ContentEncryptionCipher cipher -> ShowS # show :: ContentEncryptionCipher cipher -> String # showList :: [ContentEncryptionCipher cipher] -> ShowS #

generateEncryptionParams :: MonadRandom m => ContentEncryptionAlg -> m ContentEncryptionParams Source #

Generate random parameters for the specified content encryption algorithm.

getContentEncryptionAlg :: ContentEncryptionParams -> ContentEncryptionAlg Source #

Get the content encryption algorithm.

Low-level API

pbEncrypt :: EncryptionScheme -> ByteString -> Password -> Either StoreError EncryptedContent Source #

Encrypt a bytestring with the specified encryption scheme and password.

pbDecrypt :: EncryptionScheme -> EncryptedContent -> Password -> Either StoreError ByteString Source #

Decrypt an encrypted bytestring with the specified encryption scheme and password.