cryptostore-0.3.1.0: Serialization of cryptographic data types
LicenseBSD-style
MaintainerOlivier Chéron <olivier.cheron@gmail.com>
Stabilityexperimental
Portabilityunknown
Safe HaskellSafe-Inferred
LanguageHaskell2010

Crypto.Store.PKCS5

Description

Password-Based Cryptography, aka PKCS #5.

Synopsis

Documentation

data ProtectionPassword Source #

A password stored as a sequence of UTF-8 bytes.

Some key-derivation functions add restrictions to what characters are supported.

The data type provides a special value emptyNotTerminated that is used as alternate representation of empty passwords on some systems and that produces encryption results different than an empty bytearray.

Conversion to/from a regular sequence of bytes is possible with functions toProtectionPassword and fromProtectionPassword.

Beware: the fromString implementation correctly handles multi-byte characters, so here is not equivalent to the ByteString counterpart.

emptyNotTerminated :: ProtectionPassword Source #

A value denoting an empty password, but having a special encoding when deriving a symmetric key on some systems, like the certificate export wizard on Windows.

This value is different from toProtectionPassword "" and can be tried when decrypting content with a password known to be empty.

fromProtectionPassword :: ProtectionPassword -> ByteString Source #

Extract the UTF-8 bytes in a password value.

toProtectionPassword :: ByteString -> ProtectionPassword Source #

Build a password value from a sequence of UTF-8 bytes.

When the password is empty, the special value emptyNotTerminated may be tried as well.

type EncryptedContent = ByteString Source #

Encrypted content.

High-level API

data PKCS5 Source #

Content encrypted with a Password-Based Encryption Scheme (PBES).

The content will usually be the binary representation of an ASN.1 object, however the transformation may be applied to any bytestring.

Constructors

PKCS5 

Fields

Instances

Instances details
ASN1Object PKCS5 Source # 
Instance details

Defined in Crypto.Store.PKCS5

Show PKCS5 Source # 
Instance details

Defined in Crypto.Store.PKCS5

Methods

showsPrec :: Int -> PKCS5 -> ShowS #

show :: PKCS5 -> String #

showList :: [PKCS5] -> ShowS #

Eq PKCS5 Source # 
Instance details

Defined in Crypto.Store.PKCS5

Methods

(==) :: PKCS5 -> PKCS5 -> Bool #

(/=) :: PKCS5 -> PKCS5 -> Bool #

encrypt :: EncryptionScheme -> ProtectionPassword -> ByteString -> Either StoreError PKCS5 Source #

Encrypt a bytestring with the specified encryption scheme and password.

decrypt :: PKCS5 -> ProtectionPassword -> Either StoreError ByteString Source #

Decrypt the PKCS #5 content with the specified password.

Encryption schemes

data EncryptionScheme Source #

Password-Based Encryption Scheme (PBES).

Constructors

PBES2 PBES2Parameter

PBES2

PBE_MD5_DES_CBC PBEParameter

pbeWithMD5AndDES-CBC

PBE_SHA1_DES_CBC PBEParameter

pbeWithSHA1AndDES-CBC

PBE_SHA1_RC4_128 PBEParameter

pbeWithSHAAnd128BitRC4

PBE_SHA1_RC4_40 PBEParameter

pbeWithSHAAnd40BitRC4

PBE_SHA1_DES_EDE3_CBC PBEParameter

pbeWithSHAAnd3-KeyTripleDES-CBC

PBE_SHA1_DES_EDE2_CBC PBEParameter

pbeWithSHAAnd2-KeyTripleDES-CBC

PBE_SHA1_RC2_128 PBEParameter

pbeWithSHAAnd128BitRC2-CBC

PBE_SHA1_RC2_40 PBEParameter

pbewithSHAAnd40BitRC2-CBC

data PBEParameter Source #

PBES1 parameters.

Constructors

PBEParameter 

Fields

Instances

Instances details
Show PBEParameter Source # 
Instance details

Defined in Crypto.Store.PKCS5.PBES1

Eq PBEParameter Source # 
Instance details

Defined in Crypto.Store.PKCS5.PBES1

data PBES2Parameter Source #

PBES2 parameters.

Constructors

PBES2Parameter 

Fields

Instances

Instances details
Show PBES2Parameter Source # 
Instance details

Defined in Crypto.Store.PKCS5

Eq PBES2Parameter Source # 
Instance details

Defined in Crypto.Store.PKCS5

Key derivation

data KeyDerivationFunc Source #

Key derivation algorithm and associated parameters.

Constructors

PBKDF2

Key derivation with PBKDF2

Fields

Scrypt

Key derivation with Scrypt

Fields

data PBKDF2_PRF Source #

Pseudorandom function used for PBKDF2.

Constructors

PBKDF2_SHA1

hmacWithSHA1

PBKDF2_SHA256

hmacWithSHA256

PBKDF2_SHA512

hmacWithSHA512

Instances

Instances details
OIDNameable PBKDF2_PRF Source # 
Instance details

Defined in Crypto.Store.CMS.Algorithms

OIDable PBKDF2_PRF Source # 
Instance details

Defined in Crypto.Store.CMS.Algorithms

Show PBKDF2_PRF Source # 
Instance details

Defined in Crypto.Store.CMS.Algorithms

Eq PBKDF2_PRF Source # 
Instance details

Defined in Crypto.Store.CMS.Algorithms

type Salt = ByteString Source #

Salt value used for key derivation.

generateSalt :: MonadRandom m => Int -> m Salt Source #

Generate a random salt with the specified length in bytes. To be most effective, the length should be at least 8 bytes.

Content encryption

data ContentEncryptionAlg Source #

Cipher and mode of operation for content encryption.

Constructors

forall c.BlockCipher c => ECB (ContentEncryptionCipher c)

Electronic Codebook

forall c.BlockCipher c => CBC (ContentEncryptionCipher c)

Cipher Block Chaining

CBC_RC2

RC2 in CBC mode

forall c.BlockCipher c => CFB (ContentEncryptionCipher c)

Cipher Feedback

forall c.BlockCipher c => CTR (ContentEncryptionCipher c)

Counter

data ContentEncryptionCipher cipher where Source #

CMS content encryption cipher.

Constructors

DES :: ContentEncryptionCipher DES

DES

DES_EDE2 :: ContentEncryptionCipher DES_EDE2

Triple-DES with 2 keys used in alternative direction

DES_EDE3 :: ContentEncryptionCipher DES_EDE3

Triple-DES with 3 keys used in alternative direction

AES128 :: ContentEncryptionCipher AES128

AES with 128-bit key

AES192 :: ContentEncryptionCipher AES192

AES with 192-bit key

AES256 :: ContentEncryptionCipher AES256

AES with 256-bit key

CAST5 :: ContentEncryptionCipher CAST5

CAST5 (aka CAST-128) with key between 40 and 128 bits

Camellia128 :: ContentEncryptionCipher Camellia128

Camellia with 128-bit key

Instances

Instances details
Show (ContentEncryptionCipher cipher) Source # 
Instance details

Defined in Crypto.Store.CMS.Algorithms

Eq (ContentEncryptionCipher cipher) Source # 
Instance details

Defined in Crypto.Store.CMS.Algorithms

generateEncryptionParams :: MonadRandom m => ContentEncryptionAlg -> m ContentEncryptionParams Source #

Generate random parameters for the specified content encryption algorithm.

Low-level API

pbEncrypt :: EncryptionScheme -> ByteString -> ProtectionPassword -> Either StoreError EncryptedContent Source #

Encrypt a bytestring with the specified encryption scheme and password.

pbDecrypt :: EncryptionScheme -> EncryptedContent -> ProtectionPassword -> Either StoreError ByteString Source #

Decrypt an encrypted bytestring with the specified encryption scheme and password.