{ "classes": [ { "constants": [], "types": [], "name": "@eryx/crypto/rsa", "tags": [], "functions": [ { "source": { "path": "", "line": 48 }, "is_method": false, "signature": "rsa.generateKey(\n bits: number? -- Key size in bits. Defaults to 2048. Common values: 2048, 3072, 4096.\n) → (\n string -- PEM-encoded RSA private key. \n)", "owner": "rsa", "desc": "Generates a new RSA private key and returns it as a PEM string.\n\nThe key includes all parameters needed for both encryption and\nsigning. Extract the corresponding public key with [[getPublicPem]].\n\n```luau\nlocal priv = rsa.generateKey(2048)\nlocal pub = rsa.getPublicPem(priv)\n```\n", "tags": [], "name": "generateKey", "return_str": "string", "function_type": "Function", "returns": [ { "lua_type": "string", "desc": "PEM-encoded RSA private key. " } ], "params": [ { "lua_type": "number?", "name": "bits", "desc": "Key size in bits. Defaults to 2048. Common values: 2048, 3072, 4096." } ] }, { "source": { "path": "", "line": 58 }, "is_method": false, "signature": "rsa.getPublicPem(\n private_pem: string -- PEM-encoded RSA private key.\n) → (\n string -- PEM-encoded RSA public key. \n)", "owner": "rsa", "desc": "Derives the public key from a PEM-encoded RSA private key.\n", "tags": [], "name": "getPublicPem", "return_str": "string", "function_type": "Function", "returns": [ { "lua_type": "string", "desc": "PEM-encoded RSA public key. " } ], "params": [ { "lua_type": "string", "name": "private_pem", "desc": "PEM-encoded RSA private key." } ] }, { "source": { "path": "", "line": 75 }, "is_method": false, "signature": "rsa.encryptPkcs1(\n public_pem: string, -- PEM-encoded RSA public key.\n data: buffer -- Plaintext to encrypt.\n) → (\n buffer -- Ciphertext (same length as the key modulus). \n)", "owner": "rsa", "desc": "Encrypts `data` using RSA-PKCS#1 v1.5.\n\nPKCS#1 v1.5 encryption is widely supported but has known weaknesses\n(ROBOT attack, Bleichenbacher oracle). Prefer [[encryptOaep]] for\nnew designs.\n\nMaximum plaintext size: `key_bytes - 11`.\n", "tags": [], "name": "encryptPkcs1", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Ciphertext (same length as the key modulus). " } ], "params": [ { "lua_type": "string", "name": "public_pem", "desc": "PEM-encoded RSA public key." }, { "lua_type": "buffer", "name": "data", "desc": "Plaintext to encrypt." } ] }, { "source": { "path": "", "line": 86 }, "is_method": false, "signature": "rsa.decryptPkcs1(\n private_pem: string, -- PEM-encoded RSA private key.\n data: buffer -- Ciphertext to decrypt.\n) → (\n buffer -- Plaintext. \n)", "owner": "rsa", "desc": "Decrypts RSA-PKCS#1 v1.5 ciphertext.\n", "tags": [], "name": "decryptPkcs1", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Plaintext. " } ], "params": [ { "lua_type": "string", "name": "private_pem", "desc": "PEM-encoded RSA private key." }, { "lua_type": "buffer", "name": "data", "desc": "Ciphertext to decrypt." } ] }, { "source": { "path": "", "line": 105 }, "is_method": false, "signature": "rsa.encryptOaep(\n public_pem: string, -- PEM-encoded RSA public key.\n data: buffer, -- Plaintext to encrypt.\n hash: string? -- Hash for the OAEP mask - `\"sha256\"` (default) or `\"sha1\"`.\n) → (\n buffer -- Ciphertext. \n)", "owner": "rsa", "desc": "Encrypts `data` using RSA-OAEP.\n\nOAEP (Optimal Asymmetric Encryption Padding) is the modern, secure\nRSA encryption scheme. Use `\"sha256\"` (the default) or `\"sha1\"` for\nthe OAEP hash parameter.\n\nMaximum plaintext size: `key_bytes - 2 * hash_bytes - 2`.\nFor a 2048-bit key with SHA-256: 256 - 2×32 - 2 = 190 bytes.\n", "tags": [], "name": "encryptOaep", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Ciphertext. " } ], "params": [ { "lua_type": "string", "name": "public_pem", "desc": "PEM-encoded RSA public key." }, { "lua_type": "buffer", "name": "data", "desc": "Plaintext to encrypt." }, { "lua_type": "string?", "name": "hash", "desc": "Hash for the OAEP mask - `\"sha256\"` (default) or `\"sha1\"`." } ] }, { "source": { "path": "", "line": 117 }, "is_method": false, "signature": "rsa.decryptOaep(\n private_pem: string, -- PEM-encoded RSA private key.\n data: buffer, -- Ciphertext to decrypt.\n hash: string? -- Hash for the OAEP mask - must match what was used for encryption.\n) → (\n buffer -- Plaintext. \n)", "owner": "rsa", "desc": "Decrypts RSA-OAEP ciphertext.\n", "tags": [], "name": "decryptOaep", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Plaintext. " } ], "params": [ { "lua_type": "string", "name": "private_pem", "desc": "PEM-encoded RSA private key." }, { "lua_type": "buffer", "name": "data", "desc": "Ciphertext to decrypt." }, { "lua_type": "string?", "name": "hash", "desc": "Hash for the OAEP mask - must match what was used for encryption." } ] }, { "source": { "path": "", "line": 137 }, "is_method": false, "signature": "rsa.signPkcs1(\n private_pem: string, -- PEM-encoded RSA private key.\n data: buffer, -- Message to sign.\n hash: string? -- Hash algorithm - `\"sha256\"` (default), `\"sha1\"`, `\"sha384\"`, `\"sha512\"`.\n) → (\n buffer -- Signature (same length as the key modulus). \n)", "owner": "rsa", "desc": "Signs `data` using RSA-PKCS#1 v1.5.\n\nThe data is hashed internally before signing. Supported hash values:\n`\"sha256\"` (default), `\"sha1\"`, `\"sha384\"`, `\"sha512\"`.\n\n```luau\nlocal sig = rsa.signPkcs1(priv, buffer.fromstring(\"message\"))\nassert(rsa.verifyPkcs1(pub, buffer.fromstring(\"message\"), sig))\n```\n", "tags": [], "name": "signPkcs1", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Signature (same length as the key modulus). " } ], "params": [ { "lua_type": "string", "name": "private_pem", "desc": "PEM-encoded RSA private key." }, { "lua_type": "buffer", "name": "data", "desc": "Message to sign." }, { "lua_type": "string?", "name": "hash", "desc": "Hash algorithm - `\"sha256\"` (default), `\"sha1\"`, `\"sha384\"`, `\"sha512\"`." } ] }, { "source": { "path": "", "line": 153 }, "is_method": false, "signature": "rsa.verifyPkcs1(\n public_pem: string, -- PEM-encoded RSA public key.\n data: buffer, -- The original message.\n signature: buffer, -- Signature to verify.\n hash: string? -- Hash algorithm - must match what was used for signing.\n) → (\n boolean -- `true` if the signature is valid. \n)", "owner": "rsa", "desc": "Verifies an RSA-PKCS#1 v1.5 signature.\n\nReturns `true` if the signature is valid for the given data and\npublic key, `false` otherwise.\n", "tags": [], "name": "verifyPkcs1", "return_str": "boolean", "function_type": "Function", "returns": [ { "lua_type": "boolean", "desc": "`true` if the signature is valid. " } ], "params": [ { "lua_type": "string", "name": "public_pem", "desc": "PEM-encoded RSA public key." }, { "lua_type": "buffer", "name": "data", "desc": "The original message." }, { "lua_type": "buffer", "name": "signature", "desc": "Signature to verify." }, { "lua_type": "string?", "name": "hash", "desc": "Hash algorithm - must match what was used for signing." } ] }, { "source": { "path": "", "line": 176 }, "is_method": false, "signature": "rsa.signPss(\n private_pem: string, -- PEM-encoded RSA private key.\n data: buffer, -- Message to sign.\n hash: string? -- Hash algorithm - `\"sha256\"` (default), `\"sha1\"`, `\"sha384\"`, `\"sha512\"`.\n) → (\n buffer -- Signature (same length as the key modulus). \n)", "owner": "rsa", "desc": "Signs `data` using RSA-PSS (Probabilistic Signature Scheme).\n\nPSS is the modern, preferred RSA signature scheme. Unlike PKCS#1 v1.5,\nit uses randomized padding and has a formal security proof.\n\nThe data is hashed internally before signing. Supported hash values:\n`\"sha256\"` (default), `\"sha1\"`, `\"sha384\"`, `\"sha512\"`.\n\n```luau\nlocal sig = rsa.signPss(priv, buffer.fromstring(\"message\"))\nassert(rsa.verifyPss(pub, buffer.fromstring(\"message\"), sig))\n```\n", "tags": [], "name": "signPss", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Signature (same length as the key modulus). " } ], "params": [ { "lua_type": "string", "name": "private_pem", "desc": "PEM-encoded RSA private key." }, { "lua_type": "buffer", "name": "data", "desc": "Message to sign." }, { "lua_type": "string?", "name": "hash", "desc": "Hash algorithm - `\"sha256\"` (default), `\"sha1\"`, `\"sha384\"`, `\"sha512\"`." } ] }, { "source": { "path": "", "line": 192 }, "is_method": false, "signature": "rsa.verifyPss(\n public_pem: string, -- PEM-encoded RSA public key.\n data: buffer, -- The original message.\n signature: buffer, -- Signature to verify.\n hash: string? -- Hash algorithm - must match what was used for signing.\n) → (\n boolean -- `true` if the signature is valid. \n)", "owner": "rsa", "desc": "Verifies an RSA-PSS signature.\n\nReturns `true` if the signature is valid for the given data and\npublic key, `false` otherwise.\n", "tags": [], "name": "verifyPss", "return_str": "boolean", "function_type": "Function", "returns": [ { "lua_type": "boolean", "desc": "`true` if the signature is valid. " } ], "params": [ { "lua_type": "string", "name": "public_pem", "desc": "PEM-encoded RSA public key." }, { "lua_type": "buffer", "name": "data", "desc": "The original message." }, { "lua_type": "buffer", "name": "signature", "desc": "Signature to verify." }, { "lua_type": "string?", "name": "hash", "desc": "Hash algorithm - must match what was used for signing." } ] }, { "source": { "path": "", "line": 211 }, "is_method": false, "signature": "rsa.privateToDer(\n private_pem: string -- PEM-encoded RSA private key.\n) → (\n buffer -- Raw DER-encoded private key. \n)", "owner": "rsa", "desc": "Encodes a PEM private key as raw DER bytes.\n\nDER (Distinguished Encoding Rules) is the binary ASN.1 representation\nthat PEM wraps in base64. Use this when a library or protocol requires\nthe raw binary form.\n\n```luau\nlocal der = rsa.privateToDer(priv)\nlocal priv2 = rsa.privateFromDer(der) -- round-trip\n```\n", "tags": [], "name": "privateToDer", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Raw DER-encoded private key. " } ], "params": [ { "lua_type": "string", "name": "private_pem", "desc": "PEM-encoded RSA private key." } ] }, { "source": { "path": "", "line": 221 }, "is_method": false, "signature": "rsa.publicToDer(\n public_pem: string -- PEM-encoded RSA public key.\n) → (\n buffer -- Raw DER-encoded public key (SubjectPublicKeyInfo format). \n)", "owner": "rsa", "desc": "Encodes a PEM public key as raw DER bytes.\n", "tags": [], "name": "publicToDer", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Raw DER-encoded public key (SubjectPublicKeyInfo format). " } ], "params": [ { "lua_type": "string", "name": "public_pem", "desc": "PEM-encoded RSA public key." } ] }, { "source": { "path": "", "line": 231 }, "is_method": false, "signature": "rsa.privateFromDer(\n der: buffer -- Raw DER-encoded RSA private key.\n) → (\n string -- PEM-encoded RSA private key. \n)", "owner": "rsa", "desc": "Parses a DER-encoded RSA private key and returns it as a PEM string.\n", "tags": [], "name": "privateFromDer", "return_str": "string", "function_type": "Function", "returns": [ { "lua_type": "string", "desc": "PEM-encoded RSA private key. " } ], "params": [ { "lua_type": "buffer", "name": "der", "desc": "Raw DER-encoded RSA private key." } ] }, { "source": { "path": "", "line": 241 }, "is_method": false, "signature": "rsa.publicFromDer(\n der: buffer -- Raw DER-encoded RSA public key (SubjectPublicKeyInfo format).\n) → (\n string -- PEM-encoded RSA public key. \n)", "owner": "rsa", "desc": "Parses a DER-encoded RSA public key and returns it as a PEM string.\n", "tags": [], "name": "publicFromDer", "return_str": "string", "function_type": "Function", "returns": [ { "lua_type": "string", "desc": "PEM-encoded RSA public key. " } ], "params": [ { "lua_type": "buffer", "name": "der", "desc": "Raw DER-encoded RSA public key (SubjectPublicKeyInfo format)." } ] }, { "source": { "path": "", "line": 260 }, "is_method": false, "signature": "rsa.getKeyBits(\n pem: string -- PEM-encoded RSA private or public key.\n) → (\n number -- Key size in bits (e.g. 2048, 3072, 4096). \n)", "owner": "rsa", "desc": "Returns the key size in bits for a PEM-encoded private or public key.\n\nUseful for validating that a key meets a minimum size requirement\nbefore use.\n\n```luau\nlocal priv = rsa.generateKey(2048)\nassert(rsa.getKeyBits(priv) == 2048)\nassert(rsa.getKeyBits(rsa.getPublicPem(priv)) == 2048)\n```\n", "tags": [], "name": "getKeyBits", "return_str": "number", "function_type": "Function", "returns": [ { "lua_type": "number", "desc": "Key size in bits (e.g. 2048, 3072, 4096). " } ], "params": [ { "lua_type": "string", "name": "pem", "desc": "PEM-encoded RSA private or public key." } ] } ], "properties": [], "source": { "path": "", "line": 0 }, "desc": "RSA asymmetric cryptography.\n\nProvides key generation, PEM/DER conversion, PKCS#1 v1.5 and OAEP\nencryption/decryption, and both PKCS#1 v1.5 and PSS signing/verification.\n\nKeys are represented as PEM strings (the standard `-----BEGIN RSA\nPRIVATE KEY-----` / `-----BEGIN PUBLIC KEY-----` format). Use\n[[privateToDer]] / [[publicToDer]] to convert to raw DER bytes, or\n`@eryx/crypto/pem` to wrap/unwrap arbitrary DER blobs.\n\n```luau\nlocal rsa = require(\"@eryx/crypto/rsa\")\n\n-- Generate a 2048-bit key pair\nlocal priv = rsa.generateKey(2048)\nlocal pub = rsa.getPublicPem(priv)\n\n-- Encrypt / decrypt with OAEP\nlocal ct = rsa.encryptOaep(pub, buffer.fromstring(\"hello\"))\nlocal pt = rsa.decryptOaep(priv, ct)\nassert(buffer.tostring(pt) == \"hello\")\n\n-- Sign / verify\nlocal sig = rsa.signPkcs1(priv, buffer.fromstring(\"message\"))\nassert(rsa.verifyPkcs1(pub, buffer.fromstring(\"message\"), sig))\n```\n" } ] }