LispPad
  • Home
  • Applications
    • 🖥️LispPad
      • Sessions
      • Editor
      • Preferences
    • 📱LispPad Go
    • 📜Language
    • 📖Libraries
  • Libraries
    • ⚙️LispKit
      • (lispkit archive tar)
      • (lispkit archive zip)
      • (lispkit base)
      • (lispkit bitset)
      • (lispkit box)
      • (lispkit bytevector)
      • (lispkit char)
      • (lispkit char-set)
      • (lispkit combinator)
      • (lispkit comparator)
      • (lispkit control)
      • (lispkit core)
      • (lispkit crypto)
      • (lispkit csv)
      • (lispkit datatype)
      • (lispkit date-time)
      • (lispkit debug)
      • (lispkit disjoint-set)
      • (lispkit draw)
      • (lispkit draw turtle)
      • (lispkit draw barcode)
      • (lispkit draw chart bar)
      • (lispkit dynamic)
      • (lispkit enum)
      • (lispkit format)
      • (lispkit graph)
      • (lispkit gvector)
      • (lispkit hashtable)
      • (lispkit heap)
      • (lispkit http)
      • (lispkit http oauth)
      • (lispkit http server)
      • (lispkit iterate)
      • (lispkit json)
      • (lispkit json schema)
      • (lispkit list)
      • (lispkit list set)
      • (lispkit log)
      • (lispkit markdown)
      • (lispkit match)
      • (lispkit math)
      • (lispkit math matrix)
      • (lispkit math stats)
      • (lispkit math util)
      • (lispkit object)
      • (lispkit port)
      • (lispkit prolog)
      • (lispkit queue)
      • (lispkit record)
      • (lispkit regexp)
      • (lispkit serialize)
      • (lispkit set)
      • (lispkit sqlite)
      • (lispkit stack)
      • (lispkit stream)
      • (lispkit string)
      • (lispkit styled-text)
      • (lispkit system)
      • (lispkit system call)
      • (lispkit system keychain)
      • (lispkit system pasteboard)
      • (lispkit test)
      • (lispkit text-table)
      • (lispkit thread)
      • (lispkit thread channel)
      • (lispkit-thread-future)
      • (lispkit thread shared-queue)
      • (lispkit type)
      • (lispkit url)
      • (lispkit vector)
    • ⚙️LispPad
      • (lisppad applescript)
      • (lisppad draw map)
      • (lisppad location)
      • (lisppad speech)
      • (lisppad system)
      • (lisppad turtle)
    • ⚙️SRFI
  • Examples
    • 📝LispKit
    • 📝LispPad
    • 📝LispPad Go
  • Releases
    • 🖥️LispPad
    • 📱LispPad Go
  • Downloads
  • Privacy Policy
  • Contact
Powered by GitBook
On this page
  • Hash functions
  • Secure keys
  • Crypto algorithms
  1. Libraries
  2. LispKit

(lispkit crypto)

Last updated 6 months ago

Library (lispkit crypto) provides an API for cryptographic operations, including message digests, the creation and management of secure keys, and cryptographic algorithms for encrypting, decrypting, signing, and verifying messages.

The following sample code illustrates how (lispkit crypto) can be used to implement public key cryptography:

(define msg (string->utf8 "This is a secret message!"))
(define privkey (make-private-key 'rsa))
(define pubkey (public-key privkey))
(define encr (encrypt pubkey 'rsa-encryption-pkcs1 msg))
(define decr (decrypt privkey 'rsa-encryption-pkcs1 encr))
(utf8->string decr)
⇒ "This is a secret message!"

Hash functions

Library (lispkit crypto) provides a number of cryptographic hash functions, sometimes also called message digest functions. A cryptographic hash function maps variable-length, potentially long sequences of bytes to fixed length, relatively short hashes, also called digests.

(md5 bytevector) (md5 bytevector start) (md5 bytevector start end)

Implementation of the MD5 message-digest algorithm. Computes a 128-bit hash for the bytes of bytevector between index start (including) and end (excluding) and returns the result as a bytevector. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.

(sha1 bytevector) (sha1 bytevector start) (sha1 bytevector start end)

Implementation of the "Secure Hash Algorithm 1". Computes a 160-bit hash for the bytes of bytevector between index start (including) and end (excluding) and returns the result as a bytevector. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.

(sha256 bytevector) (sha256 bytevector start) (sha256 bytevector start end)

Implementation of the "Secure Hash Algorithm 2" with a 256-bit digest. Computes a 256-bit hash for the bytes of bytevector between index start (including) and end (excluding) and returns the result as a bytevector. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.

Implementation of the "Secure Hash Algorithm 2" with a 384-bit digest. Computes a 384-bit hash for the bytes of bytevector between index start (including) and end (excluding) and returns the result as a bytevector. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.

Implementation of the "Secure Hash Algorithm 2" with a 512-bit digest. Computes a 512-bit hash for the bytes of bytevector between index start (including) and end (excluding) and returns the result as a bytevector. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.

Secure keys

Symbol representing the secure-key type. The type-for procedure of library (lispkit type) returns this symbol for all secure key objects.

Creates a new private key for the cryptographic system cs and returns it as a secure-key object. Cryptographic systems are identified via symbols. Currently only rsa is supported as value for cs. size defines the size of the key in bits; default is 1024. tag is an optional string identifying the application generating the key. If tag is not provided, a random UUID string is being used as application tag.

(make-private-key 'rsa 2048 "myapp")
⇒ #<secure-key 600000b26ce0: rsa private 2048>

Returns a public key for the given private key as a secure-key object.

(define privkey (make-private-key 'rsa 1024 "demo app"))
(define pubkey (public-key privkey))
(display (secure-key->string pubkey)) ⇒ 
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAPh4qcCprhnrCelHVzhvlzVBxe62qDwes3IrMNcvKAYnqgVpSvUN+RNI
AWcQPVEiIPWxMz0/75mT3jFukysGMg6LdFzjslmtgvVutUM7vqkaliGIiBp92QBa
iXjZpD33YxQvKTp7F8hv4sJwgVz4junkM11X7Wnw8R6+1l4fYCbvAgMBAAE=
-----END RSA PUBLIC KEY-----

Returns #t if obj is a secure key; otherwise #f is returned.

Returns #t if the secure key is suitable to be used with the cryptographic system cs; otherwise #f is returned. Cryptographic systems are identified via symbols. Currently only rsa is supported as value for cs.

Returns #t if the secure key is a private key; otherwise #f is returned.

Returns #t if the secure key is a public key; otherwise #f is returned.

Returns #t if secure key can be used to encrypt messages via algorithm algo, otherwise #f is returned. algo is a symbol identifying the encryption algorithm (see section on Crypto Algorithms). If algo is not provided, secure-key-can-encrypt? returns #t if key can be used to encrypt messages in general, independent of a concrete algorithm.

Returns #t if secure key can be used to decrypt messages via algorithm algo, otherwise #f is returned. algo is a symbol identifying the encryption algorithm (see section on Crypto Algorithms). If algo is not provided, secure-key-can-decrypt? returns #t if key can be used to decrypt messages in general, independent of a concrete algorithm.

Returns #t if secure key can be used to sign messages via algorithm algo, otherwise #f is returned. algo is a symbol identifying the encryption algorithm (see section on Crypto Algorithms). If algo is not provided, secure-key-can-sign? returns #t if key can be used to sign messages in general, independent of a concrete algorithm.

Returns #t if secure key can be used to verify messages via algorithm algo, otherwise #f is returned. algo is a symbol identifying the encryption algorithm (see section on Crypto Algorithms). If algo is not provided, secure-key-can-verify? returns #t if key can be used to verify messages in general, independent of a concrete algorithm.

Returns the size of the given secure key in bits. If effective is #f or omitted, the total number of bits in the secure key are returned, otherwise, the effective number of bits used by this secure key are returned.

Returns the block length associated with the given secure key in bytes. If the secure key is an RSA key, for instance, this is the size of the modulus.

Returns the attributes associated with the given secure key as an association list. Each attribute is represented by a cons whose car is the key of an attribute and whose cdr is the corresponding value.

(secure-key-attributes (make-private-key 'rsa))
⇒ ((unwp . 1) (priv . 0) (sens . 0) (extr . 1) (vrfy . 0)
   (encr . 0) (drve . 1) (modi . 0) (sign . 1) (vyrc . 0)
   (next . 0) (type . "42") (bsiz . 1024) (kcls . "1")
   (asen . 0) (esiz . 1024) (decr . 1) (wrap . 0)
   (class . "keys") (snrc . 0) (perm . 1))

Defines an identity relationship for secure keys. secure-key=? returns #t if each key ... is the same key object as key0, otherwise #f gets returned.

Defines an equivalence relationship for secure keys based on the equivalence of a serialized representation of a secure key. secure-key-data=? returns #t if each key ... is representing an equivalent key with the same serialized external representation as key0. Otherwise, #f gets returned.

Serializes the given secure key into a new bytevector and returns the bytevector.

Turns a serialized representation of a secure key in bytevector between indices start (inclusive) and end (exclusive) into a new private key of the given cryptographic system cs. Cryptographic systems are identified via symbols. Currently only rsa is supported as value for cs. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.

Turns a serialized representation of a secure key in bytevector between indices start (inclusive) and end (exclusive) into a new public key of the given cryptographic system cs. Cryptographic systems are identified via symbols. Currently only rsa is supported as value for cs. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.

Returns a PEM (Privacy Encoded Mail)-encoded string representation of the given secure key.

(define pkey (make-private-key 'rsa 1024 "test"))
(display (secure-key->string (public-key pkey))) ⇒
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALz04JfvuKHfOtKE6rYGasoebv4T54m88OR0tJ0Bb+7gUWkX8DPWEy/y
Y0m6QOUK0nvpCvNdvZq7dW2Pjnwd4Cwy9lCUGj+MTSrwqL8fM3FvbLGI6lAAPqYb
S/T9zcG/YnNSmB/A6o3EcfYi/nT0u83t6bmSwa0SHNoOQ110fm6jAgMBAAE=
-----END RSA PUBLIC KEY-----

Turns a PEM (Privacy Encoded Mail)-encoded representation of a secure key str (a string) into a new secure key object and returns this object. An error is raised if it is not possible to extract a secure key supported by this library.

Crypto algorithms

In library (lispkit crypto), cryptographic algorithms are identified via interned symbols. The following cryptographic algorithms are supported:

RSA Encryption

  • rsa-encryption-raw

  • rsa-encryption-pkcs1

RSA Encryption OAEP

  • rsa-encryption-oaep-sha1

  • rsa-encryption-oaep-sha256

  • rsa-encryption-oaep-sha384

  • rsa-encryption-oaep-sha512

RSA Encryption OAEP AESGCM

  • rsa-encryption-oaep-sha1-aesgcm

  • rsa-encryption-oaep-sha256-aesgcm

  • rsa-encryption-oaep-sha384-aesgcm

  • rsa-encryption-oaep-sha512-aesgcm

RSA Signature Raw

  • rsa-signature-raw

RSA Signature Digest PKCS1v15

  • rsa-signature-digest-pkcs1v15-raw

  • rsa-signature-digest-pkcs1v15-sha1

  • rsa-signature-digest-pkcs1v15-sha256

  • rsa-signature-digest-pkcs1v15-sha384

  • rsa-signature-digest-pkcs1v15-sha512

RSA Signature Message PKCS1v15

  • rsa-signature-message-pkcs1v15-sha1

  • rsa-signature-message-pkcs1v15-sha256

  • rsa-signature-message-pkcs1v15-sha384

  • rsa-signature-message-pkcs1v15-sha512

RSA Signature Digest PSS

  • rsa-signature-digest-pss-sha1

  • rsa-signature-digest-pss-sha256

  • rsa-signature-digest-pss-sha384

  • rsa-signature-digest-pss-sha512

RSA Signature Message PSS

  • rsa-signature-message-pss-sha1

  • rsa-signature-message-pss-sha256

  • rsa-signature-message-pss-sha384

  • rsa-signature-message-pss-sha512

Encrypts a message represented by bytevector between indices start (inclusive) and end (exclusive) using the given secure key and encryption algorithm algo. The encrypted message is returned as a new bytevector.

algo is a symbol identifying the encryption algorithm. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.

Decrypts an encrypted message represented by bytevector between indices start (inclusive) and end (exclusive) using the given secure key and encryption algorithm algo. The decrypted message is returned as a new bytevector.

algo is a symbol identifying the encryption algorithm. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.

Signs a message represented by bytevector between indices start (inclusive) and end (exclusive) using the given secure key and signature algorithm algo. The signature of the message is returned as a new bytevector.

algo is a symbol identifying the signature algorithm. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.

Verifies a signature represented by bytevector between indices start (inclusive) and end (exclusive) using the given secure key and signature algorithm algo. verify returns #t if the signature could be verified, otherwise #f is returned.

algo is a symbol identifying the signature algorithm. If end is not provided, it is assumed to be the length of bytevector. If start is not provided, it is assumed to be 0.

(sha384 bytevector) (sha384 bytevector start) (sha384 bytevector start end)

(sha512 bytevector) (sha512 bytevector start) (sha512 bytevector start end)

secure-key-type-tag

(make-private-key cs) (make-private-key cs size) (make-private-key cs size tag)

(public-key key)

(secure-key? obj)

(secure-key-type? key cs)

(secure-key-private? key)

(secure-key-public? key)

(secure-key-can-encrypt? key) (secure-key-can-encrypt? key algo)

(secure-key-can-decrypt? key) (secure-key-can-decrypt? key algo)

(secure-key-can-sign? key) (secure-key-can-sign? key algo)

(secure-key-can-verify? key) (secure-key-can-verify? key algo)

(secure-key-size key) (secure-key-size key effective)

(secure-key-block-size key)

(secure-key-attributes key)

(secure-key=? key0 key ...)

(secure-key-data=? key ...)

(secure-key->bytevector key)

(bytevector->private-key cs bytevector) (bytevector->private-key cs bytevector start) (bytevector->private-key cs bytevector start end)

(bytevector->public-key obj)

(secure-key->string key)

(string->secure-key str)

(encrypt key algo bytevector) (encrypt key algo bytevector start) (encrypt key algo bytevector start end)

(decrypt key algo bytevector) (decrypt key algo bytevector start) (decrypt key algo bytevector start end)

(sign key algo bytevector) (sign key algo bytevector start) (sign key algo bytevector start end)

(verify key algo bytevector) (verify key algo bytevector start) (verify key algo bytevector start end)

⚙️