3 open System.Security.Cryptography
11 let generate256Key : Key =
14 /// Generate a new RSA key pair: (public * private).
15 let generateRSAKeysPair : Key * Key =
16 use rsa = new RSACryptoServiceProvider (rsaKeySize)
18 rsa.ToXmlString false, rsa.ToXmlString true
20 rsa.PersistKeyInCsp <- false
22 let encryptRSA (publicKey
: Key) (plaindata
: Data) : Data =
23 use rsa = new RSACryptoServiceProvider (rsaKeySize)
25 rsa.FromXmlString publicKey
26 rsa.Encrypt (plaindata
, false) // Uses PKCS#1 v1.5 padding.
28 rsa.PersistKeyInCsp <- false
30 let decryptRSA (privateKey
: Key) (cipherdata
: Data) : Data =
31 use rsa = new RSACryptoServiceProvider (rsaKeySize)
33 rsa.FromXmlString privateKey
34 rsa.Decrypt (cipherdata
, false) // Uses PKCS#1 v1.5 padding.
36 rsa.PersistKeyInCsp <- false
38 /// Produces a signature from a given hash.
39 let signRSA (privKey
: Key) (sha256
: Data) : Data =
40 use rsa = new RSACryptoServiceProvider (rsaKeySize)
42 rsa.FromXmlString privKey
43 rsa.SignHash (sha256
, CryptoConfig.MapNameToOID "SHA256")
45 rsa.PersistKeyInCsp <- false
47 /// Verify a signature against a given hash.
48 let verifySignRSA (pubKey
: Key) (sha256
: Data) (signature
: Data) : bool =
49 use rsa = new RSACryptoServiceProvider (rsaKeySize)
51 rsa.FromXmlString pubKey
52 rsa.VerifyHash (sha256
, CryptoConfig.MapNameToOID "SHA256", signature
)
54 rsa.PersistKeyInCsp <- false
56 let decryptAES (key
: Key) (inputStream
: Stream) (outputStream
: Stream) =
62 let kpub, kpriv
= generateRSAKeysPair
63 let plaintext = "Hello, World!"
64 printfn
"plaintext: %A" plaintext
65 let cipherdata = encryptRSA kpub (Encoding.UTF8.GetBytes plaintext)
66 printfn
"cipherdata: (size: %A) %A" cipherdata.Length cipherdata
67 let decryptedData = decryptRSA kpriv
cipherdata
68 let decryptedText = Encoding.UTF8.GetString decryptedData
69 printfn
"decryptedtext: %A" decryptedText
70 assert (plaintext = decryptedText)
74 let testRSASignature = lazy
(
75 let kpub, kpriv
= generateRSAKeysPair
76 let plaintext = "Hello, World!"
77 let sha256 = new SHA256Managed ()
78 let signature = signRSA kpriv
(sha256.ComputeHash (Encoding.UTF8.GetBytes plaintext))
79 assert verifySignRSA kpub (sha256.ComputeHash (Encoding.UTF8.GetBytes plaintext)) signature
80 assert not (verifySignRSA kpub (sha256.ComputeHash (Encoding.UTF8.GetBytes "Hello!")) signature)
81 printfn
"testRSASignature OK"