### Ballerina Argon2id Password Hashing and Verification Example Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md Provides a Ballerina example for using `crypto:hashArgon2` to create Argon2id hashes with default and custom parameters, and `crypto:verifyArgon2` to verify a password against an Argon2id hash. ```ballerina string password = "your-password"; // Hash with default parameters string hashedPassword1 = check crypto:hashArgon2(password); // Hash with custom parameters string hashedPassword2 = check crypto:hashArgon2(password, iterations = 4, memory = 131072, parallelism = 8); boolean isValid = check crypto:verifyArgon2(password, hashedPassword1); ``` -------------------------------- ### Ballerina PBKDF2 Password Verification Example Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md Shows how to use `crypto:verifyPbkdf2` in Ballerina to validate a plain text password against an existing PBKDF2 hashed password. ```ballerina string password = "mySecurePassword123"; string hashedPassword = "$pbkdf2-sha256$i=10000$salt$hash"; // Verify the hashed password boolean isValid = check crypto:verifyPbkdf2(password, hashedPassword); ``` -------------------------------- ### Ballerina PBKDF2 Password Hashing Example Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md Demonstrates how to use `crypto:hashPbkdf2` in Ballerina to generate PBKDF2 hashes for a password, showing both default and custom iteration and algorithm settings. ```ballerina string password = "mySecurePassword123"; // Hash with default parameters string hashedPassword = check crypto:hashPbkdf2(password); // Hash with custom parameters string customHashedPassword = check crypto:hashPbkdf2(password, iterations = 15000, algorithm = SHA512); ``` -------------------------------- ### Ballerina BCrypt Password Hashing and Verification Example Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md Illustrates how to use `crypto:hashBcrypt` to generate BCrypt hashes with default and custom work factors, and `crypto:verifyBcrypt` to check if a plain text password matches a given hash. ```ballerina string password = "your-password"; // Hash with default work factor (12) string hashedPassword1 = check crypto:hashBcrypt(password); // Hash with custom work factor string hashedPassword2 = check crypto:hashBcrypt(password, 14); boolean isValid = check crypto:verifyBcrypt(password, hashedPassword1); ``` -------------------------------- ### Verify RSA-SHA512 Signature Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API can be used to verify an RSA-SHA512 based signature. The example demonstrates how to sign data and then verify the generated signature using the corresponding public key. ```ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha512(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha512Signature(data, signature, publicKey); ``` -------------------------------- ### Verify RSA-SHA256 Signature Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API can be used to verify an RSA-SHA256 based signature. The example illustrates signing data with a private key and subsequently verifying the signature with a public key. ```ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha256(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha256Signature(data, signature, publicKey); ``` -------------------------------- ### Verify ML-DSA-65 Signature in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This Ballerina example shows how to verify an ML-DSA-65 based signature. It includes steps for signing data using a private key from a keystore and subsequently verifying it with the public key from a truststore. ```Ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeMlDsa65PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signMlDsa65(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeMlDsa65PublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyMlDsa65Signature(data, signature, publicKey); ``` -------------------------------- ### Perform ML-KEM-768 Encapsulation in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This Ballerina example shows how to encapsulate a shared secret using ML-KEM-768. It requires loading an ML-KEM-768 public key from a truststore to perform the encapsulation. ```Ballerina crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateMlKem768(publicKey); ``` -------------------------------- ### Decrypt Data with RSA-ECB in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This example shows how to decrypt RSA-ECB encrypted data using a private key from a Ballerina KeyStore. It includes steps for setting up the KeyStore and decoding public/private keys. ```ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] cipherText = check crypto:encryptRsaEcb(data, publicKey); byte[] plainText = check crypto:decryptRsaEcb(cipherText, privateKey); ``` -------------------------------- ### Decrypt Data with AES-GCM in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This snippet provides an example of decrypting AES-GCM encrypted data in Ballerina, utilizing the same key and initial vector that were used during the encryption process. ```ballerina string dataString = "Hello Ballerina!"; byte[] data = dataString.toBytes(); byte[16] key = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { key[i] = (check random:createIntInRange(0, 255)); } byte[16] initialVector = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; foreach int i in 0...15 { initialVector[i] = (check random:createIntInRange(0, 255)); } byte[] cipherText = check crypto:encryptAesGcm(data, key, initialVector); byte[] plainText = check crypto:decryptAesGcm(cipherText, key, initialVector); ``` -------------------------------- ### Perform RSA-KEM Decapsulation in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This Ballerina code demonstrates how to decapsulate a shared secret using RSA-KEM. It first performs encapsulation to get an encapsulated secret, then loads the RSA private key from a keystore to decapsulate the shared secret. ```Ballerina crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateRsaKem(publicKey); byte[] encapsulatedSecret = encapsulationResult.encapsulatedSecret; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyStorePassword"); byte[] sharedSecret = check crypto:decapsulateRsaKem(encapsulatedSecret, privateKey); ``` -------------------------------- ### Decrypt PGP Encrypted Stream in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This example illustrates how to decrypt PGP-encrypted content directly from an input stream and return a decrypted stream. It utilizes the `crypto:decryptStreamFromPgp` function, which is suitable for handling large encrypted files. ```Ballerina stream inputStream = check io:fileReadBlocksAsStream("pgb_encrypted.txt"); stream|crypto:Error decryptedStream = crypto:decryptStreamFromPgp(inputStream, "private_key.asc", passphrase); ``` -------------------------------- ### Run All Tests for Ballerina Crypto Module Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/README.md This command executes all defined unit and integration tests for the Ballerina crypto module to ensure its functionality and stability. ```Shell ./gradlew clean test ``` -------------------------------- ### Build Ballerina Crypto Module Package Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/README.md This command compiles the Ballerina crypto module package from its source code, preparing it for use or further operations. ```Shell ./gradlew clean build ``` -------------------------------- ### Debug Ballerina Crypto Module Package Implementation Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/README.md This command builds the package and enables remote debugging on a specified port. Replace '' with the desired port number for connecting a debugger to inspect the module's implementation. ```Shell ./gradlew clean build -Pdebug= ``` -------------------------------- ### Configure GitHub PAT for Ballerina Crypto Build Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/README.md This snippet shows how to export your GitHub Personal Access Token (PAT) and username as environment variables. These variables are required for authentication when building the Ballerina Crypto module from source, ensuring your PAT has `read package` permission. ```Shell export packageUser= export packagePAT= ``` -------------------------------- ### Publish Ballerina Crypto Module to Local Central Repository Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/README.md This command builds the module and publishes the generated artifacts to the local Ballerina central repository. This makes the module available for local projects and testing without public deployment. ```Shell ./gradlew clean build -PpublishToLocalCentral=true ``` -------------------------------- ### Debug Ballerina Crypto Module with Ballerina Language Debugger Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/README.md This command builds the package and enables debugging specifically for the Ballerina language aspects on a specified port. Replace '' with the desired port number for Ballerina language-level debugging. ```Shell ./gradlew clean build -PbalJavaDebug= ``` -------------------------------- ### Publish Ballerina Crypto Module to Official Central Repository Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/README.md This command builds the module and publishes the generated artifacts to the official Ballerina central repository. This makes the module publicly available to all Ballerina users. ```Shell ./gradlew clean build -PpublishToCentral=true ``` -------------------------------- ### Run Specific Test Groups for Ballerina Crypto Module Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/README.md This command allows running a subset of tests by specifying comma-separated test group names. Replace '' with the actual group identifiers you wish to execute. ```Shell ./gradlew clean test -Pgroups= ``` -------------------------------- ### Ballerina Crypto Module Password Hashing API Reference Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/proposals/bcrypt-argon2id-hashing-apis.md Proposed API additions to the Ballerina crypto module for secure password hashing and verification using BCrypt and Argon2id algorithms. This section outlines the functions, their parameters, and return types, providing a comprehensive reference for developers. ```APIDOC BCrypt Functions: hashBcrypt(password: string, workFactor: int = 12) returns string|Error password: The plain-text password to hash. workFactor: The computational cost factor (default 12). verifyBcrypt(password: string, hashedPassword: string) returns boolean|Error password: The plain-text password to verify. hashedPassword: The previously generated BCrypt hash. Argon2id Functions: hashArgon2(password: string, iterations: int = 3, memory: int = 65536, parallelism: int = 4) returns string|Error password: The plain-text password to hash. iterations: The number of iterations (default 3). memory: The memory cost in KiB (default 65536). parallelism: The number of threads (default 4). verifyArgon2(password: string, hashedPassword: string) returns boolean|Error password: The plain-text password to verify. hashedPassword: The previously generated Argon2id hash. ``` -------------------------------- ### Ballerina Crypto Module: API Additions for Key/Certificate Decoding from Content Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/proposals/decode-keys-from-the-content.md Proposed new API functions for the Ballerina `crypto` module to allow direct decoding of `PrivateKey` and `PublicKey` objects from their raw content (byte arrays), providing an alternative to file-path-based retrieval. These functions enhance flexibility by enabling in-memory key and certificate processing. ```ballerina public isolated function decodeRsaPrivateKeyFromContent(byte[] content, string? keyPassword = ()) returns crypto:PrivateKey|crypto:Error; ``` ```ballerina public isolated function decodeRsaPublicKeyFromContent(byte[] content) returns crypto:PublicKey|crypto:Error; ``` -------------------------------- ### Build Ballerina Crypto Module Without Running Tests Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/README.md This command compiles the Ballerina crypto module package while explicitly skipping the execution of tests. This is useful for faster builds when test validation is not immediately required. ```Shell ./gradlew clean build -x test ``` -------------------------------- ### Ballerina Crypto Module: PBKDF2 Hashing API Reference Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md API documentation for Ballerina's `crypto` module, covering the `HmacAlgorithm` enum, `hashPbkdf2` for PBKDF2 password hashing with customizable iterations and HMAC algorithm, and `verifyPbkdf2` for password verification. ```APIDOC public enum HmacAlgorithm { SHA1, SHA256, SHA512 } public isolated function hashPbkdf2(string password, int iterations = 10000, HmacAlgorithm algorithm = SHA256) returns string|Error Parameters: - password: The plain text password to hash - iterations: Optional number of iterations (default: 10000) - algorithm: Optional HMAC algorithm (SHA1, SHA256, SHA512). Default is SHA256 public isolated function verifyPbkdf2(string password, string hashedPassword) returns boolean|Error Parameters: - password: The plain text password to verify - hashedPassword: PBKDF2 hashed password to verify against ``` -------------------------------- ### Ballerina Crypto Module: BCrypt Hashing API Reference Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md API documentation for Ballerina's `crypto` module, detailing `hashBcrypt` for password hashing with a configurable work factor and `verifyBcrypt` for validating a password against a BCrypt hash. ```APIDOC public isolated function hashBcrypt(string password, int workFactor = 12) returns string|Error Parameters: - password: The plain text password to hash - workFactor: Computational complexity factor (4-31, default: 12) public isolated function verifyBcrypt(string password, string hashedPassword) returns boolean|Error ``` -------------------------------- ### Create ML-DSA-65 Signature Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API can be used to create the ML-DSA-65 based signature value for the given data. It demonstrates loading a private key from a keystore and signing data. ```ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeMlDsa65PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signMlDsa65(data, privateKey); ``` -------------------------------- ### Ballerina Crypto Module: Argon2id Hashing API Reference Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md API documentation for Ballerina's `crypto` module, outlining `hashArgon2` for Argon2id password hashing with configurable iterations, memory, and parallelism, and `verifyArgon2` for password validation. ```APIDOC public isolated function hashArgon2(string password, int iterations = 3, int memory = 65536, int parallelism = 4) returns string|Error Parameters: - password: The plain text password to hash - iterations: Number of iterations (default: 3) - memory: Memory usage in KB (minimum: 8192, default: 65536) - parallelism: Degree of parallelism (default: 4) Output hash length is fixed at 256 bits for optimal security and performance. public isolated function verifyArgon2(string password, string hashedPassword) returns boolean|Error ``` -------------------------------- ### Build RSA Public Key from Modulus and Exponent Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API constructs an RSA public key directly from its modulus and exponent parameters, provided as strings. This is useful for generating a public key without relying on existing key files or certificates. ```ballerina string modulus = "luZFdW1ynitztkWLC6xKegbRWxky-5P0p4ShYEOkHs30QI2VCuR6Qo4Bz5rTgLBrky03W1GAVrZxuvKRGj9V9-" + "PmjdGtau4CTXu9pLLcqnruaczoSdvBYA3lS9a7zgFU0-s6kMl2EhB-rk7gXluEep7lIOenzfl2f6IoTKa2fVgVd3YKiSGsy" + "L4tztS70vmmX121qm0sTJdKWP4HxXyqK9neolXI9fYyHOYILVNZ69z_73OOVhkh_mvTmWZLM7GM6sApmyLX6OXUp8z0pkY-v" + "T_9-zRxxQs7GurC4_C1nK3rI_0ySUgGEafO1atNjYmlFN-M3tZX6nEcA6g94IavyQ"; string exponent = "AQAB"; crypto:PublicKey publicKey = check crypto:buildRsaPublicKey(modulus, exponent); ``` -------------------------------- ### Verify RSA-MD5 Signature Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API can be used to verify an RSA-MD5 based signature. It shows how to sign data with a private key and then verify it using a public key loaded from a truststore. ```ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaMd5(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaMd5Signature(data, signature, publicKey); ``` -------------------------------- ### Decode RSA Public Key from PKCS12 File Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API allows decoding an RSA public key from a PKCS#12 archive file. It requires a `crypto:TrustStore` configuration pointing to the PKCS#12 file and its password, along with the alias of the key within the store. ```ballerina crypto:TrustStore trustStore = { path: "/path/tp/truststore.p12", password: "truststorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(trustStore, "keyAlias"); ``` -------------------------------- ### Sign Data with RSA-MD5 in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This snippet demonstrates how to create an RSA-MD5 based signature for given data. It involves loading a private key from a KeyStore using `crypto:decodeRsaPrivateKeyFromKeyStore` and then signing the data with `crypto:signRsaMd5`. ```Ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaMd5(data, privateKey); ``` -------------------------------- ### Ballerina Crypto Module: Proposed Keccak-256 Hashing API Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/proposals/keccak-256-hashing-support.md This Ballerina function signature represents the proposed API addition to the `crypto` module. The `hashKeccak256` function will accept a byte array as input and an optional byte array for salt, returning the computed keccak-256 hash as a byte array. This enables native keccak-256 hashing within Ballerina applications. ```ballerina public isolated function hashKeccak256(byte[] input, byte[]? salt = ()) returns byte[]; ``` -------------------------------- ### Decode EC Private Key from PKCS12 File Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API facilitates decoding an EC private key from a PKCS#12 file. It requires a `crypto:KeyStore` configuration with the file path and password, along with the key alias and its password within the store. ```ballerina crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); ``` -------------------------------- ### Sign Data with RSA-SHA1 in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This snippet demonstrates how to create an RSA-SHA1 based signature for given data. It involves loading a private key from a KeyStore using `crypto:decodeRsaPrivateKeyFromKeyStore` and then signing the data with `crypto:signRsaSha1`. ```Ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha1(data, privateKey); ``` -------------------------------- ### Decode EC Public Key from PKCS12 File Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API decodes an EC public key from a PKCS#12 archive file. It requires a `crypto:TrustStore` configuration with the file path and password, and the alias of the key. ```ballerina crypto:TrustStore trustStore = { path: "/path/tp/truststore.p12", password: "truststorePassword" }; crypto:PublicKey publicKey = check crypto:decodeEcPublicKeyFromTrustStore(trustStore, "keyAlias"); ``` -------------------------------- ### Decode RSA Private Key from PKCS#12 File in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API decodes an RSA private key from a given PKCS#12 file. It requires a `KeyStore` record specifying the file path and password, along with the key alias and password within the keystore, to retrieve the private key. ```ballerina crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); ``` -------------------------------- ### Decode RSA Public Key from Certificate File Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API is used to decode an RSA public key directly from a public certificate file. It takes the file path of the certificate as input. ```ballerina string certFile = "/path/to/public.cert"; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromCertFile(certFile); ``` -------------------------------- ### Verify RSA-SHA1 Signature Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API can be used to verify an RSA-SHA1 based signature. It demonstrates the process of signing data and then verifying its authenticity using the corresponding public key. ```ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha1(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha1Signature(data, signature, publicKey); ``` -------------------------------- ### Sign Data with SHA384withECDSA in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This snippet demonstrates how to create a SHA384withECDSA based signature for given data. It involves loading an EC private key from a KeyStore using `crypto:decodeEcPrivateKeyFromKeyStore` and then signing the data with `crypto:signSha384withEcdsa`. ```Ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signSha384withEcdsa(data, privateKey); ``` -------------------------------- ### Decode ML-DSA-65 Private Key from PKCS12 File Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API decodes an ML-DSA-65 private key from a PKCS#12 file. It requires a `crypto:KeyStore` configuration with the file path and password, along with the key alias and its password within the store. ```ballerina crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password }; crypto:PrivateKey privateKey = check crypto:decodeMlDsa65PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); ``` -------------------------------- ### Sign Data with RSA-SHA384 in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This snippet demonstrates how to create an RSA-SHA384 based signature for given data. It involves loading a private key from a KeyStore using `crypto:decodeRsaPrivateKeyFromKeyStore` and then signing the data with `crypto:signRsaSha384`. ```Ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha384(data, privateKey); ``` -------------------------------- ### Decode RSA Private Key from File with Password Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API can be used to decode an RSA private key from a specified key file, protected by a given password. It requires the path to the private key file and the password for decryption. ```ballerina string keyFile = "/path/to/private.key"; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyFile(keyFile, "keyPassword"); ``` -------------------------------- ### Verify RSA-SHA384 Signature Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API can be used to verify an RSA-SHA384 based signature. It covers the full flow from signing data using a private key to verifying the signature with a public key. ```ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha384(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifyRsaSha384Signature(data, signature, publicKey); ``` -------------------------------- ### Perform RSA-KEM Encapsulation in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This Ballerina code demonstrates how to encapsulate a shared secret using RSA-KEM. It involves loading an RSA public key from a truststore and then using it to generate an encapsulated secret. ```Ballerina crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateRsaKem(publicKey); ``` -------------------------------- ### Encrypt and Decrypt Data with PGP in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This snippet demonstrates how to encrypt and decrypt byte arrays using PGP with public and private keys. It showcases the usage of `crypto:encryptPgp` for encryption and `crypto:decryptPgp` for decryption, requiring paths to key files and a passphrase. ```Ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); string publicKeyPath = "/path/to/publickey.asc"; string privateKeyPath = "/path/to/privatekey.asc"; string passPhrase = "passphrase"; byte[] cipherText = check crypto:encryptPgp(data, publicKeyPath); byte[] plainText = check crypto:decryptPgp(cipherText, privateKeyPath, passPhrase.toBytes()); ``` -------------------------------- ### Verify SHA384withECDSA Signature Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API can be used to verify a SHA384withECDSA based signature. It illustrates the process of signing data with an EC private key and verifying it with an EC public key. ```ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signSha384withEcdsa(data, privateKey); crypto:PublicKey publicKey = check crypto:decodeEcPublicKeyFromTrustStore(keyStore, "keyAlias"); boolean validity = check crypto:verifySha384withEcdsaSignature(data, signature, publicKey); ``` -------------------------------- ### Encrypt Data using ML-KEM-768-HPKE in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API demonstrates how to encrypt data using the ML-KEM-768 Hybrid Public Key Encryption (HPKE) scheme. It involves converting input data to bytes, loading a KeyStore, decoding a public key, and then encrypting the data. This method provides secure data transmission. ```ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey publicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(keyStore, "keyAlias"); crypto:HybridEncryptionResult encryptionResult = check crypto:encryptMlKem768Hpke(data, publicKey); ``` -------------------------------- ### Decode EC Public Key from Certificate File Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API decodes an EC public key from a public certificate file. It takes the file path of the certificate as input. ```ballerina string certFile = "/path/to/public.cert"; crypto:PublicKey publicKey = check crypto:decodeEcPublicKeyFromCertFile(certFile); ``` -------------------------------- ### Sign Data with RSA-SHA256 in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This snippet demonstrates how to create an RSA-SHA256 based signature for given data. It involves loading a private key from a KeyStore using `crypto:decodeRsaPrivateKeyFromKeyStore` and then signing the data with `crypto:signRsaSha256`. ```Ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha256(data, privateKey); ``` -------------------------------- ### Sign Data with SHA256withECDSA in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This snippet demonstrates how to create a SHA256withECDSA based signature for given data. It involves loading an EC private key from a KeyStore using `crypto:decodeEcPrivateKeyFromKeyStore` and then signing the data with `crypto:signSha256withEcdsa`. ```Ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signSha256withEcdsa(data, privateKey); ``` -------------------------------- ### Sign Data with RSA-SHA512 in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This snippet demonstrates how to create an RSA-SHA512 based signature for given data. It involves loading a private key from a KeyStore using `crypto:decodeRsaPrivateKeyFromKeyStore` and then signing the data with `crypto:signRsaSha512`. ```Ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore keyStore = { path: "/path/to/keyStore.p12", password: "keyStorePassword" }; crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); byte[] signature = check crypto:signRsaSha512(data, privateKey); ``` -------------------------------- ### Ballerina RSA-KEM-ML-KEM-768-HPKE Hybrid Encryption and Decryption Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md Demonstrates end-to-end hybrid encryption and decryption using RSA-KEM-ML-KEM-768-HPKE in Ballerina. This includes loading ML-KEM and RSA keys from keystores, encrypting data with public keys, and decrypting with private keys. ```ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore mlkemKeyStore = { path: "/path/to/mlkem/keyStore.p12", password: "keyStorePassword" }; crypto:KeyStore rsaKeyStore = { path: "/path/to/rsa/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey mlkemPublicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(mlkemKeyStore, "keyAlias"); crypto:PublicKey rsaPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(rsaKeyStore, "keyAlias"); crypto:HybridEncryptionResult encryptionResult = check crypto:encryptRsaKemMlKem768Hpke(data, rsaPublicKey, mlkemPublicKey); byte[] cipherText = encryptionResult.cipherText; byte[] encapsulatedKey = encryptionResult.encapsulatedSecret; crypto:PrivateKey mlkemPrivateKey = check crypto:decodeMlKem768PrivateKeyFromKeyStore(mlkemKeyStore, "keyAlias", "keyStorePassword"); crypto:PrivateKey rsaPrivateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(rsaKeyStore, "keyAlias", "keyStorePassword"); byte[] decryptedData = check crypto:decryptRsaKemMlKem768Hpke(cipherText, encapsulatedKey, rsaPrivateKey, mlkemPrivateKey); ``` -------------------------------- ### Perform Hybrid RSA-KEM-ML-KEM-768 Encapsulation and Decapsulation in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This Ballerina snippet illustrates the process of hybrid key exchange using RSA-KEM and ML-KEM-768. It covers both the encapsulation of a shared secret using both public keys and its subsequent decapsulation using the corresponding private keys from separate keystores. ```Ballerina crypto:KeyStore mlkemKeyStore = { path: "/path/to/mlkem/keyStore.p12", password: "keyStorePassword" }; crypto:KeyStore rsaKeyStore = { path: "/path/to/rsa/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey mlkemPublicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(mlkemKeyStore, "keyAlias"); crypto:PublicKey rsaPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(rsaKeyStore, "keyAlias"); crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateRsaKemMlKem768(rsaPublicKey, mlkemPublicKey); byte[] encapsulatedSecret = encapsulationResult.encapsulatedSecret; crypto:PrivateKey mlkemPrivateKey = check crypto:decodeMlKem768PrivateKeyFromKeyStore(mlkemKeyStore, "keyAlias", "keyStorePassword"); crypto:PrivateKey rsaPrivateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(rsaKeyStore, "keyAlias", "keyStorePassword"); byte[] sharedSecret = check crypto:decapsulateRsaKemMlKem768(encapsulatedSecret, rsaPrivateKey, mlkemPrivateKey); ``` -------------------------------- ### Decode EC Private Key from File with Password Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API decodes an EC private key from a specified key file, secured by a password. It's similar to the RSA private key decoding from file but for EC keys. ```ballerina string keyFile = "/path/to/private.key"; crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyFile(keyFile, "keyPassword"); ``` -------------------------------- ### Encrypt Data using RSA-KEM-ML-KEM-768-HPKE in Ballerina Source: https://github.com/ballerina-platform/module-ballerina-crypto/blob/master/docs/spec/spec.md This API demonstrates how to encrypt data using the combined RSA-KEM and ML-KEM-768 Hybrid Public Key Encryption (HPKE) scheme. It requires separate KeyStores for ML-KEM and RSA, decoding both public keys, and then encrypting the data. This offers a robust hybrid encryption solution. ```ballerina string input = "Hello Ballerina"; byte[] data = input.toBytes(); crypto:KeyStore mlkemKeyStore = { path: "/path/to/mlkem/keyStore.p12", password: "keyStorePassword" }; crypto:KeyStore rsaKeyStore = { path: "/path/to/rsa/keyStore.p12", password: "keyStorePassword" }; crypto:PublicKey mlkemPublicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(mlkemKeyStore, "keyAlias"); crypto:PublicKey rsaPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(rsaKeyStore, "keyAlias"); crypto:HybridEncryptionResult encryptionResult = check crypto:encryptRsaKemMlKem768Hpke(data, rsaPublicKey, mlkemPublicKey); ```