Go to file

Baojun Wang f9a0bc3c53 Allow sign/verify digest directly currently sign/verify works on message directly, it would be nice if PSS could sign/verify digest directly. This is useful for: 1) for some signing server it only has a digest (without message) 2) message could be very large, for cases when client need request a singing server to sign, it may make more sense for the client to compute digest, then ask server to (PSS) sign the digest 3) openSSL pkeyutl (PSS) sign operation signs with digest only, not the message, it would be nice to work with openSSL more easily *openSSL command line: ```shell openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -pkeyopt digest:sha256 -sign -inkey "pri.key" -in hmac.bin > sig.bin openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -pkeyopt digest:sha256 -verify -inkey "pri.key" -in hmac.bin -sigfile sig.bin ```		2017-05-15 19:42:19 -07:00
benchs	Benchmark for hash algorithms	2017-03-29 11:38:32 +02:00
cbits	Merge pull request #138 from haskell-crypto/blake2-update	2017-02-24 15:31:38 +00:00
Crypto	Allow sign/verify digest directly	2017-05-15 19:42:19 -07:00
gen	add some missing blake2 modes	2017-02-14 16:26:44 +00:00
tests	ed25519: Adding generateSecretKey and a unit test	2017-05-02 16:18:26 -05:00
.gitignore	Fix generate(Safe)Prime to guarantee prime size	2017-01-19 00:10:50 -05:00
.travis.yml	reinstall ghc 7.6	2017-02-24 16:47:14 +00:00
CHANGELOG.md	update CHANGELOG	2017-04-25 17:19:31 +01:00
CONTRIBUTING.md	add CONTRIBUTING guide - non definitive	2016-12-09 15:06:05 +00:00
cryptonite.cabal	bump version to 0.23	2017-04-25 17:21:14 +01:00
cryptonite.externals	add latest version of blake2 and reference to it	2017-02-20 07:32:50 +00:00
cryptonite.sublime-project	wip	2015-04-08 14:12:58 +01:00
LICENSE	update main license	2015-03-12 05:44:23 +00:00
Makefile	add dummy makefile to run QA	2015-05-03 14:26:21 +01:00
QA.hs	update QA to latest haskell-src-exts	2017-02-24 16:05:12 +00:00
README.md	Implement the XSalsa20 stream cipher	2016-10-09 15:25:31 +02:00
Setup.hs	initial commit.	2014-07-04 14:58:01 +01:00

README.md

cryptonite

Cryptonite is a haskell repository of cryptographic primitives. Each crypto algorithm has specificities that are hard to wrap in common APIs and types, so instead of trying to provide a common ground for algorithms, this package provides a non-consistent low-level API.

If you have no idea what you're doing, please do not use this directly. Instead, rely on higher level protocols or implementations.

Documentation: cryptonite on hackage

Versioning

Development versions are an incremental number prefixed by 0. There is no API stability between development versions.

Production versions : TBD

Coding Style

The coding style of this project mostly follows: haskell-style

Support

cryptonite supports the following platforms:

Windows >= 8
OSX >= 10.8
Linux
BSDs

On the following architectures:

x86-64
i386

On the following haskell versions:

GHC 7.0.x
GHC 7.4.x
GHC 7.6.x
GHC 7.8.x
GHC 7.10.x

Further platforms and architectures probably work too, but since the maintainer(s) don't have regular access to them, we can't commit to further support.

Known Building Issues

On OSX <= 10.7, the system compiler doesn't understand the '-maes' option, and with the lack of autodetection feature builtin in .cabal file, it is left on the user to disable the aesni. See the [Disabling AESNI] section

Disabling AESNI

It may be useful to disable AESNI for building, testing or runtime purposes. This is achieved with the support_aesni flag.

As part of configure of cryptonite:

  cabal configure --flag='-support_aesni'

or as part of an installation:

  cabal install --constraint="cryptonite -support_aesni"

For help with cabal flags, see: stackoverflow : is there a way to define flags for cabal