Crypt::Perl::ECDSA::PrivateKey - object representation of ECDSA private key
#Use Generate.pm or Parse.pm rather
#than instantiating this class directly.
#This works even if the object came from a key file that doesn’t
#contain the curve name.
$prkey->get_curve_name();
if ($payload > ($prkey->max_sign_bits() / 8)) {
die "Payload too long!";
}
#$payload is probably a hash (e.g., SHA-256) of your original message.
my $sig = $prkey->sign($payload);
#For JSON Web Algorithms (JWT et al.), cf. RFC 7518 page 8
#This will also apply the appropriate SHA algorithm before signing.
my $sig_jwa = $prkey->sign_jwa($payload);
$prkey->verify($payload, $sig) or die "Invalid signature!";
$prkey->verify_jwa($payload, $sig_jwa) or die "Invalid signature!";
#Corresponding “der” methods exist as well.
my $cn_pem = $prkey->to_pem_with_curve_name();
my $expc_pem = $prkey->to_pem_with_explicit_curve();
#----------------------------------------------------------------------
my $pbkey = $prkey->get_public_key();
#----------------------------------------------------------------------
#Includes “kty”, “crv”, “x”, “y”, and (for private) “d”.
#Add in whatever else your application needs afterward.
#
#These will die() if you try to run it with a curve that
#doesn’t have a known JWK “crv” value.
#
my $prv_jwk = $prkey->get_struct_for_private_jwk();
my $pub_jwk = $prkey->get_struct_for_public_jwk();
#Useful for JWTs
my $jwt_alg = $pbkey->get_jwa_alg();
The SYNOPSIS above should be illustration enough of how to use this class.
The security advantages of elliptic-curve cryptography (ECC) are a matter of
some controversy. While the math itself is apparently bulletproof, there are
varying opinions about the integrity of the various curves that are
recommended for ECC. Some believe that some curves contain
“backdoors” that would allow NIST <https://www.nist.gov>
to sniff a transmission.
That said, RSA will eventually no longer be viable: as the keys
get bigger, the security advantage of increasing their size diminishes.
This minimal set of functionality can be augmented as feature requests come in.
Patches are welcome—particularly with tests!