diff --git a/ballerina/encrypt_decrypt.bal b/ballerina/encrypt_decrypt.bal index eb4ebeef..3247ce3a 100644 --- a/ballerina/encrypt_decrypt.bal +++ b/ballerina/encrypt_decrypt.bal @@ -16,35 +16,35 @@ import ballerina/jballerina.java; -# Represents the padding algorithms supported by AES encryption and decryption. +# The padding algorithms supported by AES encryption and decryption. public type AesPadding NONE|PKCS5; -# Represents the padding algorithms supported with RSA encryption and decryption. +# The padding algorithms supported with RSA encryption and decryption. public type RsaPadding PKCS1|OAEPwithMD5andMGF1|OAEPWithSHA1AndMGF1|OAEPWithSHA256AndMGF1|OAEPwithSHA384andMGF1| OAEPwithSHA512andMGF1; -# No padding. +# No padding for encryption or decryption. public const NONE = "NONE"; -# The `PKCS1` padding mode. +# The PKCS1 padding mode for RSA encryption and decryption. public const PKCS1 = "PKCS1"; -# The `PKCS5` padding mode. +# The PKCS5 padding mode for AES encryption and decryption. public const PKCS5 = "PKCS5"; -# The `OAEPwithMD5andMGF1` padding mode. +# The OAEP padding mode with MD5 and MGF1 for RSA encryption and decryption. public const OAEPwithMD5andMGF1 = "OAEPwithMD5andMGF1"; -# The `OAEPWithSHA1AndMGF1` padding mode. +# The OAEP padding mode with SHA-1 and MGF1 for RSA encryption and decryption. public const OAEPWithSHA1AndMGF1 = "OAEPWithSHA1AndMGF1"; -# The `OAEPWithSHA256AndMGF1` padding mode. +# The OAEP padding mode with SHA-256 and MGF1 for RSA encryption and decryption. public const OAEPWithSHA256AndMGF1 = "OAEPWithSHA256AndMGF1"; -# The `OAEPwithSHA384andMGF1` padding mode. +# The OAEP padding mode with SHA-384 and MGF1 for RSA encryption and decryption. public const OAEPwithSHA384andMGF1 = "OAEPwithSHA384andMGF1"; -# The `OAEPwithSHA512andMGF1` padding mode. +# The OAEP padding mode with SHA-512 and MGF1 for RSA encryption and decryption. public const OAEPwithSHA512andMGF1 = "OAEPwithSHA512andMGF1"; # Returns the RSA-encrypted value for the given data. @@ -59,10 +59,10 @@ public const OAEPwithSHA512andMGF1 = "OAEPwithSHA512andMGF1"; # byte[] cipherText = check crypto:encryptRsaEcb(data, publicKey); # ``` # -# + input - The content to be encrypted -# + key - Private or public key used for encryption -# + padding - The padding algorithm -# + return - Encrypted data or else a `crypto:Error` if the key is invalid +# + input - The content to be encrypted, provided as a byte array +# + key - The RSA key (private or public) used for encryption. The key must be compatible with the RSA algorithm +# + padding - The padding algorithm to use. Supported values are `PKCS1`, `OAEPwithMD5andMGF1`, `OAEPWithSHA1AndMGF1`, `OAEPWithSHA256AndMGF1`, `OAEPwithSHA384andMGF1`, and `OAEPwithSHA512andMGF1` +# + return - The encrypted data as a byte array, or a `crypto:Error` if the key is invalid or an error occurs during encryption public isolated function encryptRsaEcb(byte[] input, PrivateKey|PublicKey key, RsaPadding padding = PKCS1) returns byte[]|Error = @java:Method { name: "encryptRsaEcb", @@ -84,11 +84,11 @@ public isolated function encryptRsaEcb(byte[] input, PrivateKey|PublicKey key, R # byte[] cipherText = check crypto:encryptAesCbc(data, key, initialVector); # ``` # -# + input - The content to be encrypted -# + key - Encryption key -# + iv - Initialization vector -# + padding - The padding algorithm -# + return - Encrypted data or else a `crypto:Error` if the key is invalid +# + input - The content to be encrypted, provided as a byte array +# + key - The encryption key used for AES-CBC encryption +# + iv - The initialization vector used to initialize the AES-CBC encryption process +# + padding - The padding algorithm to use. Supported value is `PKCS5` +# + return - The encrypted data as a byte array, or a `crypto:Error` if the key, IV, or padding is invalid public isolated function encryptAesCbc(byte[] input, byte[] key, byte[] iv, AesPadding padding = PKCS5) returns byte[]|Error = @java:Method { name: "encryptAesCbc", @@ -106,10 +106,10 @@ public isolated function encryptAesCbc(byte[] input, byte[] key, byte[] iv, AesP # byte[] cipherText = check crypto:encryptAesEcb(data, key); # ``` # -# + input - The content to be encrypted -# + key - Encryption key -# + padding - The padding algorithm -# + return - Encrypted data or else a `crypto:Error` if the key is invalid +# + input - The content to be encrypted, provided as a byte array +# + key - The encryption key used for AES-ECB encryption +# + padding - The padding algorithm to use. Supported value is `PKCS5` +# + return - The encrypted data as a byte array, or a `crypto:Error` if the key or padding is invalid public isolated function encryptAesEcb(byte[] input, byte[] key, AesPadding padding = PKCS5) returns byte[]|Error = @java:Method { name: "encryptAesEcb", @@ -131,12 +131,12 @@ public isolated function encryptAesEcb(byte[] input, byte[] key, AesPadding padd # byte[] cipherText = check crypto:encryptAesGcm(data, key, initialVector); # ``` # -# + input - The content to be encrypted -# + key - Encryption key -# + iv - Initialization vector -# + padding - The padding algorithm -# + tagSize - Tag size -# + return - Encrypted data or else a `crypto:Error` if the key is invalid +# + input - The content to be encrypted, provided as a byte array +# + key - The encryption key used for AES-GCM encryption +# + iv - The initialization vector used to initialize the AES-GCM encryption process +# + padding - The padding algorithm to use. Supported value is `PKCS5` +# + tagSize - The size of the authentication tag in bits. Valid values are 128, 120, 112, 104, or 96 +# + return - The encrypted data as a byte array, or a `crypto:Error` if the key, IV, or tag size is invalid public isolated function encryptAesGcm(byte[] input, byte[] key, byte[] iv, AesPadding padding = NONE, int tagSize = 128) returns byte[]|Error = @java:Method { name: "encryptAesGcm", @@ -157,10 +157,10 @@ public isolated function encryptAesGcm(byte[] input, byte[] key, byte[] iv, AesP # byte[] plainText = check crypto:decryptRsaEcb(cipherText, privateKey); # ``` # -# + input - The content to be decrypted -# + key - Private or public key used for encryption -# + padding - The padding algorithm -# + return - Decrypted data or else a `crypto:Error` if the key is invalid +# + input - The content to be decrypted, provided as a byte array +# + key - The RSA key (private or public) used for decryption. The key must be compatible with the RSA algorithm +# + padding - The padding algorithm to use. Supported values are `PKCS1`, `OAEPwithMD5andMGF1`, `OAEPWithSHA1AndMGF1`, `OAEPWithSHA256AndMGF1`, `OAEPwithSHA384andMGF1`, and `OAEPwithSHA512andMGF1` +# + return - The decrypted data as a byte array, or a `crypto:Error` if the key is invalid or an error occurs during decryption public isolated function decryptRsaEcb(byte[] input, PrivateKey|PublicKey key, RsaPadding padding = PKCS1) returns byte[]|Error = @java:Method { name: "decryptRsaEcb", @@ -183,11 +183,11 @@ public isolated function decryptRsaEcb(byte[] input, PrivateKey|PublicKey key, R # byte[] plainText = check crypto:decryptAesCbc(cipherText, key, initialVector); # ``` # -# + input - The content to be decrypted -# + key - Encryption key -# + iv - Initialization vector -# + padding - The padding algorithm -# + return - Decrypted data or else a `crypto:Error` if the key is invalid +# + input - The content to be decrypted, provided as a byte array +# + key - The encryption key used for AES-CBC decryption +# + iv - The initialization vector used to initialize the AES-CBC decryption process +# + padding - The padding algorithm to use. Supported value is `PKCS5` +# + return - The decrypted data as a byte array, or a `crypto:Error` if the key, IV, or padding is invalid public isolated function decryptAesCbc(byte[] input, byte[] key, byte[] iv, AesPadding padding = PKCS5) returns byte[]|Error = @java:Method { name: "decryptAesCbc", @@ -206,10 +206,10 @@ public isolated function decryptAesCbc(byte[] input, byte[] key, byte[] iv, AesP # byte[] plainText = check crypto:decryptAesEcb(cipherText, key); # ``` # -# + input - The content to be decrypted -# + key - Encryption key -# + padding - The padding algorithm -# + return - Decrypted data or else a `crypto:Error` if the key is invalid +# + input - The content to be decrypted, provided as a byte array +# + key - The encryption key used for AES-ECB decryption +# + padding - The padding algorithm to use. Supported value is `PKCS5` +# + return - The decrypted data as a byte array, or a `crypto:Error` if the key or padding is invalid public isolated function decryptAesEcb(byte[] input, byte[] key, AesPadding padding = PKCS5) returns byte[]|Error = @java:Method { name: "decryptAesEcb", @@ -232,12 +232,12 @@ public isolated function decryptAesEcb(byte[] input, byte[] key, AesPadding padd # byte[] plainText = check crypto:decryptAesGcm(cipherText, key, initialVector); # ``` # -# + input - The content to be decrypted -# + key - Encryption key -# + iv - Initialization vector -# + padding - The padding algorithm -# + tagSize - Tag size -# + return - Decrypted data or else a `crypto:Error` if the key is invalid +# + input - The content to be decrypted, provided as a byte array +# + key - The encryption key used for AES-GCM decryption +# + iv - The initialization vector used to initialize the AES-GCM decryption process +# + padding - The padding algorithm to use. Supported value is `PKCS5` +# + tagSize - The size of the authentication tag in bits. Valid values are 128, 120, 112, 104, or 96 +# + return - The decrypted data as a byte array, or a `crypto:Error` if the key, IV, or tag size is invalid public isolated function decryptAesGcm(byte[] input, byte[] key, byte[] iv, AesPadding padding = PKCS5, int tagSize = 128) returns byte[]|Error = @java:Method { name: "decryptAesGcm", @@ -250,10 +250,10 @@ public isolated function decryptAesGcm(byte[] input, byte[] key, byte[] iv, AesP # byte[] cipherText = check crypto:encryptPgp(message, "public_key.asc"); # ``` # -# + plainText - The content to be encrypted -# + publicKey - Path to the public key -# + options - PGP encryption options -# + return - Encrypted data or else a `crypto:Error` if the key is invalid +# + plainText - The content to be encrypted, provided as a byte array +# + publicKey - Path to the public key file in ASCII-armored format +# + options - Optional PGP encryption options, such as compression or cipher preferences +# + return - The encrypted data as a byte array, or a `crypto:Error` if the public key is invalid or an error occurs during encryption public isolated function encryptPgp(byte[] plainText, string publicKey, *Options options) returns byte[]|Error = @java:Method { name: "encryptPgp", @@ -266,10 +266,10 @@ public isolated function encryptPgp(byte[] plainText, string publicKey, *Options # stream|crypto:Error encryptedStream = crypto:encryptStreamAsPgp(inputStream, "public_key.asc"); # ``` # -# + inputStream - The content to be encrypted as a stream -# + publicKey - Path to the public key -# + options - PGP encryption options -# + return - Encrypted stream or else a `crypto:Error` if the key is invalid +# + inputStream - The content to be encrypted, provided as a stream of byte arrays +# + publicKey - Path to the public key file in ASCII-armored format +# + options - Optional PGP encryption options, such as compression or cipher preferences +# + return - The encrypted content as a stream of byte arrays, or a `crypto:Error` if the public key is invalid or an error occurs during encryption public isolated function encryptStreamAsPgp(stream inputStream, string publicKey, *Options options) returns stream|Error = @java:Method { 'class: "io.ballerina.stdlib.crypto.nativeimpl.Encrypt" @@ -284,10 +284,10 @@ public isolated function encryptStreamAsPgp(stream inputStream, # byte[] decryptedMessage = check crypto:decryptPgp(cipherText, "private_key.asc", passphrase); # ``` # -# + cipherText - The encrypted content to be decrypted -# + privateKey - Path to the private key -# + passphrase - passphrase of the private key -# + return - Decrypted data or else a `crypto:Error` if the key or passphrase is invalid +# + cipherText - The encrypted content to be decrypted, provided as a byte array +# + privateKey - Path to the private key file in ASCII-armored format +# + passphrase - The passphrase used to unlock the private key +# + return - The decrypted data as a byte array, or a `crypto:Error` if the key or passphrase is invalid public isolated function decryptPgp(byte[] cipherText, string privateKey, byte[] passphrase) returns byte[]|Error = @java:Method { name: "decryptPgp", @@ -301,10 +301,10 @@ public isolated function decryptPgp(byte[] cipherText, string privateKey, byte[] # stream|crypto:Error decryptedStream = crypto:decryptStreamFromPgp(inputStream, "private_key.asc", passphrase); # ``` # -# + inputStream - The encrypted content as a stream -# + privateKey - Path to the private key -# + passphrase - passphrase of the private key -# + return - Decrypted stream or else a `crypto:Error` if the key or passphrase is invalid +# + inputStream - The encrypted content provided as a stream of byte arrays +# + privateKey - Path to the private key file in ASCII-armored format +# + passphrase - The passphrase used to unlock the private key +# + return - The decrypted content as a stream of byte arrays, or a `crypto:Error` if the key or passphrase is invalid public isolated function decryptStreamFromPgp(stream inputStream, string privateKey, byte[] passphrase) returns stream|Error = @java:Method { 'class: "io.ballerina.stdlib.crypto.nativeimpl.Decrypt" diff --git a/ballerina/hash.bal b/ballerina/hash.bal index 3e7ddace..9b90a06e 100644 --- a/ballerina/hash.bal +++ b/ballerina/hash.bal @@ -30,9 +30,9 @@ public enum HmacAlgorithm { # byte[] hash = crypto:hashMd5(data); # ``` # -# + input - Value to be hashed -# + salt - Salt to be added -# + return - Hashed output +# + input - The data to be hashed, provided as a byte array +# + salt - Optional salt to be added to the input, provided as a byte array +# + return - The MD5 hash of the input data as a byte array public isolated function hashMd5(byte[] input, byte[]? salt = ()) returns byte[] = @java:Method { name: "hashMd5", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Hash" @@ -45,9 +45,9 @@ public isolated function hashMd5(byte[] input, byte[]? salt = ()) returns byte[] # byte[] hash = crypto:hashSha1(data); # ``` # -# + input - Value to be hashed -# + salt - Salt to be added -# + return - Hashed output +# + input - The data to be hashed, provided as a byte array +# + salt - Optional salt to be added to the input, provided as a byte array +# + return - The SHA-1 hash of the input data as a byte array public isolated function hashSha1(byte[] input, byte[]? salt = ()) returns byte[] = @java:Method { name: "hashSha1", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Hash" @@ -60,9 +60,9 @@ public isolated function hashSha1(byte[] input, byte[]? salt = ()) returns byte[ # byte[] hash = crypto:hashSha256(data); # ``` # -# + input - Value to be hashed -# + salt - Salt to be added -# + return - Hashed output +# + input - The data to be hashed, provided as a byte array +# + salt - Optional salt to be added to the input, provided as a byte array +# + return - The SHA-256 hash of the input data as a byte array public isolated function hashSha256(byte[] input, byte[]? salt = ()) returns byte[] = @java:Method { name: "hashSha256", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Hash" @@ -75,9 +75,9 @@ public isolated function hashSha256(byte[] input, byte[]? salt = ()) returns byt # byte[] hash = crypto:hashSha384(data); # ``` # -# + input - Value to be hashed -# + salt - Salt to be added -# + return - Hashed output +# + input - The data to be hashed, provided as a byte array +# + salt - Optional salt to be added to the input, provided as a byte array +# + return - The SHA-384 hash of the input data as a byte array public isolated function hashSha384(byte[] input, byte[]? salt = ()) returns byte[] = @java:Method { name: "hashSha384", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Hash" @@ -90,23 +90,23 @@ public isolated function hashSha384(byte[] input, byte[]? salt = ()) returns byt # byte[] hash = crypto:hashSha512(data); # ``` # -# + input - Value to be hashed -# + salt - Salt to be added -# + return - Hashed output +# + input - The data to be hashed, provided as a byte array +# + salt - Optional salt to be added to the input, provided as a byte array +# + return - The SHA-512 hash of the input data as a byte array public isolated function hashSha512(byte[] input, byte[]? salt = ()) returns byte[] = @java:Method { name: "hashSha512", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Hash" } external; -# Returns the Hex-encoded CRC32B value for the given data. +# Returns the Hex-encoded CRC32B checksum for the given data. # ```ballerina # string stringData = "Hello Ballerina"; # byte[] data = stringData.toBytes(); # string checksum = crypto:crc32b(data); # ``` # -# + input - Value for checksum generation -# + return - The generated checksum +# + input - The data to generate the checksum for, provided as a byte array +# + return - The generated CRC32B checksum as a hexadecimal string public isolated function crc32b(byte[] input) returns string = @java:Method { name: "crc32b", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Hash" @@ -119,9 +119,9 @@ public isolated function crc32b(byte[] input) returns string = @java:Method { # byte[] hash = crypto:hashKeccak256(data); # ``` # -# + input - Value to be hashed -# + salt - Salt to be added -# + return - Hashed output +# + input - The data to be hashed, provided as a byte array +# + salt - Optional salt to be added to the input, provided as a byte array +# + return - The Keccak-256 hash of the input data as a byte array public isolated function hashKeccak256(byte[] input, byte[]? salt = ()) returns byte[] = @java:Method { name: "hashKeccak256", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Hash" @@ -135,7 +135,7 @@ public isolated function hashKeccak256(byte[] input, byte[]? salt = ()) returns # # + password - Password string to be hashed # + workFactor - Optional work factor (cost parameter) between 4 and 31. Default is 12 -# + return - BCrypt hashed password string or Error if hashing fails +# + return - The BCrypt hashed password string, or a `crypto:Error` if hashing fails public isolated function hashBcrypt(string password, int workFactor = 12) returns string|Error = @java:Method { name: "hashPassword", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Password" @@ -150,7 +150,7 @@ public isolated function hashBcrypt(string password, int workFactor = 12) return # # + password - Password string to verify # + hashedPassword - BCrypt hashed password to verify against -# + return - Boolean indicating if password matches or Error if verification fails +# + return - A boolean indicating if the password matches, or a `crypto:Error` if verification fails public isolated function verifyBcrypt(string password, string hashedPassword) returns boolean|Error = @java:Method { name: "verifyPassword", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Password" @@ -162,11 +162,11 @@ public isolated function verifyBcrypt(string password, string hashedPassword) re # string|crypto:Error hash = crypto:hashArgon2(password); # ``` # -# + password - Password string to be hashed +# + password - The password string to be hashed # + iterations - Optional number of iterations. Default is 3 # + memory - Optional memory usage in KB. Default is 65536 (64MB) # + parallelism - Optional degree of parallelism. Default is 4 -# + return - Argon2id hashed password string or Error if hashing fails +# + return - The Argon2id hashed password string, or a `crypto:Error` if hashing fails public isolated function hashArgon2(string password, int iterations = 3, int memory = 65536, int parallelism = 4) returns string|Error = @java:Method { name: "hashPasswordArgon2", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Password" @@ -180,8 +180,8 @@ public isolated function hashArgon2(string password, int iterations = 3, int mem # ``` # # + password - Password string to verify -# + hashedPassword - Argon2id hashed password to verify against -# + return - Boolean indicating if password matches or Error if verification fails +# + hashedPassword - The Argon2id hashed password string to verify against +# + return - A boolean indicating if the password matches, or a `crypto:Error` if verification fails public isolated function verifyArgon2(string password, string hashedPassword) returns boolean|Error = @java:Method { name: "verifyPasswordArgon2", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Password" @@ -193,10 +193,10 @@ public isolated function verifyArgon2(string password, string hashedPassword) re # string|crypto:Error hash = crypto:hashPbkdf2(password); # ``` # -# + password - Password string to be hashed -# + iterations - Optional number of iterations. Default is 10000 +# + password - The password string to be hashed +# + iterations - Optional number of iterations. Default is 10000. Must be a positive integer. # + algorithm - Optional HMAC algorithm (`SHA1`, `SHA256`, `SHA512`). Default is SHA256 -# + return - PBKDF2 hashed password string or Error if hashing fails +# + return - The PBKDF2 hashed password string, or a `crypto:Error` if hashing fails public isolated function hashPbkdf2(string password, int iterations = 10000, HmacAlgorithm algorithm = SHA256) returns string|Error = @java:Method { name: "hashPasswordPBKDF2", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Password" @@ -209,9 +209,9 @@ public isolated function hashPbkdf2(string password, int iterations = 10000, Hma # boolean|crypto:Error matches = crypto:verifyPbkdf2(password, hashedPassword); # ``` # -# + password - Password string to verify -# + hashedPassword - PBKDF2 hashed password to verify against -# + return - Boolean indicating if password matches or Error if verification fails +# + password - The password string to verify +# + hashedPassword - The PBKDF2 hashed password string to verify against +# + return - A boolean indicating if the password matches, or a `crypto:Error` if verification fails public isolated function verifyPbkdf2(string password, string hashedPassword) returns boolean|Error = @java:Method { name: "verifyPasswordPBKDF2", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Password" diff --git a/ballerina/hmac.bal b/ballerina/hmac.bal index 090cd298..5126bccb 100644 --- a/ballerina/hmac.bal +++ b/ballerina/hmac.bal @@ -25,9 +25,9 @@ import ballerina/jballerina.java; # byte[] hmac = check crypto:hmacMd5(data, key); # ``` # -# + input - Value to be hashed -# + key - Key used for HMAC generation -# + return - The HMAC output or a `crypto:Error` if an error occurred +# + input - The data to be hashed, provided as a byte array +# + key - The secret key used for HMAC generation, provided as a byte array +# + return - The HMAC output as a byte array, or a `crypto:Error` if an error occurred public isolated function hmacMd5(byte[] input, byte[] key) returns byte[]|Error = @java:Method { name: "hmacMd5", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Hmac" @@ -42,9 +42,9 @@ public isolated function hmacMd5(byte[] input, byte[] key) returns byte[]|Error # byte[] hmac = check crypto:hmacSha1(data, key); # ``` # -# + input - Value to be hashed -# + key - Key used for HMAC generation -# + return - The HMAC output or a `crypto:Error` if an error occurred +# + input - The data to be hashed, provided as a byte array +# + key - The secret key used for HMAC generation, provided as a byte array +# + return - The HMAC output as a byte array, or a `crypto:Error` if an error occurred public isolated function hmacSha1(byte[] input, byte[] key) returns byte[]|Error = @java:Method { name: "hmacSha1", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Hmac" @@ -59,9 +59,9 @@ public isolated function hmacSha1(byte[] input, byte[] key) returns byte[]|Error # byte[] hmac = check crypto:hmacSha256(data, key); # ``` # -# + input - Value to be hashed -# + key - Key used for HMAC generation -# + return - The HMAC output or a `crypto:Error` if an error occurred +# + input - The data to be hashed, provided as a byte array +# + key - The secret key used for HMAC generation, provided as a byte array +# + return - The HMAC output as a byte array, or a `crypto:Error` if an error occurred public isolated function hmacSha256(byte[] input, byte[] key) returns byte[]|Error = @java:Method { name: "hmacSha256", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Hmac" @@ -76,9 +76,9 @@ public isolated function hmacSha256(byte[] input, byte[] key) returns byte[]|Err # byte[] hmac = check crypto:hmacSha384(data, key); # ``` # -# + input - Value to be hashed -# + key - Key used for HMAC generation -# + return - The HMAC output or a `crypto:Error` if an error occurred +# + input - The data to be hashed, provided as a byte array +# + key - The secret key used for HMAC generation, provided as a byte array +# + return - The HMAC output as a byte array, or a `crypto:Error` if an error occurred public isolated function hmacSha384(byte[] input, byte[] key) returns byte[]|Error = @java:Method { name: "hmacSha384", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Hmac" @@ -93,9 +93,9 @@ public isolated function hmacSha384(byte[] input, byte[] key) returns byte[]|Err # byte[] hmac = check crypto:hmacSha512(data, key); # ``` # -# + input - Value to be hashed -# + key - Key used for HMAC generation -# + return - The HMAC output or a `crypto:Error` if an error occurred +# + input - The data to be hashed, provided as a byte array +# + key - The secret key used for HMAC generation, provided as a byte array +# + return - The HMAC output as a byte array, or a `crypto:Error` if an error occurred public isolated function hmacSha512(byte[] input, byte[] key) returns byte[]|Error = @java:Method { name: "hmacSha512", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Hmac" diff --git a/ballerina/hpke.bal b/ballerina/hpke.bal index 53eaf938..09c48570 100644 --- a/ballerina/hpke.bal +++ b/ballerina/hpke.bal @@ -14,13 +14,13 @@ // specific language governing permissions and limitations // under the License. -# Represent the supported symmetric key sizes for AES algorithm. +# Represents the supported symmetric key sizes for AES algorithm. public type AesKeySize 16|24|32; # Represents the encapsulated secret and the ciphertext used in Hybrid Public Key Encryption (HPKE). # -# + encapsulatedSecret - The encapsulated secret -# + cipherText - The encrypted data +# + encapsulatedSecret - The encapsulated secret as a byte array +# + cipherText - The encrypted data as a byte array public type HybridEncryptionResult record {| byte[] encapsulatedSecret; byte[] cipherText; @@ -37,10 +37,10 @@ public type HybridEncryptionResult record {| # crypto:PublicKey publicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(keyStore, "keyAlias"); # crypto:HybridEncryptionResult encryptionResult = check crypto:encryptMlKem768Hpke(data, publicKey); # ``` -# + input - The content to be encrypted -# + publicKey - Public key used for encryption -# + symmetricKeySize - The length of the symmetric key (in bytes) -# + return - Encrypted data or else a `crypto:Error` if an error occurs +# + input - The content to be encrypted, provided as a byte array +# + publicKey - The public key used for encryption, provided as a `crypto:PublicKey` record +# + symmetricKeySize - The length of the symmetric key in bytes +# + return - The encrypted data as a `crypto:HybridEncryptionResult`, or a `crypto:Error` if an error occurs public isolated function encryptMlKem768Hpke(byte[] input, PublicKey publicKey, AesKeySize symmetricKeySize = 32) returns HybridEncryptionResult|Error { EncapsulationResult encapsulationResult = check encapsulateMlKem768(publicKey); byte[] sharedSecret = check hkdfSha256(encapsulationResult.sharedSecret, symmetricKeySize); @@ -67,11 +67,11 @@ public isolated function encryptMlKem768Hpke(byte[] input, PublicKey publicKey, # crypto:PrivateKey privateKey = check crypto:decodeMlKem768PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyStorePassword"); # byte[] decryptedData = check crypto:decryptMlKem768Hpke(cipherText, encapsulatedKey, privateKey); # ``` -# + input - The content to be decrypted -# + encapsulatedKey - The encapsulated secret -# + privateKey - The MlKem private key used for decryption -# + symmetricKeySize - The length of the symmetric key (in bytes) -# + return - Decrypted data or else a `crypto:Error` if error occurs +# + input - The content to be decrypted, provided as a byte array +# + encapsulatedKey - The encapsulated secret, provided as a byte array representing the encrypted key material +# + privateKey - The MlKem private key used for decryption, provided as a `crypto:PrivateKey` record +# + symmetricKeySize - The length of the symmetric key in bytes +# + return - The decrypted data as a byte array, or a `crypto:Error` if an error occurs public isolated function decryptMlKem768Hpke(byte[] input, byte[] encapsulatedKey, PrivateKey privateKey, AesKeySize symmetricKeySize = 32) returns byte[]|Error { byte[] key = check decapsulateMlKem768(encapsulatedKey, privateKey); key = check hkdfSha256(key, symmetricKeySize); @@ -94,11 +94,11 @@ public isolated function decryptMlKem768Hpke(byte[] input, byte[] encapsulatedKe # crypto:PublicKey rsaPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(rsaKeyStore, "keyAlias"); # crypto:HybridEncryptionResult encryptionResult = check crypto:encryptRsaKemMlKem768Hpke(data, rsaPublicKey, mlkemPublicKey); # ``` -# + input - The content to be encrypted -# + rsaPublicKey - The RSA public key used for encryption -# + mlkemPublicKey - The MlKem public key used for encryption -# + symmetricKeySize - The length of the symmetric key (in bytes) -# + return - Encrypted data or else a `crypto:Error` if an error occurs +# + input - The content to be encrypted, provided as a byte array +# + rsaPublicKey - The RSA public key used for encryption, provided as a `crypto:PublicKey` record +# + mlkemPublicKey - The ML-KEM public key used for encryption, provided as a `crypto:PublicKey` record +# + symmetricKeySize - The length of the symmetric key in bytes +# + return - The encrypted data as a `crypto:HybridEncryptionResult`, or a `crypto:Error` if an error occurs public isolated function encryptRsaKemMlKem768Hpke(byte[] input, PublicKey rsaPublicKey, PublicKey mlkemPublicKey, AesKeySize symmetricKeySize = 32) returns HybridEncryptionResult|Error { EncapsulationResult hybridEncapsulationResult = check encapsulateRsaKemMlKem768(rsaPublicKey, mlkemPublicKey); byte[] sharedSecret = check hkdfSha256(hybridEncapsulationResult.sharedSecret, symmetricKeySize); @@ -130,12 +130,12 @@ public isolated function encryptRsaKemMlKem768Hpke(byte[] input, PublicKey rsaPu # crypto:PrivateKey rsaPrivateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(rsaKeyStore, "keyAlias", "keyStorePassword"); # byte[] decryptedData = check crypto:decryptRsaKemMlKem768Hpke(cipherText, encapsulatedKey, rsaPrivateKey, mlkemPrivateKey); # ``` -# + input - The content to be decrypted -# + encapsulatedKey - The encapsulated secret -# + rsaPrivateKey - The RSA private key used for decryption -# + mlkemPrivateKey - The MlKem private key used for decryption -# + symmetricKeySize - The length of the symmetric key (in bytes) -# + return - Decrypted data or else a `crypto:Error` if error occurs +# + input - The content to be decrypted, provided as a byte array +# + encapsulatedKey - The encapsulated secret, provided as a byte array representing the encrypted key material +# + rsaPrivateKey - The RSA private key used for decryption, provided as a `crypto:PrivateKey` record +# + mlkemPrivateKey - The MlKem private key used for decryption, provided as a `crypto:PrivateKey` record +# + symmetricKeySize - The length of the symmetric key in bytes +# + return - The decrypted data as a byte array, or a `crypto:Error` if an error occurs public isolated function decryptRsaKemMlKem768Hpke(byte[] input, byte[] encapsulatedKey, PrivateKey rsaPrivateKey, PrivateKey mlkemPrivateKey, AesKeySize symmetricKeySize = 32) returns byte[]|Error { byte[] key = check decapsulateRsaKemMlKem768(encapsulatedKey, rsaPrivateKey, mlkemPrivateKey); key = check hkdfSha256(key, symmetricKeySize); diff --git a/ballerina/kdf.bal b/ballerina/kdf.bal index 9ad25fca..2665187a 100644 --- a/ballerina/kdf.bal +++ b/ballerina/kdf.bal @@ -22,11 +22,11 @@ import ballerina/jballerina.java; # byte[] key = secret.toBytes(); # byte[] hash = crypto:hkdfSha256(key, 32); # ``` -# + input - The input key material to derive the key from -# + length - The length of the output keying material (OKM) in bytes -# + salt - Optional salt value, a non-secret random value -# + info - Optional context and application-specific information -# + return - The derived keying material (OKM) of the specified length +# + input - The input key material, provided as a byte array +# + length - The length of the output keying material (OKM) in bytes. Must be a positive integer +# + salt - An optional salt value, provided as a byte array. Defaults to an empty array if not specified +# + info - An optional context and application-specific information, provided as a byte array. Defaults to an empty array if not specified +# + return - The derived keying material (OKM) of the specified length as a byte array, or a `crypto:Error` if an error occurs public isolated function hkdfSha256(byte[] input, int length, byte[] salt = [], byte[] info = []) returns byte[]|Error = @java:Method { name: "hkdfSha256", 'class: "io.ballerina.stdlib.crypto.nativeimpl.Kdf" diff --git a/ballerina/kem.bal b/ballerina/kem.bal index b203b220..a0e255d9 100644 --- a/ballerina/kem.bal +++ b/ballerina/kem.bal @@ -18,8 +18,8 @@ import ballerina/jballerina.java; # Represents the shared secret and its encapsulation used in Key Encapsulation Mechanism (KEM). # -# + encapsulatedSecret - Encapsulated secret -# + sharedSecret - Shared secret +# + encapsulatedSecret - The encapsulated secret, provided as a byte array +# + sharedSecret - The shared secret, provided as a byte array public type EncapsulationResult record {| byte[] encapsulatedSecret; byte[] sharedSecret; @@ -34,8 +34,8 @@ public type EncapsulationResult record {| # crypto:PublicKey publicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(keyStore, "keyAlias"); # crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateMlKem768(publicKey); # ``` -# + publicKey - Public key -# + return - Encapsulated secret or else a `crypto:Error` if the public key is invalid +# + publicKey - The ML-KEM-768 public key used for encapsulation, provided as a `crypto:PublicKey` record +# + return - The encapsulated secret as a `crypto:EncapsulationResult`, or a `crypto:Error` if the public key is invalid public isolated function encapsulateMlKem768(PublicKey publicKey) returns EncapsulationResult|Error = @java:Method { name: "encapsulateMlKem768", @@ -54,9 +54,9 @@ public isolated function encapsulateMlKem768(PublicKey publicKey) # crypto:PrivateKey privateKey = check crypto:decodeMlKem768PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyStorePassword"); # byte[] sharedSecret = check crypto:decapsulateMlKem768(encapsulatedSecret, privateKey); # ``` -# + encapsulatedSecret - Encapsulated secret -# + privateKey - Private key -# + return - Shared secret or else a `crypto:Error` if the encapsulatedSecret or the private key is invalid +# + encapsulatedSecret - The encapsulated secret, provided as a byte array +# + privateKey - The ML-KEM-768 private key used for decryption, provided as a `crypto:PrivateKey` record +# + return - The shared secret as a byte array, or a `crypto:Error` if the encapsulated secret or the private key is invalid public isolated function decapsulateMlKem768(byte[] encapsulatedSecret, PrivateKey privateKey) returns byte[]|Error = @java:Method { name: "decapsulateMlKem768", @@ -77,9 +77,9 @@ public isolated function decapsulateMlKem768(byte[] encapsulatedSecret, PrivateK # crypto:PublicKey rsaPublicKey = check crypto:decodeRsaPublicKeyFromTrustStore(rsaKeyStore, "keyAlias"); # crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateRsaKemMlKem768(rsaPublicKey, mlkemPublicKey); # ``` -# + rsaPublicKey - RSA public key -# + mlkemPublicKey - MlKem public key -# + return - Encapsulated secret or else a `crypto:Error` if the keysize or public keys are invalid +# + rsaPublicKey - The RSA public key used for encapsulation, provided as a `crypto:PublicKey` record +# + mlkemPublicKey - The ML-KEM-768 public key used for encapsulation, provided as a `crypto:PublicKey` record +# + return - The encapsulated secret as a `crypto:EncapsulationResult`, or a `crypto:Error` if the key size or public keys are invalid public isolated function encapsulateRsaKemMlKem768(PublicKey rsaPublicKey, PublicKey mlkemPublicKey) returns EncapsulationResult|Error { EncapsulationResult rsaEncapsulationResult = check encapsulateRsaKem(rsaPublicKey); @@ -109,10 +109,10 @@ public isolated function encapsulateRsaKemMlKem768(PublicKey rsaPublicKey, Publi # crypto:PrivateKey rsaPrivateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(rsaKeyStore, "keyAlias", "keyStorePassword"); # byte[] sharedSecret = check crypto:decapsulateRsaKemMlKem768(encapsulatedSecret, rsaPrivateKey, mlkemPrivateKey); # ``` -# + encapsulatedSecret - Encapsulated secret -# + rsaPrivateKey - RSA private key -# + mlkemPrivateKey - MlKem private key -# + return - Shared secret or else a `crypto:Error` if the keysize or private keys are invalid +# + encapsulatedSecret - The encapsulated secret, provided as a byte array +# + rsaPrivateKey - The RSA private key used for decryption, provided as a `crypto:PrivateKey` record +# + mlkemPrivateKey - The ML-KEM-768 private key used for decryption, provided as a `crypto:PrivateKey` record +# + return - The shared secret as a byte array, or a `crypto:Error` if the encapsulated secret or the private keys are invalid public isolated function decapsulateRsaKemMlKem768(byte[] encapsulatedSecret, PrivateKey rsaPrivateKey, PrivateKey mlkemPrivateKey) returns byte[]|Error { byte[] rsaEncapsulatedSecret = encapsulatedSecret.slice(0, 256); @@ -131,8 +131,8 @@ public isolated function decapsulateRsaKemMlKem768(byte[] encapsulatedSecret, Pr # crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias"); # crypto:EncapsulationResult encapsulationResult = check crypto:encapsulateRsaKem(publicKey); # ``` -# + publicKey - Public key -# + return - Encapsulated secret or else a `crypto:Error` if the public key is invalid +# + publicKey - The RSA public key used for encapsulation, provided as a `crypto:PublicKey` record +# + return - The encapsulated secret as a `crypto:EncapsulationResult`, or a `crypto:Error` if the public key is invalid public isolated function encapsulateRsaKem(PublicKey publicKey) returns EncapsulationResult|Error = @java:Method { name: "encapsulateRsaKem", @@ -151,9 +151,9 @@ public isolated function encapsulateRsaKem(PublicKey publicKey) # crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyStorePassword"); # byte[] sharedSecret = check crypto:decapsulateRsaKem(encapsulatedSecret, privateKey); # ``` -# + encapsulatedSecret - Encapsulated secret -# + privateKey - Private key -# + return - Shared secret or else a `crypto:Error` if the encapsulatedSecret or the private key is invalid +# + encapsulatedSecret - The encapsulated secret, provided as a byte array +# + privateKey - The RSA private key used for decryption, provided as a `crypto:PrivateKey` record +# + return - The shared secret as a byte array, or a `crypto:Error` if the encapsulated secret or the private key is invalid public isolated function decapsulateRsaKem(byte[] encapsulatedSecret, PrivateKey privateKey) returns byte[]|Error = @java:Method { name: "decapsulateRsaKem", diff --git a/ballerina/pgp_utils.bal b/ballerina/pgp_utils.bal index a60d3518..d806b05c 100644 --- a/ballerina/pgp_utils.bal +++ b/ballerina/pgp_utils.bal @@ -19,7 +19,7 @@ # + compressionAlgorithm - Specifies the compression algorithm used for PGP encryption # + symmetricKeyAlgorithm - Specifies the symmetric key algorithm used for encryption # + armor - Indicates whether ASCII armor is enabled for the encrypted output -# + withIntegrityCheck - Indicates whether integrity check is included in the encryption +# + withIntegrityCheck - Indicates whether an integrity check is included in the encryption public type Options record {| CompressionAlgorithmTags compressionAlgorithm = ZIP; SymmetricKeyAlgorithmTags symmetricKeyAlgorithm = AES_256; @@ -29,10 +29,10 @@ public type Options record {| # Represents the compression algorithms available in PGP. # -# + UNCOMPRESSED - No compression -# + ZIP - Uses (RFC 1951) compression -# + ZLIB - Uses (RFC 1950) compression -# + BZIP2 - Uses Burrows–Wheeler algorithm +# + UNCOMPRESSED - No compression is applied +# + ZIP - Uses ZIP compression as defined in RFC 1951 +# + ZLIB - Uses ZLIB compression as defined in RFC 1950 +# + BZIP2 - Uses Burrows–Wheeler algorithm for compression public enum CompressionAlgorithmTags { UNCOMPRESSED = "0", ZIP = "1", @@ -42,20 +42,20 @@ public enum CompressionAlgorithmTags { # Represent the symmetric key algorithms available in PGP. # -# + NULL - No encryption -# + IDEA - IDEA symmetric key algorithm -# + TRIPLE_DES - Triple DES symmetric key algorithm -# + CAST5 - CAST5 symmetric key algorithm -# + BLOWFISH - Blowfish symmetric key algorithm -# + SAFER - SAFER symmetric key algorithm -# + DES - DES symmetric key algorithm -# + AES_128 - AES 128-bit symmetric key algorithm -# + AES_192 - AES 192-bit symmetric key algorithm -# + AES_256 - AES 256-bit symmetric key algorithm -# + TWOFISH - Twofish symmetric key algorithm -# + CAMELLIA_128 - Camellia 128-bit symmetric key algorithm -# + CAMELLIA_192 - Camellia 192-bit symmetric key algorithm -# + CAMMELIA_256 - Camellia 256-bit symmetric key algorithm +# + NULL - No encryption is applied +# + IDEA - Uses the IDEA symmetric key algorithm +# + TRIPLE_DES - Uses the Triple DES symmetric key algorithm +# + CAST5 - Uses the CAST5 symmetric key algorithm +# + BLOWFISH - Uses the Blowfish symmetric key algorithm +# + SAFER - Uses the SAFER symmetric key algorithm +# + DES - Uses the DES symmetric key algorithm +# + AES_128 - Uses the AES 128-bit symmetric key algorithm +# + AES_192 - Uses the AES 192-bit symmetric key algorithm +# + AES_256 - Uses the AES 256-bit symmetric key algorithm for high security +# + TWOFISH - Uses the Twofish symmetric key algorithm +# + CAMELLIA_128 - Uses the Camellia 128-bit symmetric key algorithm +# + CAMELLIA_192 - Uses the Camellia 192-bit symmetric key algorithm +# + CAMMELIA_256 - Uses the Camellia 256-bit symmetric key algorithm public enum SymmetricKeyAlgorithmTags { NULL = "0", IDEA = "1", diff --git a/ballerina/private_public_key.bal b/ballerina/private_public_key.bal index e16ffb09..aa0b79b5 100644 --- a/ballerina/private_public_key.bal +++ b/ballerina/private_public_key.bal @@ -20,19 +20,19 @@ import ballerina/time; # Represents the supported public key algorithms. public type KeyAlgorithm RSA|MLKEM768|MLDSA65; -# The `RSA` algorithm. +# Represents the `RSA` algorithm. public const RSA = "RSA"; -# The `ML-KEM-768` algorithm. +# Represents the `ML-KEM-768` algorithm. public const MLKEM768 = "ML-KEM-768"; -# The `ML-DSA-65` algorithm. +# Represents the `ML-DSA-65` algorithm. public const MLDSA65 = "ML-DSA-65"; # Represents the KeyStore-related configurations. # -# + path - Path to the KeyStore file -# + password - KeyStore password +# + path - The KeyStore file path +# + password - The KeyStore password public type KeyStore record {| string path; string password; @@ -40,8 +40,8 @@ public type KeyStore record {| # Represents the truststore-related configurations. # -# + path - Path to the TrustStore file -# + password - TrustStore password +# + path - The TrustStore file path +# + password - The TrustStore password public type TrustStore record {| string path; string password; @@ -49,15 +49,15 @@ public type TrustStore record {| # Represents the private key used in cryptographic operations. # -# + algorithm - Key algorithm +# + algorithm - Specifies the cryptographic algorithm used for the private key. Must be one of the supported algorithms (RSA, MLKEM768, MLDSA65) public type PrivateKey record {| KeyAlgorithm algorithm; |}; # Represents the public key used in cryptographic operations. # -# + algorithm - Key algorithm -# + certificate - Public key certificate +# + algorithm - Specifies the cryptographic algorithm used for the public key. Must be one of the supported algorithms (RSA, MLKEM768, MLDSA65) +# + certificate - Optional X.509 certificate associated with the public key public type PublicKey record {| KeyAlgorithm algorithm; Certificate certificate?; @@ -65,14 +65,14 @@ public type PublicKey record {| # Represents the X509 public key certificate information. # -# + version0 - Version number -# + serial - Serial number -# + issuer - Issuer name -# + subject - Subject name -# + notBefore - Not before validity period of certificate -# + notAfter - Not after validity period of certificate -# + signature - Raw signature bits -# + signingAlgorithm - Signature algorithm +# + version0 - Version number of the certificate +# + serial - Serial number of the certificate +# + issuer - Issuer name of the certificate +# + subject - Subject name of the certificate +# + notBefore - The start of the validity period of the certificate +# + notAfter - The end of the validity period of the certificate +# + signature - Raw signature bits of the certificate +# + signingAlgorithm - The algorithm used to sign the certificate public type Certificate record {| int version0; int serial; @@ -93,9 +93,9 @@ public type Certificate record {| # crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); # ``` # -# + keyStore - KeyStore configurations -# + keyAlias - Key alias -# + keyPassword - Key password +# + keyStore - The KeyStore configurations containing the file path and password +# + keyAlias - The alias of the private key in the KeyStore +# + keyPassword - The password used to access the private key in the KeyStore # + return - Reference to the private key or else a `crypto:Error` if the private key was unreadable public isolated function decodeRsaPrivateKeyFromKeyStore(KeyStore keyStore, string keyAlias, string keyPassword) returns PrivateKey|Error = @java:Method { @@ -111,9 +111,9 @@ public isolated function decodeRsaPrivateKeyFromKeyStore(KeyStore keyStore, stri # crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); # ``` # -# + keyStore - KeyStore configurations -# + keyAlias - Key alias -# + keyPassword - Key password +# + keyStore - The KeyStore configurations containing the file path and password +# + keyAlias - The alias of the private key in the KeyStore +# + keyPassword - The password used to access the private key in the KeyStore # + return - Reference to the private key or else a `crypto:Error` if the private key was unreadable public isolated function decodeEcPrivateKeyFromKeyStore(KeyStore keyStore, string keyAlias, string keyPassword) returns PrivateKey|Error = @java:Method { @@ -129,9 +129,9 @@ public isolated function decodeEcPrivateKeyFromKeyStore(KeyStore keyStore, strin # crypto:PrivateKey privateKey = check crypto:decodeMlDsa65PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); # ``` # -# + keyStore - KeyStore configurations -# + keyAlias - Key alias -# + keyPassword - Key password +# + keyStore - The KeyStore configurations containing the file path and password +# + keyAlias - The alias of the private key in the KeyStore +# + keyPassword - The password used to access the private key in the KeyStore # + return - Reference to the private key or else a `crypto:Error` if the private key was unreadable public isolated function decodeMlDsa65PrivateKeyFromKeyStore(KeyStore keyStore, string keyAlias, string keyPassword) returns PrivateKey|Error = @java:Method { @@ -147,9 +147,9 @@ public isolated function decodeMlDsa65PrivateKeyFromKeyStore(KeyStore keyStore, # crypto:PrivateKey privateKey = check crypto:decodeMlKem768PrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword"); # ``` # -# + keyStore - KeyStore configurations -# + keyAlias - Key alias -# + keyPassword - Key password +# + keyStore - The KeyStore configurations containing the file path and password +# + keyAlias - The alias of the private key in the KeyStore +# + keyPassword - The password used to access the private key in the KeyStore # + return - Reference to the private key or else a `crypto:Error` if the private key was unreadable public isolated function decodeMlKem768PrivateKeyFromKeyStore(KeyStore keyStore, string keyAlias, string keyPassword) returns PrivateKey|Error = @java:Method { @@ -162,8 +162,8 @@ public isolated function decodeMlKem768PrivateKeyFromKeyStore(KeyStore keyStore, # crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyFile(keyFile, "keyPassword"); # ``` # -# + keyFile - Path to the key file -# + keyPassword - Password of the key file if it is encrypted +# + keyFile - The private key file path +# + keyPassword - The password used to decrypt the private key file if it is encrypted # + return - Reference to the private key or else a `crypto:Error` if the private key was unreadable public isolated function decodeRsaPrivateKeyFromKeyFile(string keyFile, string? keyPassword = ()) returns PrivateKey|Error = @java:Method { @@ -189,8 +189,8 @@ public isolated function decodeRsaPrivateKeyFromContent(byte[] content, string? # crypto:PrivateKey privateKey = check crypto:decodeEcPrivateKeyFromKeyFile(keyFile, "keyPassword"); # ``` # -# + keyFile - Path to the key file -# + keyPassword - Password of the key file if it is encrypted +# + keyFile - The private key file path +# + keyPassword - The password used to decrypt the private key file if it is encrypted # + return - Reference to the private key or else a `crypto:Error` if the private key was unreadable public isolated function decodeEcPrivateKeyFromKeyFile(string keyFile, string? keyPassword = ()) returns PrivateKey|Error = @java:Method { @@ -203,8 +203,8 @@ public isolated function decodeEcPrivateKeyFromKeyFile(string keyFile, string? k # crypto:PrivateKey privateKey = check crypto:decodeMlDsa65PrivateKeyFromKeyFile(keyFile, "keyPassword"); # ``` # -# + keyFile - Path to the key file -# + keyPassword - Password of the key file if it is encrypted +# + keyFile - The private key file path +# + keyPassword - The password used to decrypt the private key file if it is encrypted # + return - Reference to the private key or else a `crypto:Error` if the private key was unreadable public isolated function decodeMlDsa65PrivateKeyFromKeyFile(string keyFile, string? keyPassword = ()) returns PrivateKey|Error = @java:Method { @@ -217,8 +217,8 @@ public isolated function decodeMlDsa65PrivateKeyFromKeyFile(string keyFile, stri # crypto:PrivateKey privateKey = check crypto:decodeMlKem768PrivateKeyFromKeyFile(keyFile, "keyPassword"); # ``` # -# + keyFile - Path to the key file -# + keyPassword - Password of the key file if it is encrypted +# + keyFile - The private key file path +# + keyPassword - The password used to decrypt the private key file if it is encrypted # + return - Reference to the private key or else a `crypto:Error` if the private key was unreadable public isolated function decodeMlKem768PrivateKeyFromKeyFile(string keyFile, string? keyPassword = ()) returns PrivateKey|Error = @java:Method { @@ -234,8 +234,8 @@ public isolated function decodeMlKem768PrivateKeyFromKeyFile(string keyFile, str # crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(trustStore, "keyAlias"); # ``` # -# + trustStore - TrustStore configurations -# + keyAlias - Key alias +# + trustStore - The trustStore configurations containing the file path and password +# + keyAlias - The alias of the public key in the TrustStore # + return - Reference to the public key or else a `crypto:Error` if the public key was unreadable public isolated function decodeRsaPublicKeyFromTrustStore(TrustStore trustStore, string keyAlias) returns PublicKey|Error = @java:Method { @@ -251,8 +251,8 @@ public isolated function decodeRsaPublicKeyFromTrustStore(TrustStore trustStore, # crypto:PublicKey publicKey = check crypto:decodeEcPublicKeyFromTrustStore(trustStore, "keyAlias"); # ``` # -# + trustStore - TrustStore configurations -# + keyAlias - Key alias +# + trustStore - The trustStore configurations containing the file path and password +# + keyAlias - The alias of the public key in the TrustStore # + return - Reference to the public key or else a `crypto:Error` if the public key was unreadable public isolated function decodeEcPublicKeyFromTrustStore(TrustStore trustStore, string keyAlias) returns PublicKey|Error = @java:Method { @@ -268,8 +268,8 @@ public isolated function decodeEcPublicKeyFromTrustStore(TrustStore trustStore, # crypto:PublicKey publicKey = check crypto:decodeMlDsa65PublicKeyFromTrustStore(trustStore, "keyAlias"); # ``` # -# + trustStore - TrustStore configurations -# + keyAlias - Key alias +# + trustStore - The trustStore configurations containing the file path and password +# + keyAlias - The alias of the public key in the TrustStore # + return - Reference to the public key or else a `crypto:Error` if the public key was unreadable public isolated function decodeMlDsa65PublicKeyFromTrustStore(TrustStore trustStore, string keyAlias) returns PublicKey|Error = @java:Method { @@ -285,8 +285,8 @@ public isolated function decodeMlDsa65PublicKeyFromTrustStore(TrustStore trustSt # crypto:PublicKey publicKey = check crypto:decodeMlKem768PublicKeyFromTrustStore(trustStore, "keyAlias"); # ``` # -# + trustStore - TrustStore configurations -# + keyAlias - Key alias +# + trustStore - The trustStore configurations containing the file path and password +# + keyAlias - The alias of the public key in the TrustStore # + return - Reference to the public key or else a `crypto:Error` if the public key was unreadable public isolated function decodeMlKem768PublicKeyFromTrustStore(TrustStore trustStore, string keyAlias) returns PublicKey|Error = @java:Method { @@ -299,7 +299,7 @@ public isolated function decodeMlKem768PublicKeyFromTrustStore(TrustStore trustS # crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromCertFile(certFile); # ``` # -# + certFile - Path to the certificate file +# + certFile - The certificate file path # + return - Reference to the public key or else a `crypto:Error` if the public key was unreadable public isolated function decodeRsaPublicKeyFromCertFile(string certFile) returns PublicKey|Error = @java:Method { 'class: "io.ballerina.stdlib.crypto.nativeimpl.Decode" @@ -323,7 +323,7 @@ public isolated function decodeRsaPublicKeyFromContent(byte[] content) returns P # crypto:PublicKey publicKey = check crypto:decodeEcPublicKeyFromCertFile(certFile); # ``` # -# + certFile - Path to the certificate file +# + certFile - The certificate file path # + return - Reference to the public key or else a `crypto:Error` if the public key was unreadable public isolated function decodeEcPublicKeyFromCertFile(string certFile) returns PublicKey|Error = @java:Method { 'class: "io.ballerina.stdlib.crypto.nativeimpl.Decode" @@ -335,7 +335,7 @@ public isolated function decodeEcPublicKeyFromCertFile(string certFile) returns # crypto:PublicKey publicKey = check crypto:decodeMlDsa65PublicKeyFromCertFile(certFile); # ``` # -# + certFile - Path to the certificate file +# + certFile - The certificate file path # + return - Reference to the public key or else a `crypto:Error` if the public key was unreadable public isolated function decodeMlDsa65PublicKeyFromCertFile(string certFile) returns PublicKey|Error = @java:Method { 'class: "io.ballerina.stdlib.crypto.nativeimpl.Decode" @@ -347,7 +347,7 @@ public isolated function decodeMlDsa65PublicKeyFromCertFile(string certFile) ret # crypto:PublicKey publicKey = check crypto:decodeMlKem768PublicKeyFromCertFile(certFile); # ``` # -# + certFile - Path to the certificate file +# + certFile - The certificate file path # + return - Reference to the public key or else a `crypto:Error` if the public key was unreadable public isolated function decodeMlKem768PublicKeyFromCertFile(string certFile) returns PublicKey|Error = @java:Method { 'class: "io.ballerina.stdlib.crypto.nativeimpl.Decode" diff --git a/ballerina/sign_verify.bal b/ballerina/sign_verify.bal index 69d74ed4..54f182be 100644 --- a/ballerina/sign_verify.bal +++ b/ballerina/sign_verify.bal @@ -28,8 +28,8 @@ import ballerina/jballerina.java; # byte[] signature = check crypto:signRsaMd5(data, privateKey); # ``` # -# + input - The content to be signed -# + privateKey - Private key used for signing +# + input - The content to be signed as a byte array +# + privateKey - The private key used for signing # + return - The generated signature or else a `crypto:Error` if the private key is invalid public isolated function signRsaMd5(byte[] input, PrivateKey privateKey) returns byte[]|Error = @java:Method { name: "signRsaMd5", @@ -48,8 +48,8 @@ public isolated function signRsaMd5(byte[] input, PrivateKey privateKey) returns # byte[] signature = check crypto:signMlDsa65(data, privateKey); # ``` # -# + input - The content to be signed -# + privateKey - Private key used for signing +# + input - The content to be signed as a byte array +# + privateKey - The private key used for signing # + return - The generated signature or else a `crypto:Error` if the private key is invalid public isolated function signMlDsa65(byte[] input, PrivateKey privateKey) returns byte[]|Error = @java:Method { name: "signMlDsa65", @@ -68,8 +68,8 @@ public isolated function signMlDsa65(byte[] input, PrivateKey privateKey) return # byte[] signature = check crypto:signRsaSha1(data, privateKey); # ``` # -# + input - The content to be signed -# + privateKey - Private key used for signing +# + input - The content to be signed as a byte array +# + privateKey - The private key used for signing # + return - The generated signature or else a `crypto:Error` if the private key is invalid public isolated function signRsaSha1(byte[] input, PrivateKey privateKey) returns byte[]|Error = @java:Method { name: "signRsaSha1", @@ -88,8 +88,8 @@ public isolated function signRsaSha1(byte[] input, PrivateKey privateKey) return # byte[] signature = check crypto:signRsaSha256(data, privateKey); # ``` # -# + input - The content to be signed -# + privateKey - Private key used for signing +# + input - The content to be signed as a byte array +# + privateKey - The private key used for signing # + return - The generated signature or else a `crypto:Error` if the private key is invalid public isolated function signRsaSha256(byte[] input, PrivateKey privateKey) returns byte[]|Error = @java:Method { name: "signRsaSha256", @@ -108,8 +108,8 @@ public isolated function signRsaSha256(byte[] input, PrivateKey privateKey) retu # byte[] signature = check crypto:signRsaSha384(data, privateKey); # ``` # -# + input - The content to be signed -# + privateKey - Private key used for signing +# + input - The content to be signed as a byte array +# + privateKey - The private key used for signing # + return - The generated signature or else a `crypto:Error` if the private key is invalid public isolated function signRsaSha384(byte[] input, PrivateKey privateKey) returns byte[]|Error = @java:Method { name: "signRsaSha384", @@ -128,8 +128,8 @@ public isolated function signRsaSha384(byte[] input, PrivateKey privateKey) retu # byte[] signature = check crypto:signRsaSha512(data, privateKey); # ``` # -# + input - The content to be signed -# + privateKey - Private key used for signing +# + input - The content to be signed as a byte array +# + privateKey - The private key used for signing # + return - The generated signature or else a `crypto:Error` if the private key is invalid public isolated function signRsaSha512(byte[] input, PrivateKey privateKey) returns byte[]|Error = @java:Method { name: "signRsaSha512", @@ -167,8 +167,8 @@ public isolated function signRsaSsaPss256(byte[] input, PrivateKey privateKey) r # byte[] signature = check crypto:signSha384withEcdsa(data, privateKey); # ``` # -# + input - The content to be signed -# + privateKey - Private key used for signing +# + input - The content to be signed as a byte array +# + privateKey - The private key used for signing # + return - The generated signature or else a `crypto:Error` if the private key is invalid public isolated function signSha384withEcdsa(byte[] input, PrivateKey privateKey) returns byte[]|Error = @java:Method { name: "signSha384withEcdsa", @@ -187,8 +187,8 @@ public isolated function signSha384withEcdsa(byte[] input, PrivateKey privateKey # byte[] signature = check crypto:signSha256withEcdsa(data, privateKey); # ``` # -# + input - The content to be signed -# + privateKey - Private key used for signing +# + input - The content to be signed as a byte array +# + privateKey - The private key used for signing # + return - The generated signature or else a `crypto:Error` if the private key is invalid public isolated function signSha256withEcdsa(byte[] input, PrivateKey privateKey) returns byte[]|Error = @java:Method { name: "signSha256withEcdsa", @@ -209,9 +209,9 @@ public isolated function signSha256withEcdsa(byte[] input, PrivateKey privateKey # boolean validity = check crypto:verifyRsaMd5Signature(data, signature, publicKey); # ``` # -# + data - The content to be verified -# + signature - Signature value -# + publicKey - Public key used for verification +# + data - The content to be verified as a byte array +# + signature - The signature value as a byte array +# + publicKey - The public key used for verification # + return - Validity of the signature or else a `crypto:Error` if the public key is invalid public isolated function verifyRsaMd5Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error = @java:Method { @@ -233,9 +233,9 @@ public isolated function verifyRsaMd5Signature(byte[] data, byte[] signature, Pu # boolean validity = check crypto:verifyMlDsa65Signature(data, signature, publicKey); # ``` # -# + data - The content to be verified -# + signature - Signature value -# + publicKey - Public key used for verification +# + data - The content to be verified as a byte array +# + signature - The signature value as a byte array +# + publicKey - The public key used for verification # + return - Validity of the signature or else a `crypto:Error` if the public key is invalid public isolated function verifyMlDsa65Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error = @java:Method { @@ -257,9 +257,9 @@ public isolated function verifyMlDsa65Signature(byte[] data, byte[] signature, P # boolean validity = check crypto:verifyRsaSha1Signature(data, signature, publicKey); # ``` # -# + data - The content to be verified -# + signature - Signature value -# + publicKey - Public key used for verification +# + data - The content to be verified as a byte array +# + signature - The signature value as a byte array +# + publicKey - The public key used for verification # + return - Validity of the signature or else a `crypto:Error` if the public key is invalid public isolated function verifyRsaSha1Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error = @java:Method { @@ -281,9 +281,9 @@ public isolated function verifyRsaSha1Signature(byte[] data, byte[] signature, P # boolean validity = check crypto:verifyRsaSha256Signature(data, signature, publicKey); # ``` # -# + data - The content to be verified -# + signature - Signature value -# + publicKey - Public key used for verification +# + data - The content to be verified as a byte array +# + signature - The signature value as a byte array +# + publicKey - The public key used for verification # + return - Validity of the signature or else a `crypto:Error` if the public key is invalid public isolated function verifyRsaSha256Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error = @java:Method { @@ -305,9 +305,9 @@ public isolated function verifyRsaSha256Signature(byte[] data, byte[] signature, # boolean validity = check crypto:verifyRsaSha384Signature(data, signature, publicKey); # ``` # -# + data - The content to be verified -# + signature - Signature value -# + publicKey - Public key used for verification +# + data - The content to be verified as a byte array +# + signature - The signature value as a byte array +# + publicKey - The public key used for verification # + return - Validity of the signature or else a `crypto:Error` if the public key is invalid public isolated function verifyRsaSha384Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error = @java:Method { @@ -329,9 +329,9 @@ public isolated function verifyRsaSha384Signature(byte[] data, byte[] signature, # boolean validity = check crypto:verifyRsaSha512Signature(data, signature, publicKey); # ``` # -# + data - The content to be verified -# + signature - Signature value -# + publicKey - Public key used for verification +# + data - The content to be verified as a byte array +# + signature - The signature value as a byte array +# + publicKey - The public key used for verification # + return - Validity of the signature or else a `crypto:Error` if the public key is invalid public isolated function verifyRsaSha512Signature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error = @java:Method { @@ -376,9 +376,9 @@ public isolated function verifyRsaSsaPss256Signature(byte[] data, byte[] signatu # boolean validity = check crypto:verifySha384withEcdsaSignature(data, signature, publicKey); # ``` # -# + data - The content to be verified -# + signature - Signature value -# + publicKey - Public key used for verification +# + data - The content to be verified as a byte array +# + signature - The signature value as a byte array +# + publicKey - The public key used for verification # + return - Validity of the signature or else a `crypto:Error` if the public key is invalid public isolated function verifySha384withEcdsaSignature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error = @java:Method { @@ -400,9 +400,9 @@ public isolated function verifySha384withEcdsaSignature(byte[] data, byte[] sign # boolean validity = check crypto:verifySha256withEcdsaSignature(data, signature, publicKey); # ``` # -# + data - The content to be verified -# + signature - Signature value -# + publicKey - Public key used for verification +# + data - The content to be verified as a byte array +# + signature - The signature value as a byte array +# + publicKey - The public key used for verification # + return - Validity of the signature or else a `crypto:Error` if the public key is invalid public isolated function verifySha256withEcdsaSignature(byte[] data, byte[] signature, PublicKey publicKey) returns boolean|Error = @java:Method {