rsa

RSA cryptographic operations for Kit using OpenSSL

Files

Dependencies

• base64

Installation

kit add gitlab.com/kit-lang/packages/kit-rsa.git

Usage

import Kit.Rsa

License

MIT License - see LICENSE for details.

Exported Functions & Types

RSAError

RSA error type with specific variants for different failure modes.

sign-sha256

Sign data with RSA-SHA256 (RS256).

Creates a digital signature using the RSA-SHA256 algorithm. This is the standard algorithm used for JWT RS256 tokens.

Parameters:

• pem-key (String) - RSA private key in PEM format
• data (String) - Data to sign

Returns: Result String RSAError:- Ok signature: Base64url-encoded signature (suitable for JWT)- Err RSAError: Error with details about what went wrong

String -> String -> Result String RSAError

pem-key = File.read "private-key.pem"
data = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0"
match sign-sha256 pem-key data
  | Ok signature -> print "Signature: ${signature}"
  | Err e -> print "Error: ${Show.show e}"

sign-sha384

Sign data with RSA-SHA384 (RS384).

Creates a digital signature using the RSA-SHA384 algorithm. This provides a higher security margin than RS256.

Parameters:

• pem-key (String) - RSA private key in PEM format
• data (String) - Data to sign

Returns: Result String RSAError:- Ok signature: Base64url-encoded signature (suitable for JWT)- Err RSAError: Error with details about what went wrong

String -> String -> Result String RSAError

match sign-sha384 pem-key data
  | Ok signature -> print signature
  | Err e -> print "Error: ${Show.show e}"

sign-sha512

Sign data with RSA-SHA512 (RS512).

Creates a digital signature using the RSA-SHA512 algorithm. This provides the highest security margin among the RS* algorithms.

Parameters:

• pem-key (String) - RSA private key in PEM format
• data (String) - Data to sign

Returns: Result String RSAError:- Ok signature: Base64url-encoded signature (suitable for JWT)- Err RSAError: Error with details about what went wrong

String -> String -> Result String RSAError

match sign-sha512 pem-key data
  | Ok signature -> print signature
  | Err e -> print "Error: ${Show.show e}"

verify-sha256

Verify data with RSA-SHA256 (RS256).

Verifies a digital signature using the RSA-SHA256 algorithm. This is the standard algorithm used for JWT RS256 token verification.

Parameters:

• pem-key (String) - RSA public key in PEM format
• data (String) - Data that was signed
• signature (String) - Base64url-encoded signature to verify

Returns: Result Bool RSAError:- Ok true: Signature is valid- Ok false: Signature is invalid- Err RSAError: Error during verification (e.g., invalid key format)

String -> String -> String -> Result Bool RSAError

public-key = File.read "public-key.pem"
data = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0"
signature = "..."
match verify-sha256 public-key data signature
  | Ok true -> print "Valid signature"
  | Ok false -> print "Invalid signature"
  | Err e -> print "Error: ${Show.show e}"

verify-sha384

Verify data with RSA-SHA384 (RS384).

Verifies a digital signature using the RSA-SHA384 algorithm.

Parameters:

• pem-key (String) - RSA public key in PEM format
• data (String) - Data that was signed
• signature (String) - Base64url-encoded signature to verify

Returns: Result Bool RSAError:- Ok true: Signature is valid- Ok false: Signature is invalid- Err RSAError: Error during verification

String -> String -> String -> Result Bool RSAError

verify-sha512

Verify data with RSA-SHA512 (RS512).

Verifies a digital signature using the RSA-SHA512 algorithm.

Parameters:

• pem-key (String) - RSA public key in PEM format
• data (String) - Data that was signed
• signature (String) - Base64url-encoded signature to verify

Returns: Result Bool RSAError:- Ok true: Signature is valid- Ok false: Signature is invalid- Err RSAError: Error during verification

String -> String -> String -> Result Bool RSAError