Cryptographic primitives and utilities built on WolfSSL. Provides encoding/decoding (hex, base64, base64url), hashing (SHA-256, HMAC), ECC P-256 and Ed25519 key generation, signing, and verification, as well as X.509 certificate parsing and CSR generation.
| Name | Signature |
|---|---|
bin_to_hex | bin_to_hex(bin) -> hex |
hex_to_bin | hex_to_bin(hex) -> bin |
sha1 | sha1(data) -> hash |
sha256 | sha256(data) -> hash |
hmac | hmac(secret, msg) -> mac |
b64_encode | b64_encode(str) -> encoded |
b64_decode | b64_decode(str) -> decoded |
b64url_encode | b64url_encode(str) -> encoded |
b64url_decode | b64url_decode(str) -> decoded |
b64url_encode_json | b64url_encode_json(tbl) -> encoded |
ecc_generate_key | ecc_generate_key() -> key_obj |
ecc_save_key | ecc_save_key(key_obj, key_file) -> ok, err |
ecc_load_key | ecc_load_key(key_file) -> key_obj, err |
ecc_sign | ecc_sign(key, pub_key, msg) -> sig, err |
ecc_verify | ecc_verify(pub_key, msg, sig) -> ok, err |
ed25519_generate_key | ed25519_generate_key() -> private_key, public_key |
ed25519_sign | ed25519_sign(key, msg) -> sig, err |
ed25519_verify | ed25519_verify(pub_key, msg, sig) -> ok, err |
generate_csr | generate_csr(key, pub_key, domain, alt_names) -> csr, err |
der_to_pem_ecc_key | der_to_pem_ecc_key(key_obj) -> pem, err |
parse_x509_cert | parse_x509_cert(cert) -> cert_info, err |
bin_to_hex(
bin) ->hex
Convert a binary string to its hexadecimal representation
hex_to_bin(
hex) ->bin
Convert a hexadecimal string to binary
sha1(
data) ->hash
Compute SHA-1 hash of data
sha256(
data) ->hash
Compute SHA-256 hash of data
hmac(
secret,msg) ->mac
Compute HMAC-SHA256
b64_encode(
str) ->encoded
Encode a string to base64
b64_decode(
str) ->decoded
Decode a base64-encoded string
b64url_encode(
str) ->encoded
Encode a string to base64url (URL-safe, no padding)
b64url_decode(
str) ->decoded
Decode a base64url-encoded string
b64url_encode_json(
tbl) ->encoded
JSON-encode a table and base64url-encode the result
ecc_generate_key() ->
key_obj
Generate an ECC P-256 key pair
Returns a key object table with raw binary string fields:
private (scalar d), public (uncompressed point),
x (32-byte affine x), y (32-byte affine y).
ecc_save_key(
key_obj,key_file) ->ok,err
Save an ECC key object to a file in JWK format
Serializes the key object to JSON with base64url-encoded fields
(x, y, d, pub) and an optional kid field, then writes
the result to the given file path.
ecc_load_key(
key_file) ->key_obj,err
Load an ECC key object from a JWK file
Reads a JWK JSON file written by ecc_save_key and returns a key
object table with raw binary fields: private, public, x, y,
and optionally kid.
ecc_sign(
key,pub_key,msg) ->sig,err
Sign a message using an ECC P-256 private key
All arguments are raw binary strings. key is the private scalar,
pub_key is the uncompressed public point. Returns a 64-byte
signature in r||s format (32 bytes each, big-endian).
ecc_verify(
pub_key,msg,sig) ->ok,err
Verify an ECC P-256 signature
Counterpart to ecc_sign. pub_key is the raw uncompressed public
point, sig is the 64-byte r||s signature. Returns true on success,
nil and an error message on failure.
ed25519_generate_key() ->
private_key,public_key
Generate an Ed25519 key pair
ed25519_sign(
key,msg) ->sig,err
Sign a message using an Ed25519 private key
ed25519_verify(
pub_key,msg,sig) ->ok,err
Verify an Ed25519 signature
generate_csr(
key,pub_key,domain,alt_names) ->csr,err
Generate a PKCS#10 certificate signing request
Creates a DER-encoded CSR for the given domain using raw binary ECC
key material. alt_names, when provided, is an array of additional
DNS names to include as Subject Alternative Names.
der_to_pem_ecc_key(
key_obj) ->pem,err
Convert an ECC key object from DER to PEM format
Accepts a key object table with private and public raw binary
fields (as returned by ecc_generate_key) and returns a
PEM-encoded EC private key string.
parse_x509_cert(
cert) ->cert_info,err
Parse an X.509 certificate
Accepts a certificate in PEM or DER format. PEM armor is stripped automatically. Returns a table with certificate fields such as subject, issuer, serial, validity dates, and extensions.