<doc> <legacy_id></legacy_id> <name>decrypt using rsa</name> <type>command</type> <syntax> <example>decrypt <i>source</i> using rsa with {public | private} key <i>key</i> [and passphrase <i>passphrase </i>]</example> </syntax> <synonyms> </synonyms> <summary></summary> <examples><example>decrypt tMessage with public key tPublicKey</example><example>decrypt field 1 with private key tPrivateKey</example> </examples> <history> <introduced version="4.6">Added.</introduced> <deprecated version=""></deprecated> <removed version=""></removed> <experimental version=""></experimental> <nonexperimental version=""></nonexperimental> </history> <objects> </objects> <platforms> <mac/> <windows/> <linux/> <ios/> <android/> </platforms> <classes> <desktop/> <server/> <web/> <mobile/> </classes> <security> <network/> </security> <classification> </classification> <references> <command tag="encrypt">encrypt Command</command> <command tag="decrypt">decrypt Command</command> <command tag="encrypt using rsa">encrypt using rsa Command</command> </references> <description> <overview>Use the <b>decrypt using rsa</b> command to decrypt a message using RSA public key encryption.</overview> <parameters> <parameter>The <i>message</i> is the message to be decrypted</parameter> <parameter>The <i>key</i> is the key to be used for the decryption, in PEM format</parameter> <parameter>The <i>passphrase </i>is an optional passphrase</parameter> </parameters> <value></value> <comments>Use the form<p>&#9;decrypt <i>message</i> with private key <i>key</i></p><p>to decode a message that a sender has encrypted with its corresponding public key.</p><p></p><p>Use the form</p><p>&#9;decrypt <i>message</i> with public key <i>key</i></p><p>to verify that a message has been encoded with the corresponding private key, and there has come from one of its holders (this is a verify operation).</p><p></p><p><b>Generating key pairs</b></p><p>Public-private key pairs can be generated using the OpenSSL suite of command-line tools. For example:</p><p>&#9;openssl genrsa -out private_key.pem 512</p><p>&#9;openssl rsa -pubout -in private_key.pem -out public_key.pem</p><p>Will generate a key pair of size 512-bits, placing the private key in private_key.pem and the public key in public_key.pem.</p><p></p><p>For more information on these utilities see http://www.openssl.org/docs/apps/rsa.html and http://www.openssl.org/docs/apps/genrsa.html.</p></comments> </description></doc>

<doc> <legacy_id>1559</legacy_id> <name>decrypt</name> <type>command</type> <syntax> <example>decrypt <i>source</i> using <i>cipher</i> with [password|key] <i>passorkey </i>[and salt saltvalue] [and IV <i>IVvalue</i>] [at <i>bitvalue</i> bit]</example> </syntax> <synonyms> </synonyms> <summary></summary> <examples> </examples> <history> <introduced version="2.5">Added.</introduced> <deprecated version=""></deprecated> <removed version=""></removed> <experimental version=""></experimental> <nonexperimental version=""></nonexperimental> </history> <objects> </objects> <platforms> <mac/> <windows/> <linux/> <ios/> <android/> </platforms> <classes> <desktop/> <server/> <web/> <mobile/> </classes> <security> <network/> </security> <classification> </classification> <references> <command tag="encrypt">encrypt Command</command> </references> <description> <overview></overview> <parameters> </parameters> <value>On failure encrypt/decrypt set <b>the result</b> to the appropriate ssl error message. On success the variable <i>it</i> will contain the encrypted or decrypted data.</value> <comments>The encrypt and decrypt commands accept the source data that will be encrypted or decrypted. The cipher is the name of the cipher obtained using the ciphernames function. The passorkey specifies the password or key that will be use for encryption or decryption as determined by the keyword before it. If you specify key then the key needs to be the same size (in bits, eight per byte) as the specified cipher key length. The key may optionally be accompanied by the IVvalue used by some ciphers. If you specify password or don't specify a key mode, then a password, tyically text, will be used. The password may optionally be accompanied by a saltvalue. The bits specifies the key length in bits (for example, 64, 128, 192 or 256) and may be zero or empty for the default length (that listed with the cipherNames function). Some ciphers have fixed key lengths and using an unsupported value will result in an error.<p></p><p>The key and IV value are the fundamental determiner in block ciphers. The IV value is typically the width (in bits) of the block associated with the cipher. The default value is zero. Its use is beyond the scope of this documentation.</p><p></p><p>The password and salt value are combined and scrambled to form the key and IV which are used as described above. The key derivation process is the same as that used in the openSSL utility. A 16-byte salt prefix is prepended to the encrypted data, based on the salt value. This is used in decryption. If no salt value is specified for a password, one is randomly generated. The use of a randomized salt value is a protection against dictionary attacks.</p><p></p><p>Some modes of block ciphers will pad data to be a multiple of block size. The padding method is that used by the openSSL utility and is a minimum of one byte.</p><p></p><p>To use OpenSSL functionality with LiveCode, make sure that the openssl shared library is installed, and in a place where LiveCode can find it. It is pre-installed with OSX. You can download and build OpenSSL at www.openssl.org and sitribute with your apps. LiveCode includes a prebuilt openssl dll which is required to use OpenSSL for windows (libeay32.dll) which needs to be in the application, current, or system directory. If LiveCode cannot load SSL, it will return the error in the result "ssl library not found".</p><p></p><p></p><p></p><p></p><important> The decryptcommand is part of the SSL &amp; Encryption library. To ensure that the command works in a standalone application, you must include this custom library when you create your standalone. In the Inclusions section on the General screen of the Standalone Application Settings window, make sure "SSL &amp; Encryption" is selected in the list of script libraries.</important></comments> </description></doc>

<doc> <legacy_id></legacy_id> <name>encrypt using rsa</name> <type>command</type> <syntax> <example>encrypt <i>source</i> using rsa with {public | private} key <i>key</i> [and passphrase <i>passphrase</i>]</example> </syntax> <synonyms> </synonyms> <summary>Encrypt data using the RSA algorithm.</summary> <examples><example>encrypt myMessage with public key myKey</example><example>encrypt thisMessage with private key privateKey</example> </examples> <history> <introduced version="4.6">Added.</introduced> <deprecated version=""></deprecated> <removed version=""></removed> <experimental version=""></experimental> <nonexperimental version=""></nonexperimental> </history> <objects> </objects> <platforms> <mac/> <windows/> <linux/> <ios/> <android/> </platforms> <classes> <desktop/> <server/> <web/> <mobile/> </classes> <security> <network/> </security> <classification> </classification> <references> <command tag="decrypt">decrypt Command</command> <command tag="encrypt">encrypt Command</command> <command tag="decrypt using rsa">decrypt using rsa Command</command> </references> <description> <overview>Use the <b>encrypt using rsa</b> command to encrypt a message using RSA public key encryption.</overview> <parameters> <parameter>The <i>message</i> is the message to be encrypted</parameter> <parameter>The <i>key</i> is the key to be used for the encryption, in PEM format</parameter> <parameter>The <i>passphrase </i>is an optional passphrase</parameter> </parameters> <value></value> <comments>Use the form <p><b>&#9;</b>encrypt <i>message</i> with public key <i>key</i></p><p>to encode a message that you only want to be decoded by the holder of the private key.</p><p></p><p>Use the form </p><p>&#9;encrypt <i>message</i> with private key <i>key</i></p><p>to encode a message that a receiver can then verify has come from one of the holders of the private key (this is a signing operation).</p><p></p><p><b>Generating key pairs</b></p><p>Public-private key pairs can be generated using the OpenSSL suite of command-line tools. For example:</p><p>&#9;openssl genrsa -out private_key.pem 512</p><p>&#9;openssl rsa -pubout -in private_key.pem -out public_key.pem</p><p>Will generate a key pair of size 512-bits, placing the private key in private_key.pem and the public key in public_key.pem.</p><p></p><p>For more information on these utilities see http://www.openssl.org/docs/apps/rsa.html and http://www.openssl.org/docs/apps/genrsa.html.</p><p></p><p></p><p></p><note> The maximum length of a message that can be encrypted using RSA is the size of the key in bytes -11. So, for a 512-bit key pair, the maximum encryptable message size is 53 bytes.</note><p></p><p>For signing, the maximum length of an encryptable message isn't really an issue since typically in that scenario it will be some sort of hash that would be being encrypted. For the more traditional encrypting scenario, however, the standard approach is to use public key cryptography to encrypt a random password which is then used with a symmetric cipher to actually encrypt the payload.</p></comments> </description></doc>