Basic Cryptographic Operations

Hashing, encoding, and basic cryptographic functions

decode\hex

Decodes a hexadecimal string to a bytes native value.

hex-string hexadecimal encoded string to decode

returns native bytes object containing the decoded data

cc crypto "48656c6c6f20776f726c64" |decode\hex |type?
; returns native
cc crypto "48656c6c6f20776f726c64" |decode\hex |kind?
; returns bytes
cc crypto "invalid" |decode\hex |disarm |type?
; returns error

encode-to\hex

Encodes a bytes native value to a hexadecimal string.

bytes native bytes object to encode

returns string containing the hexadecimal representation of the bytes

cc crypto "48656c6c6f20776f726c64" |decode\hex |encode-to\hex
; returns "48656c6c6f20776f726c64"
cc crypto "Hello world" |sha512 |decode\hex |encode-to\hex |type?
; returns string

Ed25519-pub-key//To-string

Converts an Ed25519 public key to its hexadecimal string representation.

key Ed25519 public key as a native value

returns string containing the hexadecimal representation of the public key

cc crypto ed25519-generate-keys |first |to-string |type?
; returns string

Ed25519-priv-key//To-string

Converts an Ed25519 private key to its hexadecimal string representation.

key Ed25519 private key as a native value

returns string containing the hexadecimal representation of the private key

cc crypto ed25519-generate-keys |second |to-string |type?
; returns string

ed25519-generate-keys

Generates a new Ed25519 key pair and returns them in a block with public key first, then private key.

none

returns block containing [public-key, private-key] as native values

cc crypto ed25519-generate-keys |type?
; returns block
cc crypto ed25519-generate-keys |length?
; returns 2
cc crypto ed25519-generate-keys |first |type?
; returns native
cc crypto ed25519-generate-keys |first |kind?
; returns Ed25519-pub-key
cc crypto ed25519-generate-keys |second |type?
; returns native
cc crypto ed25519-generate-keys |second |kind?
; returns Ed25519-priv-key

ed25519-private-key

Creates an Ed25519 private key from a hexadecimal string or bytes value.

key-data string containing hexadecimal representation of the key or bytes native value

returns Ed25519 private key as a native value

cc crypto "invalid" |ed25519-private-key |disarm |type?
; returns error

ed25519-public-key

Creates an Ed25519 public key from a hexadecimal string or bytes value.

key-data string containing hexadecimal representation of the key or bytes native value

returns Ed25519 public key as a native value

cc crypto "invalid" |ed25519-public-key |disarm |type?
; returns error

Ed25519-priv-key//Sign

Signs a string message with an Ed25519 private key and returns the signature as bytes.

key Ed25519 private key as a native value

message string to sign

returns signature as a native bytes value

sha512

Calculates the SHA-512 hash of a string and returns the result as a hexadecimal string.

input string to hash

returns string containing the hexadecimal representation of the SHA-512 hash

cc crypto "Hello world" |sha512 |type?
; returns string
cc crypto "Hello world" |sha512 |length?
; returns 128
cc crypto "" |sha512
; returns "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"

Age

Age encryption/decryption and key generation

age-generate-keys

Generates a new age key pair (identity and recipient).

cc crypto age-generate-keys |first |type?
; returns native
cc crypto age-generate-keys |first |kind?
; returns age-identity
cc crypto age-generate-keys |second |type?
; returns native
cc crypto age-generate-keys |second |kind?
; returns age-recipient

age-identity

Creates an age identity from a string or bytes.

cc crypto age-identity "AGE-SECRET-KEY-1UMNMNLE5ADV4V0X8LRMG4GVWM3WJ7GVH6JP3J2XSRDFENLJVVX4SDLWXML" |type?
; returns native
cc crypto age-identity "AGE-SECRET-KEY-1UMNMNLE5ADV4V0X8LRMG4GVWM3WJ7GVH6JP3J2XSRDFENLJVVX4SDLWXML" |kind?
; returns age-identity
cc crypto age-identity "invalid" |disarm |type?
; returns error

age-recipient

Creates an age recipient from a string or bytes.

cc crypto age-recipient "age1zwya0qq8c824n5ncxppekrm4egk6gnvfhag6dmr87xjqaeuwlsgq68mqj4" |type?
; returns native
cc crypto age-recipient "age1zwya0qq8c824n5ncxppekrm4egk6gnvfhag6dmr87xjqaeuwlsgq68mqj4" |kind?
; returns age-recipient
cc crypto age-recipient "invalid" |disarm |type?
; returns error

age-encrypt

Encrypts a reader with age for the provided age recipient or string password and returns a reader.

cc crypto age-generate-keys |set! { identity recipient } "SUPER SECRET" |reader |age-encrypt recipient |age-decrypt identity |Read\string
; returns "SUPER SECRET"
cc crypto "SUPER SECRET" |reader |age-encrypt "password" |age-decrypt "password" |Read\string
; returns "SUPER SECRET"

age-decrypt

Decrypts a reader with age using the provided age identity or string password and returns a reader with the decrypted content.

reader encrypted data as a reader native value

identity-or-password age identity native value or password string

returns decrypted data as a reader native value

cc crypto age-generate-keys |set! { identity recipient } "SUPER SECRET" |reader |age-encrypt recipient |age-decrypt identity |Read\string
; returns "SUPER SECRET"
cc crypto "SUPER SECRET" |reader |age-encrypt "password" |age-decrypt "password" |Read\string
; returns "SUPER SECRET"

pkcs12-to-pem

Converts a PKCS#12 (.p12) file bytes to PEM blocks using the provided password. Returns a block of pem-block native values.

p12-data PKCS#12 file content as bytes native value

password string password for the PKCS#12 file

returns block containing PEM blocks as native values

pkcs12-decode

Decodes a PKCS#12 (.p12) file bytes into private key and certificates using the provided password. Returns a block with [private-key, certificates, ca-certificates].

p12-data PKCS#12 file content as bytes native value

password string password for the PKCS#12 file

returns block containing [private-key, certificates-block, ca-certificates-block] as native values

PEM Operations

PEM format encoding and decoding operations

pem-block//Block-type?

Returns the type of a PEM block as a string (e.g., 'CERTIFICATE', 'RSA PRIVATE KEY').

pem-block PEM block as a native value

returns string containing the block type (e.g., "CERTIFICATE", "RSA PRIVATE KEY")

pem-block//Headers?

Returns the headers of a PEM block as a dictionary.

pem-block PEM block as a native value

returns dictionary containing the PEM block headers

x509-parse-certificate

Parses a PEM block into an X.509 certificate native value.

pem-block PEM block as a native value containing a certificate

returns X.509 certificate as a native value

x509-certificate//Not-after?

Returns the expiration date (NotAfter) of an X.509 certificate as a time value.

certificate X.509 certificate as a native value

returns time value representing the certificate's expiration date

x509-certificate//Not-before?

Returns the start date (NotBefore) of an X.509 certificate as a time value.

certificate X.509 certificate as a native value

returns time value representing the certificate's start date

x509-certificate//Is-expired

Checks if an X.509 certificate has expired. Returns 1 if expired, 0 otherwise.

certificate X.509 certificate as a native value

returns integer 1 if the certificate has expired, 0 otherwise

generate-self-signed-certificate

Generates a self-signed X.509 certificate with a new RSA key pair.

key-size integer, must be at least 2048 bits

subject dictionary with fields like "CommonName" and "Organization"

returns block containing [certificate, private-key] as native values

encode-to-pem

Encodes a certificate and private key as PEM-formatted data.

certificate X.509 certificate as a native value

private-key RSA private key as a native value

returns block with [cert-bytes, key-bytes] as Go-bytes native values

encode-to-p12

Encodes a certificate and private key into a PKCS#12 (.p12) file with password protection.

certificate X.509 certificate as a native value

private-key RSA private key as a native value

password string password to protect the PKCS#12 file

returns PKCS#12 encoded data as Go-bytes native value

x509-certificate//Subject?

Returns the subject Distinguished Name (DN) of an X.509 certificate as a string.

certificate X.509 certificate as a native value

returns string containing the certificate's subject DN

x509-certificate//Issuer?

Returns the issuer Distinguished Name (DN) of an X.509 certificate as a string.

certificate X.509 certificate as a native value

returns string containing the certificate's issuer DN

x509-certificate//Serial-number?

Returns the serial number of an X.509 certificate as a string.

certificate X.509 certificate as a native value

returns string containing the certificate's serial number

x509-certificate//Signature-algorithm?

Returns the signature algorithm of an X.509 certificate as a string.

certificate X.509 certificate as a native value

returns string containing the certificate's signature algorithm

x509-certificate//Public-key-algorithm?

Returns the public key algorithm of an X.509 certificate as a string.

certificate X.509 certificate as a native value

returns string containing the certificate's public key algorithm

x509-certificate//Key-usage?

Returns the key usage flags of an X.509 certificate as a block of strings.

certificate X.509 certificate as a native value

returns block containing strings of key usage flags

x509-certificate//Extended-key-usage?

Returns the extended key usage flags of an X.509 certificate as a block of strings.

certificate X.509 certificate as a native value

returns block containing strings of extended key usage flags

x509-certificate//Dns-names?

Returns the DNS names from Subject Alternative Names of an X.509 certificate as a block of strings.

certificate X.509 certificate as a native value

returns block containing DNS names from Subject Alternative Names

x509-certificate//Ip-addresses?

Returns the IP addresses from Subject Alternative Names of an X.509 certificate as a block of strings.

certificate X.509 certificate as a native value

returns block containing IP addresses from Subject Alternative Names

x509-certificate//Email-addresses?

Returns the email addresses from Subject Alternative Names of an X.509 certificate as a block of strings.

certificate X.509 certificate as a native value

returns block containing email addresses from Subject Alternative Names

x509-certificate//To-pem

Converts an X.509 certificate to PEM-encoded string format.

certificate X.509 certificate as a native value

returns string containing the PEM-encoded certificate

private-key//Type?

Returns the type of a private key as a string.

private-key private key as a native value

returns string containing the type of the private key (e.g., "*rsa.PrivateKey", "*ecdsa.PrivateKey")

x509-certificate//To-dict

Converts an X.509 certificate to a dictionary containing all certificate information for easy display and manipulation.

certificate X.509 certificate as a native value

returns dictionary containing all certificate information

Default