Basic Cryptographic Operations
Hashing, encoding, and basic cryptographic functions
decode\hex
Decodes a hexadecimal string to a bytes native value.
hex-string hexadecimal encoded string to decode
returns native bytes object containing the decoded data
cc crypto "48656c6c6f20776f726c64" |decode\hex |type?
; returns nativecc crypto "48656c6c6f20776f726c64" |decode\hex |kind?
; returns bytescc crypto "invalid" |decode\hex |disarm |type?
; returns errorencode-to\hex
Encodes a bytes native value to a hexadecimal string.
bytes native bytes object to encode
returns string containing the hexadecimal representation of the bytes
cc crypto "48656c6c6f20776f726c64" |decode\hex |encode-to\hex
; returns "48656c6c6f20776f726c64"cc crypto "Hello world" |sha512 |decode\hex |encode-to\hex |type?
; returns stringEd25519-pub-key//To-string
Converts an Ed25519 public key to its hexadecimal string representation.
key Ed25519 public key as a native value
returns string containing the hexadecimal representation of the public key
cc crypto ed25519-generate-keys |first |to-string |type?
; returns stringEd25519-priv-key//To-string
Converts an Ed25519 private key to its hexadecimal string representation.
key Ed25519 private key as a native value
returns string containing the hexadecimal representation of the private key
cc crypto ed25519-generate-keys |second |to-string |type?
; returns stringed25519-generate-keys
Generates a new Ed25519 key pair and returns them in a block with public key first, then private key.
none
returns block containing [public-key, private-key] as native values
cc crypto ed25519-generate-keys |type?
; returns blockcc crypto ed25519-generate-keys |length?
; returns 2cc crypto ed25519-generate-keys |first |type?
; returns nativecc crypto ed25519-generate-keys |first |kind?
; returns Ed25519-pub-keycc crypto ed25519-generate-keys |second |type?
; returns nativecc crypto ed25519-generate-keys |second |kind?
; returns Ed25519-priv-keyed25519-private-key
Creates an Ed25519 private key from a hexadecimal string or bytes value.
key-data string containing hexadecimal representation of the key or bytes native value
returns Ed25519 private key as a native value
cc crypto "invalid" |ed25519-private-key |disarm |type?
; returns errored25519-public-key
Creates an Ed25519 public key from a hexadecimal string or bytes value.
key-data string containing hexadecimal representation of the key or bytes native value
returns Ed25519 public key as a native value
cc crypto "invalid" |ed25519-public-key |disarm |type?
; returns errorEd25519-priv-key//Sign
Signs a string message with an Ed25519 private key and returns the signature as bytes.
key Ed25519 private key as a native value
message string to sign
returns signature as a native bytes value
sha512
Calculates the SHA-512 hash of a string and returns the result as a hexadecimal string.
input string to hash
returns string containing the hexadecimal representation of the SHA-512 hash
cc crypto "Hello world" |sha512 |type?
; returns stringcc crypto "Hello world" |sha512 |length?
; returns 128cc crypto "" |sha512
; returns "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"Age
Age encryption/decryption and key generation
age-generate-keys
Generates a new age key pair (identity and recipient).
cc crypto age-generate-keys |first |type?
; returns nativecc crypto age-generate-keys |first |kind?
; returns age-identitycc crypto age-generate-keys |second |type?
; returns nativecc crypto age-generate-keys |second |kind?
; returns age-recipientage-identity
Creates an age identity from a string or bytes.
cc crypto age-identity "AGE-SECRET-KEY-1UMNMNLE5ADV4V0X8LRMG4GVWM3WJ7GVH6JP3J2XSRDFENLJVVX4SDLWXML" |type?
; returns nativecc crypto age-identity "AGE-SECRET-KEY-1UMNMNLE5ADV4V0X8LRMG4GVWM3WJ7GVH6JP3J2XSRDFENLJVVX4SDLWXML" |kind?
; returns age-identitycc crypto age-identity "invalid" |disarm |type?
; returns errorage-recipient
Creates an age recipient from a string or bytes.
cc crypto age-recipient "age1zwya0qq8c824n5ncxppekrm4egk6gnvfhag6dmr87xjqaeuwlsgq68mqj4" |type?
; returns nativecc crypto age-recipient "age1zwya0qq8c824n5ncxppekrm4egk6gnvfhag6dmr87xjqaeuwlsgq68mqj4" |kind?
; returns age-recipientcc crypto age-recipient "invalid" |disarm |type?
; returns errorage-encrypt
Encrypts a reader with age for the provided age recipient or string password and returns a reader.
cc crypto age-generate-keys |set! { identity recipient } "SUPER SECRET" |reader |age-encrypt recipient |age-decrypt identity |Read\string
; returns "SUPER SECRET"cc crypto "SUPER SECRET" |reader |age-encrypt "password" |age-decrypt "password" |Read\string
; returns "SUPER SECRET"age-decrypt
Decrypts a reader with age using the provided age identity or string password and returns a reader with the decrypted content.
reader encrypted data as a reader native value
identity-or-password age identity native value or password string
returns decrypted data as a reader native value
cc crypto age-generate-keys |set! { identity recipient } "SUPER SECRET" |reader |age-encrypt recipient |age-decrypt identity |Read\string
; returns "SUPER SECRET"cc crypto "SUPER SECRET" |reader |age-encrypt "password" |age-decrypt "password" |Read\string
; returns "SUPER SECRET"pkcs12-to-pem
Converts a PKCS#12 (.p12) file bytes to PEM blocks using the provided password. Returns a block of pem-block native values.
p12-data PKCS#12 file content as bytes native value
password string password for the PKCS#12 file
returns block containing PEM blocks as native values
pkcs12-decode
Decodes a PKCS#12 (.p12) file bytes into private key and certificates using the provided password. Returns a block with [private-key, certificates, ca-certificates].
p12-data PKCS#12 file content as bytes native value
password string password for the PKCS#12 file
returns block containing [private-key, certificates-block, ca-certificates-block] as native values
PEM Operations
PEM format encoding and decoding operations
pem-block//Block-type?
Returns the type of a PEM block as a string (e.g., 'CERTIFICATE', 'RSA PRIVATE KEY').
pem-block PEM block as a native value
returns string containing the block type (e.g., "CERTIFICATE", "RSA PRIVATE KEY")
pem-block//Headers?
Returns the headers of a PEM block as a dictionary.
pem-block PEM block as a native value
returns dictionary containing the PEM block headers
x509-parse-certificate
Parses a PEM block into an X.509 certificate native value.
pem-block PEM block as a native value containing a certificate
returns X.509 certificate as a native value
x509-certificate//Not-after?
Returns the expiration date (NotAfter) of an X.509 certificate as a time value.
certificate X.509 certificate as a native value
returns time value representing the certificate's expiration date
x509-certificate//Not-before?
Returns the start date (NotBefore) of an X.509 certificate as a time value.
certificate X.509 certificate as a native value
returns time value representing the certificate's start date
x509-certificate//Is-expired
Checks if an X.509 certificate has expired. Returns 1 if expired, 0 otherwise.
certificate X.509 certificate as a native value
returns integer 1 if the certificate has expired, 0 otherwise
generate-self-signed-certificate
Generates a self-signed X.509 certificate with a new RSA key pair.
key-size integer, must be at least 2048 bits
subject dictionary with fields like "CommonName" and "Organization"
returns block containing [certificate, private-key] as native values
encode-to-pem
Encodes a certificate and private key as PEM-formatted data.
certificate X.509 certificate as a native value
private-key RSA private key as a native value
returns block with [cert-bytes, key-bytes] as Go-bytes native values
encode-to-p12
Encodes a certificate and private key into a PKCS#12 (.p12) file with password protection.
certificate X.509 certificate as a native value
private-key RSA private key as a native value
password string password to protect the PKCS#12 file
returns PKCS#12 encoded data as Go-bytes native value
x509-certificate//Subject?
Returns the subject Distinguished Name (DN) of an X.509 certificate as a string.
certificate X.509 certificate as a native value
returns string containing the certificate's subject DN
x509-certificate//Issuer?
Returns the issuer Distinguished Name (DN) of an X.509 certificate as a string.
certificate X.509 certificate as a native value
returns string containing the certificate's issuer DN
x509-certificate//Serial-number?
Returns the serial number of an X.509 certificate as a string.
certificate X.509 certificate as a native value
returns string containing the certificate's serial number
x509-certificate//Signature-algorithm?
Returns the signature algorithm of an X.509 certificate as a string.
certificate X.509 certificate as a native value
returns string containing the certificate's signature algorithm
x509-certificate//Public-key-algorithm?
Returns the public key algorithm of an X.509 certificate as a string.
certificate X.509 certificate as a native value
returns string containing the certificate's public key algorithm
x509-certificate//Key-usage?
Returns the key usage flags of an X.509 certificate as a block of strings.
certificate X.509 certificate as a native value
returns block containing strings of key usage flags
x509-certificate//Extended-key-usage?
Returns the extended key usage flags of an X.509 certificate as a block of strings.
certificate X.509 certificate as a native value
returns block containing strings of extended key usage flags
x509-certificate//Dns-names?
Returns the DNS names from Subject Alternative Names of an X.509 certificate as a block of strings.
certificate X.509 certificate as a native value
returns block containing DNS names from Subject Alternative Names
x509-certificate//Ip-addresses?
Returns the IP addresses from Subject Alternative Names of an X.509 certificate as a block of strings.
certificate X.509 certificate as a native value
returns block containing IP addresses from Subject Alternative Names
x509-certificate//Email-addresses?
Returns the email addresses from Subject Alternative Names of an X.509 certificate as a block of strings.
certificate X.509 certificate as a native value
returns block containing email addresses from Subject Alternative Names
x509-certificate//To-pem
Converts an X.509 certificate to PEM-encoded string format.
certificate X.509 certificate as a native value
returns string containing the PEM-encoded certificate
private-key//Type?
Returns the type of a private key as a string.
private-key private key as a native value
returns string containing the type of the private key (e.g., "*rsa.PrivateKey", "*ecdsa.PrivateKey")
x509-certificate//To-dict
Converts an X.509 certificate to a dictionary containing all certificate information for easy display and manipulation.
certificate X.509 certificate as a native value
returns dictionary containing all certificate information