HsOpenSSL is an OpenSSL binding for Haskell. It can generate RSA and
DSA keys, read and write PEM files, generate message digests, sign and
verify messages, encrypt and decrypt messages. It has also some
capabilities of creating SSL clients and servers. This package is in
production use by a number of Haskell based systems and stable.
This library implements the RSA encryption and signature algorithms for
arbitrarily-sized ByteStrings. While the implementations work, they are
not necessarily the fastest ones on the planet. Particularly key generation.
The algorithms included are based of RFC 3447, or the Public-Key Cryptography
Standard for RSA, version 2.1 (a.k.a, PKCS#1 v2.1).
This library implements the SHA suite of message digest functions, according
to NIST FIPS 180-2 (with the SHA-224 addendum), as well as the SHA-based
HMAC routines. The functions have been tested against most of the NIST
and RFC test vectors for the various functions. While some attention has
been paid to performance, these do not presently reach the speed of
well-tuned libraries, like OpenSSL.
Certificates and Key reader/writer. At the moment only X509 certificate
and unencrypted private key are supported, but will include PGP
certificate and pkcs8 private keys.
Fast AES cipher implementation with advanced mode of operations. The modes
of operations available are ECB (Electronic code book), CBC (Cipher block
chaining), CTR (Counter), XTS (XEX with ciphertext stealing), GCM (Galois
Counter Mode). The AES implementation uses AES-NI when available (on x86
and x86-64 architecture), but fallback gracefully to a software C
implementation. The software implementation uses S-Boxes, which might
suffer for cache timing issues. However do notes that most other known
software implementations, including very popular one (openssl, gnutls)
also uses same implementation. If it matters for your case, you should
make sure you have AES-NI available, or you'll need to use a different
implementation.
Cipher-aes128 is an implementation of AES and common modes of operation.
It borrows Hanquez's C AES code (see 'cipher-aes') but is unique due to
including compile-time detection of NI compiler support, a slightly more
functional interface for GCM operations, exposure of 'Ptr' based
operations via the .Internal module, and build-in crypto-api support.
Cipher-aes128 was originally developed as "'cipher-aes' plus
trampolines", which has since been adopted into cipher-aes.
Blowfish cipher primitives.
Camellia block cipher primitives.
Fast RC4 cipher implementation.