import ballerina/crypto;
import ballerina/io;
import ballerina/lang.'string;
import ballerina/math;public function main() returns error? {
    string input = "Hello Ballerina!";
    byte[] inputArr = input.toBytes();
    byte[] output = crypto:hashMd5(inputArr);
    io:println("Hex encoded hash with MD5: " + output.toBase16());
    output = crypto:hashSha1(inputArr);
    io:println("Base64 encoded hash with SHA1: " + output.toBase64());
    output = crypto:hashSha256(inputArr);
    io:println("Hex encoded hash with SHA256: " + output.toBase16());
    output = crypto:hashSha384(inputArr);
    io:println("Base64 encoded hash with SHA384: " + output.toBase64());
    output = crypto:hashSha512(inputArr);
    io:println("Hex encoded hash with SHA512: " + output.toBase16());
    string key = "somesecret";
    byte[] keyArr = key.toBytes();
    output = crypto:hmacMd5(inputArr, keyArr);
    io:println("Hex encoded HMAC with MD5: " + output.toBase16());
    output = crypto:hmacSha1(inputArr, keyArr);
    io:println("Base64 encoded HMAC with SHA1: " + output.toBase64());
    output = crypto:hmacSha256(inputArr, keyArr);
    io:println("Hex encoded HMAC with SHA256: " + output.toBase16());
    output = crypto:hmacSha384(inputArr, keyArr);
    io:println("Base64 encoded HMAC with SHA384: " + output.toBase64());
    output = crypto:hmacSha512(inputArr, keyArr);
    io:println("Hex encoded HMAC with SHA512: " + output.toBase16());
    io:println("CRC32B for text: " + crypto:crc32b(inputArr));
    xml xmlContent = xml `<foo>Hello Ballerina</foo>`;
    io:println("CRC32 for xml content: " + crypto:crc32b(xmlContent.toString().toBytes()));
    crypto:KeyStore keyStore = {path: "./sampleKeystore.p12", password: "ballerina"};
    var privateKey = crypto:decodePrivateKey(keyStore, "ballerina", "ballerina");    if (privateKey is crypto:PrivateKey) {
        output = check crypto:signRsaMd5(inputArr, privateKey);
        io:println("Hex encoded RSA-MD5 signature: " + output.toBase16());
        output = check crypto:signRsaSha1(inputArr, privateKey);
        io:println("Base64 encoded RSA-SHA1 signature: " + output.toBase64());
        output = check crypto:signRsaSha256(inputArr, privateKey);
        io:println("Hex encoded RSA-SHA256 signature: " + output.toBase16());
        output = check crypto:signRsaSha384(inputArr, privateKey);
        io:println("Base64 encoded RSA-SHA384 signature: " + output.toBase64());
        output = check crypto:signRsaSha512(inputArr, privateKey);
        io:println("Hex encoded RSA-SHA512 signature: " + output.toBase16());
    } else {
        io:println("Invalid private key");
    }
     byte[16] rsaKeyArr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
     foreach var i in 0 ... 15 {
        rsaKeyArr[i] = <byte>(math:randomInRange(0, 255));
     }
     byte[16] ivArr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
     foreach var i in 0 ... 15 {
        ivArr[i] = <byte>(math:randomInRange(0, 255));
     }
     output = check crypto:encryptAesCbc(inputArr, rsaKeyArr, ivArr);
     output = check crypto:decryptAesCbc(output, rsaKeyArr, ivArr);
     io:println("AES CBC PKCS5 decrypted value: " + check 'string:fromBytes(output));
     output = check crypto:encryptAesCbc(inputArr, rsaKeyArr, ivArr, crypto:NONE);
     output = check crypto:decryptAesCbc(output, rsaKeyArr, ivArr, crypto:NONE);
     io:println("AES CBC no padding decrypted value: " + check 'string:fromBytes(output));
     output = check crypto:encryptAesGcm(inputArr, rsaKeyArr, ivArr);
     output = check crypto:decryptAesGcm(output, rsaKeyArr, ivArr);
     io:println("AES GCM PKCS5 decrypted value: " + check 'string:fromBytes(output));
     output = check crypto:encryptAesGcm(inputArr, rsaKeyArr, ivArr, crypto:NONE);
     output = check crypto:decryptAesGcm(output, rsaKeyArr, ivArr, crypto:NONE);
     io:println("AES GCM no padding decrypted value: " + check 'string:fromBytes(output));
     output = check crypto:encryptAesEcb(inputArr, rsaKeyArr);
     output = check crypto:decryptAesEcb(output, rsaKeyArr);
     io:println("AES ECB PKCS5 decrypted value: " + check 'string:fromBytes(output));
     output = check crypto:encryptAesEcb(inputArr, rsaKeyArr, crypto:NONE);
     output = check crypto:decryptAesEcb(output, rsaKeyArr, crypto:NONE);
     io:println("AES ECB no padding decrypted value: " + check 'string:fromBytes(output));
     crypto:PublicKey rsaPublicKey = check crypto:decodePublicKey(keyStore, "ballerina");
     crypto:PrivateKey rsaPrivateKey = check crypto:decodePrivateKey(keyStore, "ballerina",
                                                                    "ballerina");
     output = check crypto:encryptRsaEcb(inputArr, rsaPublicKey);
     output = check crypto:decryptRsaEcb(output, rsaPrivateKey);
     io:println("RSA ECB PKCS1 decrypted value: " + check 'string:fromBytes(output));
     output = check crypto:encryptRsaEcb(inputArr, rsaPublicKey,
                                         crypto:OAEPwithSHA512andMGF1);
     output = check crypto:decryptRsaEcb(output, rsaPrivateKey,
                                         crypto:OAEPwithSHA512andMGF1);
     io:println("RSA ECB OAEPwithSHA512andMGF1 decrypted value: " +
                check 'string:fromBytes(output));
}

Cryptographic Operations

The crypto stdlib provides functions usable to perform different cryptographic operations such as hashing, HMAC generation, checksum generation and digitally signing data.

 
import ballerina/crypto;
import ballerina/io;
import ballerina/lang.'string;
import ballerina/math;

public function main() returns error? {

    string input = "Hello Ballerina!";
    byte[] inputArr = input.toBytes();

Input value for crypto operations.

 
    byte[] output = crypto:hashMd5(inputArr);
    io:println("Hex encoded hash with MD5: " + output.toBase16());

Hashing input value using MD5 hashing algorithm, and printing hash value using Hex encoding.

 
    output = crypto:hashSha1(inputArr);
    io:println("Base64 encoded hash with SHA1: " + output.toBase64());

Hashing input value using SHA1 hashing algorithm, and printing hash value using Base64 encoding.

 
    output = crypto:hashSha256(inputArr);
    io:println("Hex encoded hash with SHA256: " + output.toBase16());

Hashing input value using SHA256 hashing algorithm, and printing hash value using Hex encoding.

 
    output = crypto:hashSha384(inputArr);
    io:println("Base64 encoded hash with SHA384: " + output.toBase64());

Hashing input value using SHA384 hashing algorithm, and printing hash value using Base64 encoding.

 
    output = crypto:hashSha512(inputArr);
    io:println("Hex encoded hash with SHA512: " + output.toBase16());

Hashing input value using SHA512 hashing algorithm, and printing hash value using Hex encoding.

 
    string key = "somesecret";
    byte[] keyArr = key.toBytes();

The key used for HMAC generation.

 
    output = crypto:hmacMd5(inputArr, keyArr);
    io:println("Hex encoded HMAC with MD5: " + output.toBase16());

HMAC generation for input value using MD5 hashing algorithm, and printing HMAC value using Hex encoding.

 
    output = crypto:hmacSha1(inputArr, keyArr);
    io:println("Base64 encoded HMAC with SHA1: " + output.toBase64());

HMAC generation for input value using SHA1 hashing algorithm, and printing HMAC value using Base64 encoding.

 
    output = crypto:hmacSha256(inputArr, keyArr);
    io:println("Hex encoded HMAC with SHA256: " + output.toBase16());

HMAC generation for input value using SHA256 hashing algorithm, and printing HMAC value using Hex encoding.

 
    output = crypto:hmacSha384(inputArr, keyArr);
    io:println("Base64 encoded HMAC with SHA384: " + output.toBase64());

HMAC generation for input value using SHA384 hashing algorithm, and printing HMAC value using Base64 encoding.

 
    output = crypto:hmacSha512(inputArr, keyArr);
    io:println("Hex encoded HMAC with SHA512: " + output.toBase16());

HMAC generation for input value using SHA512 hashing algorithm, and printing HMAC value using Hex encoding.

 
    io:println("CRC32B for text: " + crypto:crc32b(inputArr));

Hex encoded CRC32B checksum generation for input value.

 
    xml xmlContent = xml `<foo>Hello Ballerina</foo>`;
    io:println("CRC32 for xml content: " + crypto:crc32b(xmlContent.toString().toBytes()));

Hex encoded CRC32B checksum generation for XML data.

 
    crypto:KeyStore keyStore = {path: "./sampleKeystore.p12", password: "ballerina"};
    var privateKey = crypto:decodePrivateKey(keyStore, "ballerina", "ballerina");

Obtaining reference to a RSA private key stored within a PKCS#12 or PFX format archive file.

 
    if (privateKey is crypto:PrivateKey) {

        output = check crypto:signRsaMd5(inputArr, privateKey);
        io:println("Hex encoded RSA-MD5 signature: " + output.toBase16());

Signing input value using RSA-MD5 signature algorithms, and printing the signature value using Hex encoding.

 
        output = check crypto:signRsaSha1(inputArr, privateKey);
        io:println("Base64 encoded RSA-SHA1 signature: " + output.toBase64());

Signing input value using RSA-MD5 signature algorithms, and printing the signature value using Base64 encoding.

 
        output = check crypto:signRsaSha256(inputArr, privateKey);
        io:println("Hex encoded RSA-SHA256 signature: " + output.toBase16());

Signing input value using RSA-MD5 signature algorithms, and printing the signature value using Hex encoding.

 
        output = check crypto:signRsaSha384(inputArr, privateKey);
        io:println("Base64 encoded RSA-SHA384 signature: " + output.toBase64());

Signing input value using RSA-MD5 signature algorithms, and printing the signature value using Base64 encoding.

 
        output = check crypto:signRsaSha512(inputArr, privateKey);
        io:println("Hex encoded RSA-SHA512 signature: " + output.toBase16());
    } else {
        io:println("Invalid private key");
    }

Signing input value using RSA-MD5 signature algorithms, and printing the signature value using Hex encoding.

 
     byte[16] rsaKeyArr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
     foreach var i in 0 ... 15 {
        rsaKeyArr[i] = <byte>(math:randomInRange(0, 255));
     }

Randomly generate a 128 bit key for AES encryption.

 
     byte[16] ivArr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
     foreach var i in 0 ... 15 {
        ivArr[i] = <byte>(math:randomInRange(0, 255));
     }

Randomly generate a 128 bit IV for AES encryption.

 
     output = check crypto:encryptAesCbc(inputArr, rsaKeyArr, ivArr);
     output = check crypto:decryptAesCbc(output, rsaKeyArr, ivArr);
     io:println("AES CBC PKCS5 decrypted value: " + check 'string:fromBytes(output));

Encrypt and decrypt an input value using AES CBC PKCS5 padding.

 
     output = check crypto:encryptAesCbc(inputArr, rsaKeyArr, ivArr, crypto:NONE);
     output = check crypto:decryptAesCbc(output, rsaKeyArr, ivArr, crypto:NONE);
     io:println("AES CBC no padding decrypted value: " + check 'string:fromBytes(output));

Encrypt and decrypt an input value using AES CBC without padding.

 
     output = check crypto:encryptAesGcm(inputArr, rsaKeyArr, ivArr);
     output = check crypto:decryptAesGcm(output, rsaKeyArr, ivArr);
     io:println("AES GCM PKCS5 decrypted value: " + check 'string:fromBytes(output));

Encrypt and decrypt an input value using AES GCM PKCS5 padding.

 
     output = check crypto:encryptAesGcm(inputArr, rsaKeyArr, ivArr, crypto:NONE);
     output = check crypto:decryptAesGcm(output, rsaKeyArr, ivArr, crypto:NONE);
     io:println("AES GCM no padding decrypted value: " + check 'string:fromBytes(output));

Encrypt and decrypt an input value using AES GCM without padding.

 
     output = check crypto:encryptAesEcb(inputArr, rsaKeyArr);
     output = check crypto:decryptAesEcb(output, rsaKeyArr);
     io:println("AES ECB PKCS5 decrypted value: " + check 'string:fromBytes(output));

Encrypt and decrypt an input value using AES ECB PKCS5 padding.

 
     output = check crypto:encryptAesEcb(inputArr, rsaKeyArr, crypto:NONE);
     output = check crypto:decryptAesEcb(output, rsaKeyArr, crypto:NONE);
     io:println("AES ECB no padding decrypted value: " + check 'string:fromBytes(output));

Encrypt and decrypt input value using AES ECB without padding.

 
     crypto:PublicKey rsaPublicKey = check crypto:decodePublicKey(keyStore, "ballerina");

Public key used for RSA encryption.

 
     crypto:PrivateKey rsaPrivateKey = check crypto:decodePrivateKey(keyStore, "ballerina",
                                                                    "ballerina");

Private key used for RSA decryption.

 
     output = check crypto:encryptRsaEcb(inputArr, rsaPublicKey);
     output = check crypto:decryptRsaEcb(output, rsaPrivateKey);
     io:println("RSA ECB PKCS1 decrypted value: " + check 'string:fromBytes(output));

Encrypt and decrypt an input value using RSA ECB PKCS1 padding.

 
     output = check crypto:encryptRsaEcb(inputArr, rsaPublicKey,
                                         crypto:OAEPwithSHA512andMGF1);
     output = check crypto:decryptRsaEcb(output, rsaPrivateKey,
                                         crypto:OAEPwithSHA512andMGF1);
     io:println("RSA ECB OAEPwithSHA512andMGF1 decrypted value: " +
                check 'string:fromBytes(output));
}

Encrypt and decrypt an input value using RSA ECB OAEPwithSHA512andMGF1 padding.

 
# To run this sample, navigate to the directory that contains the
# `.bal` file, make sure `sampleKeystore.p12` file is present in the
# same folder and issue the `ballerina run` command.
$ ballerina run crypto.bal
Hex encoded hash with MD5: 0605402ee16d8e96511a58ff105bc24a
Base64 encoded hash with SHA1: /8fwbGIevBvv2Nl3gEL9DtWas+Q=
Hex encoded hash with SHA256: a984a643c350b17f0738bac0fef17f2cd91d91e04596351d0
    af670c79adc12d5
Base64 encoded hash with SHA384: lselzItgAZHQmqNbkf/s2aRjBSd93O3ayc0PB0Dxk6AEo1
    s44zyTz/Qp0FJO1n6b
Hex encoded hash with SHA512: a6f0770f1582f49396a97fbd5973ac22a3a578ac6a991786427
    dfec17dbd984d8d6289771ac6f44176160a3dcd59f4a8c6b3ab97bef0caa5c67a3fac78c8e946
Hex encoded HMAC with MD5: b69fa2cc698e0923a7eea9d8f2b156fe
Base64 encoded HMAC with SHA1: AkWFajkb/gml703Zf4pPgxrjam4=
Hex encoded HMAC with SHA256: 13a3369b8ba326fd311d4500b06a5214a02ed2a033917108f6b
    9af58b7ede381
Base64 encoded HMAC with SHA384: 0AjKoWLhNPgdobGTPJs0PdkA0W9wkJtzUvXigzC1ZmXDJJsx
    p4icks4JrPiwHGm6
Hex encoded HMAC with SHA512: 27588ad08e772a6bba5fca5f45cf467819c8de69a70a42be6fe
    3eb09ceb3bfeb8b2976bda8ea5c10dcfa2294b12cb0b50b22a06309bada98af21857904a03205
CRC32B for text: db9230c5
CRC32 for xml content: 7d5c0879
Hex encoded RSA-MD5 signature: 2cfd121e4ff2409d1b2482ebbf37d0c035884d6d858e307e44
    60b092d79cb20abb624a0dfae76b73b1fc85447be3060a36b318813f0115b1919e5efa7a7f9b1
    173ec869f56fd9448d99770e1565db1c69a04fd0075fa0e33423a7e829a8b9c25a4dd2c68f3ee
    e021c0c4ff27979750b395384e280afd87af5274c8d2d99ad4438d9bfc9b2c5a2814212ba29ce
    6ff70cbe30a5c23f86b0330e143c4d8813ff10092cd313c6861706d37df5f4bb4e9fc72354975
    ee1786cf24c79b9edfa909968f198c4da37464f3d214a68fb39956717e92d667bb5a9a7f5986b
    a055d431813d4053a028873499f98c94fd6b5c6fd5aefad432669f957ab4ce9e91c5e77b36ec0
Base64 encoded RSA-SHA1 signature: bYMHKKVkjbOUp9ly3AdW9/euxF94krkkF9SDk2FfbVEc0m
    qpGIxVoZlPiFxszurZF1YPcqOSeOehDkaHXUMfQkTjBq7XlcePtkywy0fChqw8/SWqZR8nbYv97tt
    8+MVTkymbm26syQLwYNLiGp/EsN6X+fJpkdakwHE+TrdE+rEFrNysGyAm1DWwc4c+l7MEmSYMUnh/
    GWPY5r2knOOdDA3mr+XyrsxzFRWZgO7ebVvEQfq9XkRp8kdiGVgpLS5au0jKj3EpbCdS1prFgy3gr
    kuSJTTUQCwgPo7WSjWbuehFGni7rbas8HIqNlyWF0qUyznJ3eqbUwZ95QqOoVWZoQ==
Hex encoded RSA-SHA256 signature: 215c6ea96c9e82348430c6bb02e715560b4fbd3afcf24fb
    eb41ff12d4d68a797d61c4d6f822807688e4dc604e212b3cc7ac563b3cbe4e5690e2aebaf4e3d
    f35c19d4b0f7043f50501f390634303577053b029d495104c0e98bc887f0be744ef6f726f7192
    01907ad4e86cef82eb030b60c384f7034a85159081e598e197bb8904a9123f39d190796dc7fd9
    46157547c10523999b8fa956d4119dbfe3c1435911c0585cf3c537964516706772e87f2470557
    40cc4867ac6b99d7bf699fce1b59956c7f55368c8c88c9d47e51ef120ed3f27c3e555691a6971
    42c78cbd72c23b81b43fa5ab67164a35f8e8c6bf1da187d3feb866add13f1fb9576a2f7887535
    311
Base64 encoded RSA-SHA384 signature: BjQ40dffGiRQ4zo1s+ld+zKhJL21RbO5sW3L2+4xmonU
    t126u9D4/FZ2sM1QGGamj8btB9otiYmWr9sFm4fTs1EX6vrxcCGCAiDdkMxiRs7kShaz2x/BjJQ7c
    Od9OY+amwo7DQ/FAk9mNOt4lFUpjc9WyEW9F1PEJRXZQvMmVabDu8lp/Fh02lmEquG15DT5qT0jRx
    RJiS8CNa+97cMZdOmF2KeADfRbNJSz70mZ76MrsNxYIXYIiJzJBQod0efQr0Sr/HDn4JDVph9rpDM
    3p8m94TyXvSOwxwxzZWRLEwB0ANdfDmbrW4bOpxfZZFmy1hltqNJQ9G0BcKOHsZDj6Q==
Hex encoded RSA-SHA512 signature: 15428fdc7b26d18b1f3eae4569399ae6ebfd430c8f073bf
    2fa77ebfe1ad5645640374ea4a4aeadd252af3a198e55e69ad2a910e28470d9b54748887de06a
    5c3ed7ab12399a404359332553e051e8ae0f3ef741faa15a21ad17a9c235e5f91d567bcca0e5a
    6117689dccada4a33ee897514f7a8a32f12dac0087f5dcbb094c93c792f672e1685618ac5d93a
    a9d30f6d8e306145ef2d1b9cfdc04d6c61b43376089a78471e8e03d97ee3b57e1b734a23f4436
    6a99234a0abeb1d36d01c474833b4c2beaf430dae06ab95a1c951645fb1e0a5e7b9eed44d40e3
    5036f2cd2764df6cc04fe1248e1bb772a53c8201a974109333a318ce57930494d4cb5e41d0dc8
    f1c
AES CBC PKCS5 decrypted value: Hello Ballerina!
AES CBC no padding decrypted value: Hello Ballerina!
AES GCM PKCS5 decrypted value: Hello Ballerina!
AES GCM no padding decrypted value: Hello Ballerina!
AES ECB PKCS5 decrypted value: Hello Ballerina!
AES ECB no padding decrypted value: Hello Ballerina!
RSA ECB PKCS1 decrypted value: Hello Ballerina!
RSA ECB OAEPwithSHA512andMGF1 decrypted value: Hello Ballerina!