import ballerina/crypto;
import ballerina/io;
import ballerina/math;
import ballerina/lang.'string as strings;public function main() returns error? {
    string input = "Hello Ballerina!";
    byte[] inputArr = input.toBytes();
    byte[] output = crypto:hashMd5(inputArr);
    io:println("Hex encoded hash with MD5: " + output.toBase16());
    output = crypto:hashSha1(inputArr);
    io:println("Base64 encoded hash with SHA1: " + output.toBase64());
    output = crypto:hashSha256(inputArr);
    io:println("Hex encoded hash with SHA256: " + output.toBase16());
    output = crypto:hashSha384(inputArr);
    io:println("Base64 encoded hash with SHA384: " + output.toBase64());
    output = crypto:hashSha512(inputArr);
    io:println("Hex encoded hash with SHA512: " + output.toBase16());
    string key = "somesecret";
    byte[] keyArr = key.toBytes();
    output = crypto:hmacMd5(inputArr, keyArr);
    io:println("Hex encoded HMAC with MD5: " + output.toBase16());
    output = crypto:hmacSha1(inputArr, keyArr);
    io:println("Base64 encoded HMAC with SHA1: " + output.toBase64());
    output = crypto:hmacSha256(inputArr, keyArr);
    io:println("Hex encoded HMAC with SHA256: " + output.toBase16());
    output = crypto:hmacSha384(inputArr, keyArr);
    io:println("Base64 encoded HMAC with SHA384: " + output.toBase64());
    output = crypto:hmacSha512(inputArr, keyArr);
    io:println("Hex encoded HMAC with SHA512: " + output.toBase16());
    io:println("CRC32B for text: " + crypto:crc32b(inputArr));
    xml xmlContent = xml `<foo>Hello Ballerina</foo>`;
    io:println("CRC32 for xml content: " + crypto:crc32b(xmlContent.toString().toBytes()));
    crypto:KeyStore keyStore = { path: "./sampleKeystore.p12", password: "ballerina" };
    var privateKey = crypto:decodePrivateKey(keyStore, "ballerina", "ballerina");    if (privateKey is crypto:PrivateKey) {
        output = check crypto:signRsaMd5(inputArr, privateKey);
        io:println("Hex encoded RSA-MD5 signature: " + output.toBase16());
        output = check crypto:signRsaSha1(inputArr, privateKey);
        io:println("Base64 encoded RSA-SHA1 signature: " + output.toBase64());
        output = check crypto:signRsaSha256(inputArr, privateKey);
        io:println("Hex encoded RSA-SHA256 signature: " + output.toBase16());
        output = check crypto:signRsaSha384(inputArr, privateKey);
        io:println("Base64 encoded RSA-SHA384 signature: " + output.toBase64());
        output = check crypto:signRsaSha512(inputArr, privateKey);
        io:println("Hex encoded RSA-SHA512 signature: " + output.toBase16());
    } else {
        io:println("Invalid private key");
    }
     byte[16] rsaKeyArr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
     foreach var i in 0...15 {
        rsaKeyArr[i] = <byte>(math:randomInRange(0, 255));
     }
     byte[16] ivArr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
     foreach var i in 0...15 {
        ivArr[i] = <byte>(math:randomInRange(0, 255));
     }
     output = check crypto:encryptAesCbc(inputArr, rsaKeyArr, ivArr);
     output = check crypto:decryptAesCbc(output, rsaKeyArr, ivArr);
     io:println("AES CBC PKCS5 decrypted value: " + check strings:fromBytes(output));
     output = check crypto:encryptAesCbc(inputArr, rsaKeyArr, ivArr, crypto:NONE);
     output = check crypto:decryptAesCbc(output, rsaKeyArr, ivArr, crypto:NONE);
     io:println("AES CBC no padding decrypted value: " + check strings:fromBytes(output));
     output = check crypto:encryptAesGcm(inputArr, rsaKeyArr, ivArr);
     output = check crypto:decryptAesGcm(output, rsaKeyArr, ivArr);
     io:println("AES GCM PKCS5 decrypted value: " + check strings:fromBytes(output));
     output = check crypto:encryptAesGcm(inputArr, rsaKeyArr, ivArr, crypto:NONE);
     output = check crypto:decryptAesGcm(output, rsaKeyArr, ivArr, crypto:NONE);
     io:println("AES GCM no padding decrypted value: " + check strings:fromBytes(output));
     output = check crypto:encryptAesEcb(inputArr, rsaKeyArr);
     output = check crypto:decryptAesEcb(output, rsaKeyArr);
     io:println("AES ECB PKCS5 decrypted value: " + check strings:fromBytes(output));
     output = check crypto:encryptAesEcb(inputArr, rsaKeyArr, crypto:NONE);
     output = check crypto:decryptAesEcb(output, rsaKeyArr, crypto:NONE);
     io:println("AES ECB no padding decrypted value: " + check strings:fromBytes(output));
     crypto:PublicKey rsaPublicKey = check crypto:decodePublicKey(keyStore, "ballerina");
     crypto:PrivateKey rsaPrivateKey = check crypto:decodePrivateKey(keyStore, "ballerina", "ballerina");
     output = check crypto:encryptRsaEcb(inputArr, rsaPublicKey);
     output = check crypto:decryptRsaEcb(output, rsaPrivateKey);
     io:println("RSA ECB PKCS1 decrypted value: " + check strings:fromBytes(output));
     output = check crypto:encryptRsaEcb(inputArr, rsaPublicKey, crypto:OAEPwithSHA512andMGF1);
     output = check crypto:decryptRsaEcb(output, rsaPrivateKey, crypto:OAEPwithSHA512andMGF1);
     io:println("RSA ECB OAEPwithSHA512andMGF1 decrypted value: " + check strings:fromBytes(output));
}

Cryptographic Operations

The crypto stdlib provides functions usable to perform different cryptographic operations such as hashing, HMAC generation, checksum generation and digitally signing data.

import ballerina/crypto;
import ballerina/io;
import ballerina/math;
import ballerina/lang.'string as strings;
public function main() returns error? {
    string input = "Hello Ballerina!";
    byte[] inputArr = input.toBytes();

Input value for crypto operations.

    byte[] output = crypto:hashMd5(inputArr);
    io:println("Hex encoded hash with MD5: " + output.toBase16());

Hashing input value using MD5 hashing algorithm, and printing hash value using Hex encoding.

    output = crypto:hashSha1(inputArr);
    io:println("Base64 encoded hash with SHA1: " + output.toBase64());

Hashing input value using SHA1 hashing algorithm, and printing hash value using Base64 encoding.

    output = crypto:hashSha256(inputArr);
    io:println("Hex encoded hash with SHA256: " + output.toBase16());

Hashing input value using SHA256 hashing algorithm, and printing hash value using Hex encoding.

    output = crypto:hashSha384(inputArr);
    io:println("Base64 encoded hash with SHA384: " + output.toBase64());

Hashing input value using SHA384 hashing algorithm, and printing hash value using Base64 encoding.

    output = crypto:hashSha512(inputArr);
    io:println("Hex encoded hash with SHA512: " + output.toBase16());

Hashing input value using SHA512 hashing algorithm, and printing hash value using Hex encoding.

    string key = "somesecret";
    byte[] keyArr = key.toBytes();

The key used for HMAC generation.

    output = crypto:hmacMd5(inputArr, keyArr);
    io:println("Hex encoded HMAC with MD5: " + output.toBase16());

HMAC generation for input value using MD5 hashing algorithm, and printing HMAC value using Hex encoding.

    output = crypto:hmacSha1(inputArr, keyArr);
    io:println("Base64 encoded HMAC with SHA1: " + output.toBase64());

HMAC generation for input value using SHA1 hashing algorithm, and printing HMAC value using Base64 encoding.

    output = crypto:hmacSha256(inputArr, keyArr);
    io:println("Hex encoded HMAC with SHA256: " + output.toBase16());

HMAC generation for input value using SHA256 hashing algorithm, and printing HMAC value using Hex encoding.

    output = crypto:hmacSha384(inputArr, keyArr);
    io:println("Base64 encoded HMAC with SHA384: " + output.toBase64());

HMAC generation for input value using SHA384 hashing algorithm, and printing HMAC value using Base64 encoding.

    output = crypto:hmacSha512(inputArr, keyArr);
    io:println("Hex encoded HMAC with SHA512: " + output.toBase16());

HMAC generation for input value using SHA512 hashing algorithm, and printing HMAC value using Hex encoding.

    io:println("CRC32B for text: " + crypto:crc32b(inputArr));

Hex encoded CRC32B checksum generation for input value.

    xml xmlContent = xml `<foo>Hello Ballerina</foo>`;
    io:println("CRC32 for xml content: " + crypto:crc32b(xmlContent.toString().toBytes()));

Hex encoded CRC32B checksum generation for XML data.

    crypto:KeyStore keyStore = { path: "./sampleKeystore.p12", password: "ballerina" };
    var privateKey = crypto:decodePrivateKey(keyStore, "ballerina", "ballerina");

Obtaining reference to a RSA private key stored within a PKCS#12 or PFX format archive file.

    if (privateKey is crypto:PrivateKey) {
        output = check crypto:signRsaMd5(inputArr, privateKey);
        io:println("Hex encoded RSA-MD5 signature: " + output.toBase16());

Signing input value using RSA-MD5 signature algorithms, and printing the signature value using Hex encoding.

        output = check crypto:signRsaSha1(inputArr, privateKey);
        io:println("Base64 encoded RSA-SHA1 signature: " + output.toBase64());

Signing input value using RSA-MD5 signature algorithms, and printing the signature value using Base64 encoding.

        output = check crypto:signRsaSha256(inputArr, privateKey);
        io:println("Hex encoded RSA-SHA256 signature: " + output.toBase16());

Signing input value using RSA-MD5 signature algorithms, and printing the signature value using Hex encoding.

        output = check crypto:signRsaSha384(inputArr, privateKey);
        io:println("Base64 encoded RSA-SHA384 signature: " + output.toBase64());

Signing input value using RSA-MD5 signature algorithms, and printing the signature value using Base64 encoding.

        output = check crypto:signRsaSha512(inputArr, privateKey);
        io:println("Hex encoded RSA-SHA512 signature: " + output.toBase16());
    } else {
        io:println("Invalid private key");
    }

Signing input value using RSA-MD5 signature algorithms, and printing the signature value using Hex encoding.

     byte[16] rsaKeyArr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
     foreach var i in 0...15 {
        rsaKeyArr[i] = <byte>(math:randomInRange(0, 255));
     }

Randomly generate a 128 bit key for AES encryption.

     byte[16] ivArr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
     foreach var i in 0...15 {
        ivArr[i] = <byte>(math:randomInRange(0, 255));
     }

Randomly generate a 128 bit IV for AES encryption.

     output = check crypto:encryptAesCbc(inputArr, rsaKeyArr, ivArr);
     output = check crypto:decryptAesCbc(output, rsaKeyArr, ivArr);
     io:println("AES CBC PKCS5 decrypted value: " + check strings:fromBytes(output));

Encrypt and decrypt input value using AES CBC PKCS5 padding.

     output = check crypto:encryptAesCbc(inputArr, rsaKeyArr, ivArr, crypto:NONE);
     output = check crypto:decryptAesCbc(output, rsaKeyArr, ivArr, crypto:NONE);
     io:println("AES CBC no padding decrypted value: " + check strings:fromBytes(output));

Encrypt and decrypt input value using AES CBC no padding.

     output = check crypto:encryptAesGcm(inputArr, rsaKeyArr, ivArr);
     output = check crypto:decryptAesGcm(output, rsaKeyArr, ivArr);
     io:println("AES GCM PKCS5 decrypted value: " + check strings:fromBytes(output));

Encrypt and decrypt input value using AES GCM PKCS5 padding.

     output = check crypto:encryptAesGcm(inputArr, rsaKeyArr, ivArr, crypto:NONE);
     output = check crypto:decryptAesGcm(output, rsaKeyArr, ivArr, crypto:NONE);
     io:println("AES GCM no padding decrypted value: " + check strings:fromBytes(output));

Encrypt and decrypt input value using AES GCM no padding.

     output = check crypto:encryptAesEcb(inputArr, rsaKeyArr);
     output = check crypto:decryptAesEcb(output, rsaKeyArr);
     io:println("AES ECB PKCS5 decrypted value: " + check strings:fromBytes(output));

Encrypt and decrypt input value using AES ECB PKCS5 padding.

     output = check crypto:encryptAesEcb(inputArr, rsaKeyArr, crypto:NONE);
     output = check crypto:decryptAesEcb(output, rsaKeyArr, crypto:NONE);
     io:println("AES ECB no padding decrypted value: " + check strings:fromBytes(output));

Encrypt and decrypt input value using AES ECB no padding.

     crypto:PublicKey rsaPublicKey = check crypto:decodePublicKey(keyStore, "ballerina");

Public key used for RSA encryption.

     crypto:PrivateKey rsaPrivateKey = check crypto:decodePrivateKey(keyStore, "ballerina", "ballerina");

Private key used for RSA decryption.

     output = check crypto:encryptRsaEcb(inputArr, rsaPublicKey);
     output = check crypto:decryptRsaEcb(output, rsaPrivateKey);
     io:println("RSA ECB PKCS1 decrypted value: " + check strings:fromBytes(output));

Encrypt and decrypt input value using RSA ECB PKCS1 padding.

     output = check crypto:encryptRsaEcb(inputArr, rsaPublicKey, crypto:OAEPwithSHA512andMGF1);
     output = check crypto:decryptRsaEcb(output, rsaPrivateKey, crypto:OAEPwithSHA512andMGF1);
     io:println("RSA ECB OAEPwithSHA512andMGF1 decrypted value: " + check strings:fromBytes(output));
}

Encrypt and decrypt input value using RSA ECB OAEPwithSHA512andMGF1 padding.

# To run this sample, navigate to the directory that contains the
# `.bal` file, make sure `sampleKeystore.p12` file is present in the
# same folder and issue the `ballerina run` command.
$ ballerina run crypto.bal
Hex encoded hash with MD5: 0605402EE16D8E96511A58FF105BC24A
Base64 encoded hash with SHA1: /8fwbGIevBvv2Nl3gEL9DtWas+Q=
Hex encoded hash with SHA256: A984A643C350B17F0738BAC0FEF17F2CD91D91E04596351D0AF670C79ADC12D5
Base64 encoded hash with SHA384: lselzItgAZHQmqNbkf/s2aRjBSd93O3ayc0PB0Dxk6AEo1s44zyTz/Qp0FJO1n6b
Hex encoded hash with SHA512: A6F0770F1582F49396A97FBD5973AC22A3A578AC6A991786427DFEC17DBD984D8D6
  289771AC6F44176160A3DCD59F4A8C6B3AB97BEF0CAA5C67A3FAC78C8E946
Hex encoded HMAC with MD5: B69FA2CC698E0923A7EEA9D8F2B156FE
Base64 encoded HMAC with SHA1: AkWFajkb/gml703Zf4pPgxrjam4=
Hex encoded HMAC with SHA256: 13A3369B8BA326FD311D4500B06A5214A02ED2A033917108F6B9AF58B7EDE381
Base64 encoded HMAC with SHA384: 0AjKoWLhNPgdobGTPJs0PdkA0W9wkJtzUvXigzC1ZmXDJJsxp4icks4JrPiwHGm6
Hex encoded HMAC with SHA512: 27588AD08E772A6BBA5FCA5F45CF467819C8DE69A70A42BE6FE3EB09CEB3BFEB8B2
  976BDA8EA5C10DCFA2294B12CB0B50B22A06309BADA98AF21857904A03205
CRC32B for text: db9230c5
CRC32 for xml content: 7d5c0879
Hex encoded RSA-MD5 signature: 2CFD121E4FF2409D1B2482EBBF37D0C035884D6D858E307E4460B092D79CB20ABB
  624A0DFAE76B73B1FC85447BE3060A36B318813F0115B1919E5EFA7A7F9B1173EC869F56FD9448D99770E1565DB1C69
  A04FD0075FA0E33423A7E829A8B9C25A4DD2C68F3EEE021C0C4FF27979750B395384E280AFD87AF5274C8D2D99AD443
  8D9BFC9B2C5A2814212BA29CE6FF70CBE30A5C23F86B0330E143C4D8813FF10092CD313C6861706D37DF5F4BB4E9FC7
  2354975EE1786CF24C79B9EDFA909968F198C4DA37464F3D214A68FB39956717E92D667BB5A9A7F5986BA055D431813
  D4053A028873499F98C94FD6B5C6FD5AEFAD432669F957AB4CE9E91C5E77B36EC0
Base64 encoded RSA-SHA1 signature: bYMHKKVkjbOUp9ly3AdW9/euxF94krkkF9SDk2FfbVEc0mqpGIxVoZlPiFxszu
  rZF1YPcqOSeOehDkaHXUMfQkTjBq7XlcePtkywy0fChqw8/SWqZR8nbYv97tt8+MVTkymbm26syQLwYNLiGp/EsN6X+fJpk
  dakwHE+TrdE+rEFrNysGyAm1DWwc4c+l7MEmSYMUnh/GWPY5r2knOOdDA3mr+XyrsxzFRWZgO7ebVvEQfq9XkRp8kdiGVgp
  LS5au0jKj3EpbCdS1prFgy3grkuSJTTUQCwgPo7WSjWbuehFGni7rbas8HIqNlyWF0qUyznJ3eqbUwZ95QqOoVWZoQ==
Hex encoded RSA-SHA256 signature: 215C6EA96C9E82348430C6BB02E715560B4FBD3AFCF24FBEB41FF12D4D68A79
  7D61C4D6F822807688E4DC604E212B3CC7AC563B3CBE4E5690E2AEBAF4E3DF35C19D4B0F7043F50501F390634303577
  053B029D495104C0E98BC887F0BE744EF6F726F719201907AD4E86CEF82EB030B60C384F7034A85159081E598E197BB
  8904A9123F39D190796DC7FD946157547C10523999B8FA956D4119DBFE3C1435911C0585CF3C537964516706772E87F
  247055740CC4867AC6B99D7BF699FCE1B59956C7F55368C8C88C9D47E51EF120ED3F27C3E555691A697142C78CBD72C
  23B81B43FA5AB67164A35F8E8C6BF1DA187D3FEB866ADD13F1FB9576A2F7887535311
Base64 encoded RSA-SHA384 signature: BjQ40dffGiRQ4zo1s+ld+zKhJL21RbO5sW3L2+4xmonUt126u9D4/FZ2sM1Q
  GGamj8btB9otiYmWr9sFm4fTs1EX6vrxcCGCAiDdkMxiRs7kShaz2x/BjJQ7cOd9OY+amwo7DQ/FAk9mNOt4lFUpjc9WyEW
  9F1PEJRXZQvMmVabDu8lp/Fh02lmEquG15DT5qT0jRxRJiS8CNa+97cMZdOmF2KeADfRbNJSz70mZ76MrsNxYIXYIiJzJBQ
  od0efQr0Sr/HDn4JDVph9rpDM3p8m94TyXvSOwxwxzZWRLEwB0ANdfDmbrW4bOpxfZZFmy1hltqNJQ9G0BcKOHsZDj6Q==
Hex encoded RSA-SHA512 signature: 15428FDC7B26D18B1F3EAE4569399AE6EBFD430C8F073BF2FA77EBFE1AD5645
  640374EA4A4AEADD252AF3A198E55E69AD2A910E28470D9B54748887DE06A5C3ED7AB12399A404359332553E051E8AE
  0F3EF741FAA15A21AD17A9C235E5F91D567BCCA0E5A6117689DCCADA4A33EE897514F7A8A32F12DAC0087F5DCBB094C
  93C792F672E1685618AC5D93AA9D30F6D8E306145EF2D1B9CFDC04D6C61B43376089A78471E8E03D97EE3B57E1B734A
  23F44366A99234A0ABEB1D36D01C474833B4C2BEAF430DAE06AB95A1C951645FB1E0A5E7B9EED44D40E35036F2CD276
  4DF6CC04FE1248E1BB772A53C8201A974109333A318CE57930494D4CB5E41D0DC8F1C
AES CBC PKCS5 decrypted value: Hello Ballerina!
AES CBC no padding decrypted value: Hello Ballerina!
AES GCM PKCS5 decrypted value: Hello Ballerina!
AES GCM no padding decrypted value: Hello Ballerina!
AES ECB PKCS5 decrypted value: Hello Ballerina!
AES ECB no padding decrypted value: Hello Ballerina!
RSA ECB PKCS1 decrypted value: Hello Ballerina!
RSA ECB OAEPwithSHA512andMGF1 decrypted value: Hello Ballerina!