 |
lua-l archive |
|
|
||
|
|
Take a look at luaossl if you want to be able to call encryption primitives directly, such as using any and all hash functions you might ever need, generating public/private keypairs, creating and signing X509 certificates, validating TLS certificates
at runtime, and encrypting and decrypting data buffers directly with a wide range of symmetric algorithms.
It even exposes the OpenSSL bignum functions if you want to write RSA, DHM or elliptic curve number-crunching code of your own (or just to play around with big prime numbers).
There are a few things you can’t do (e.g. you can’t use authenticated encryption algorithms such as AES-GCM directly, because you can’t call the OpenSSL functions needed to get the authentication data out), but I have been able to work around
those missing parts with just a few extra lines of code.
The documentation is good but quite a few things are missing so be prepared to look at the source (which is one massive C file that is actually very easy to read and understand).
If you just want TLS session support, look at LuaSec. It’s very easy to use. You basically just set up a TLS connection, do the handshake and then wrap an existing LuaSocket socket to run over the encrypted channel you just created.
The only thing that doesn’t work is LuaSec’s claimed integration with luaossl, which is not only undocumented but also unusably broken (though fairly easily patched to work reliably). However, most people will never need it anyway.
Both packages are available via LuaRocks.
These days I tend to use luaossl mainly from a Lua prompt (or in simple scripts) as an alternative to the OpenSSL command line tool, because it’s so much easier to use and more self-documenting than the openssl command itself, with all its crazy
subcommand variants and absurd option switches...
|