Skip to content
Browse files

doc(readme) add partial readme

  • Loading branch information...
fffonion committed Sep 26, 2019
1 parent ec0bb30 commit f820feebe291610360bd877023274a678cba239d
Showing with 188 additions and 8 deletions.
  1. +187 −7
  2. +1 −1 lua-resty-openssl-0.1.0-1.rockspec
@@ -1,6 +1,6 @@
# lua-resty-acme
# lua-resty-openssl

FFI-based OpenSSL binding for LuaJIT, support OpenSSL 1.1 and 1.0.2 series
FFI-based OpenSSL binding for LuaJIT, supporting OpenSSL 1.1 and 1.0.2 series

![Build Status](

@@ -19,21 +19,204 @@ Table of Contents

`lua-resty-openssl` is a FFI-based OpenSSL binding library, currently
supports OpenSSL `1.1.1`, `1.1.0` and `1.0.2` series.

The API is kept as same [luaossl]( while only a small sets
of OpenSSL API implemented.

[Back to TOC](#table-of-contents)




## resty.openssl

This meta module provides a version sanity check and returns all exported modules to a local table

return {
_VERSION = '0.1.0',
version = require("resty.openssl.version"),
pkey = require("resty.openssl.pkey"),
x509 = require("resty.openssl.x509"),
name = require(""),
altname = require("resty.openssl.x509.altname"),
csr = require("resty.openssl.x509.csr"),
digest = require("resty.openssl.digest")

## resty.openssl.version

A module to provide version info.

### version_num

The OpenSSL version number.

### OPENSSL_11

A boolean indicates whether the linked OpenSSL is 1.1 series.

### OPENSSL_10

A boolean indicates whether the linked OpenSSL is 1.0 series.

## resty.openssl.pkey

Module to provide EVP infrastructure.


**syntax**: *pk, err =*

**syntax**: *pk, err =, format?)*

**syntax**: *pk, err =*

Creates a new pkey instance. The first argument can be:

1. A table which defaults to:

type = 'RSA',
bits = 2048,
exp = 65537

to create EC private key:

type = 'EC',
curve = 'primve196v1',

2. A string of private or public key in PEM or DER format; optionally tells the library
to explictly decode the key using `format`, which can be a choice of `PER`, `DER` or `*`
for auto detect.
3. `nil` to create a 2048 bits RSA key.

### pkey:getParameters

**syntax**: *parameters, err = pk:getParameters()*

Returns a table containing the `parameters` of pkey instance. Currently only `n`, `e` and `d`
parameter of RSA key is supported. Each value of the returned table is a
[](#restyopensslbn) instance.

local pk, err = require("resty.openssl")
local parameters, err = pk:getParameters()
local e = parameters.e
-- outputs 'AQAB' (65537) by default

### pkey:sign

**syntax**: *signature, err = pk:sign(digest)*

Sign a [digest](#restyopenssldigest) using the private key defined in `pkey`
instance. The `digest` parameter must be a [resty.openssl.digest](#restyopenssldigest)
instance. Returns the signed raw binary and error if any.

local pk, err = require("resty.openssl")
local digest, err = require("resty.openssl")"SHA256")
local signature, err = pk:sign(digest)

### pkey:verify

**syntax**: *ok, err = pk:verify(signature, digest)*

Verify a signture (which can be generated by [pkey:sign](#pkey-sign)). The second
argument must be a [resty.openssl.digest](#restyopenssldigest) instance that uses
the same digest algorithm as used in `sign`.

### pkey:toPEM

**syntax**: *pem, err = pk:toPEM(private_or_public?)*

Outputs private key or public key of pkey instance in PEM format. `private_or_public`
must be a choice of `public`, `PublicKey`, `private`, `PrivateKey` or nil.
By default, it returns the public key.


Module to expose BIGNUM structure. This module is not exposed through `resty.openssl`.


**syntax**: *b, err = or number?)*

Creates a BIGNUM instance. The first argument can be `BIGNUM *` cdata object, or a Lua number,
or `nil` to creates a empty instance.

### bn:toBinary

**syntax**: *bin, err = bn:toBinary()*

Export the BIGNUM value in binary.

local b, err = require("").new(23333)
local bin, err = b:toBinary()
-- outputs "WyU="

## resty.openssl.digest

Module to interact with message digest.


**syntax**: *d, err =*

Creates a digest instance. The `digest_name` is a valid digest algorithm name. To view
a list of digest algorithms implemented, use `openssl list -digest-algorithms`

### digest:update

**syntax**: *digest:update(partial, ...)*

Updates the digest with one or more string.

### digest:final

**syntax**: *digest:update(partial?, ...)*

## resty.openssl.x509

## resty.openssl.x509.csr

## resty.openssl.x509.altname



- test memory leak

[Back to TOC](#table-of-contents)


See Also
* [Automatic Certificate Management Environment (ACME)](
* [haproxytech/haproxy-lua-acme]( The ACME Lua implementation used in HAProxy.
* [GUI/lua-resty-auto-ssl](
* [Let's Encrypt API rate limits](
* [luaossl](

[Back to TOC](#table-of-contents)
@@ -1,5 +1,5 @@
package = "lua-resty-openssl"
version = "0.1.0-0"
version = "0.1.0-1"
source = {
url = "git+"

0 comments on commit f820fee

Please sign in to comment.
You can’t perform that action at this time.