h$?t      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                                                                                                                                                                                                                                                    None.  #$&'(-./289:<>?Errno provided by botan(c) Dong Han, 2020 - 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?Z-Botan7Something bad happened, but we are not sure why or how.Z-BotanThis is used if an object provided did not match the function. For example calling botan_hash_destroy on a botan_rng_t object will cause this return.Z-BotanThis is returned if the functionality is not available for some reason. For example if you call botan_hash_init with a named hash function which is not enabled, this error is returned.Z-Botan?+Z-BotanThe root type of all botan exceptions, you can catch all botan exception by catching this root type.   !"#$%&'()*+,-./01#+,-.)*'(%&#$!" /01Errno provided by botan(c) Dong Han, 2020 - 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?%(PZ-Botan"Certificate key usage constraints.UZ-BotanInternal type to representation botan struct, botan_xxx_t is always pointer type.Z-Botanbotan_x509_cert_t* cert_objZ-Botanbotan_pubkey_t* keyZ-Botanbotan_mp_t outputZ-Botanbotan_privkey_t keyZ-Botanconst char* field_nameZ-Botanbotan_privkey_t keyZ-Botanuint8_t out[], size_t* out_lenZ-Botan botan_rng_t Z-Botan passphraseZ-Botan+encryption_algo, currently ignored by botanZ-Botanuint32_t flagsZ-Botanbotan_privkey_t keyZ-Botanuint8_t out[], size_t* out_lenZ-Botanuint32_t flagsZ-Botanbotan_privkey_t* keyZ-Botanconst char* algo_nameZ-Botanconst char* algo_paramsZ-Botanbotan_rng_t rngZ-BotanoutputZ-Botan passphraseZ-BotansaltZ-BotanoutputZ-Botan passphraseZ-BotansaltZ-BotanoutputZ-Botan passphrase Z-BotansaltZ-BotanoutputZ-Botan output sizeZ-BotanoutputZ-BotaninputZ-Botan input offsetZ-Botan input lenZ-Botanminimum_keylengthZ-Botanmaximum_keylengthZ-Botankeylength_moduloZ-BotanoutputZ-Botan output sizeZ-BotaninputZ-Botan input offsetZ-Botan input lenZ-Botanoutput writtenZ-Botanminimum_keylengthZ-Botanmaximum_keylengthZ-Botankeylength_moduloZ-Botanin_bufZ-Botan in offsetZ-Botan out bufferZ-Botannumber of blockZ-Botanin_bufZ-Botan in offsetZ-Botan out bufferZ-Botannumber of blockZ-Botanminimum_keylengthZ-Botanmaximum_keylengthZ-Botankeylength_moduloZ-Botan init functionZ-Botandestroy function pointerZ-Botan init functionZ-Botandestroy function pointerPQSRTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~UTQSRP~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVRandom Number GeneratorsDong Han, 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?, Z-BotanOpaque botan RNG type.Z-Botan RNG types.Z-Botan;Initialize a random number generator object from the given Z-Botan Use RNG as a  botan_rng_t object.Z-BotanGet an autoseeded RNG from a global RNG pool divide by haskell capability.Botan internal use a lock to protect user-space RNG, which may cause contention if shared. This function will fetch an autoseeded RNG from a global RNG pool, which is recommended under concurrent settings.Z-Botan0Get random bytes from a random number generator.Z-BotanReseeds the random number generator with bits number of bits from the .Z-BotanReseeds the random number generator with bits number of bits from the given source RNG.Z-Botan:Adds the provided seed material to the internal RNG state.;This call may be ignored by certain RNG instances (such as  or, on some systems, the ).  Multiple Precision IntegerDong Han, 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?3RZ-Botan)Opaque Botan Multiple Precision Integers.Z-BotanGet  's byte size.Z-BotanGet  's bit size.Z-BotanSet  from an integer value.Z-BotanConvert a MPI to  , the sign is ignored.Z-BotanWrite a . in decimal format, with negative sign if < 0.Z-BotanParse a - in decimal format, parse leading minus sign.Z-BotanWrite a  in hexadecimal format(without '0x' prefix), the sign is ignored.Z-BotanParse a  in hexadecimal format(without '0x' prefix), no sign is allowed.Z-Botan%mulMod x y mod = x times y modulo modZ-BotanModular exponentiation. powMod base exp mod = base power exp module modZ-Botan+Modular inverse, find an integer x so that aEx D 1 mod mIf no modular inverse exists (for instance because in and modulus are not relatively prime), return 0.Z-BotanCreate a random  of the specified bit size.Z-BotanCreate a random  within the provided range.Z-Botan/Compute the greatest common divisor of x and y.Z-BotanTest if n is prime.The algorithm used (Miller-Rabin) is probabilistic, set test_prob to the desired assurance level. For example if test_prob is 64, then sufficient Miller-Rabin iterations will run to assure there is at most a 1/2**64 chance that n is composite.Z-BotanThe   implementation ignore sign.Z-Botan lower boundZ-Botan upper boundFormat Preserving EncryptionAnjie, Dong Han, 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?8uZ-BotanInitialize an FPE operation to encrypt/decrypt integers less than n. It is expected that n is trivially factorable into small integers. Common usage would be n to be a power of 10.Z-BotanEncrypts the value x modulo the value n using the key and tweak specified. Returns an integer less than n. The tweak is a value that does not need to be secret that parameterizes the encryption function. For instance, if you were encrypting a database column with a single key, you could use a per-row-unique integer index value as the tweak. The same tweak value must be used during decryption.Z-BotanDecrypts an FE1 ciphertext. The tweak must be the same as that provided to the encryption function. Returns the plaintext integer. Note that there is not any implicit authentication or checking of data in FE1, so if you provide an incorrect key or tweak the result is simply a random integer.Z-Botanmod (n)Z-BotankeyZ-BotantweakZ-BotantweakNone.  #$&'(-./289:<>?FZ-BotanMemory allocated by locked allocator and will be zeroed after used.It's allocated by botan's locking allocator(which means it will not get swapped to disk) if possible..It will zero the memory it used once get GCed.The  * instance gives you constant-time compare.The   or Print instance always print  "**SECRET**". is not intented to be saved or transmitted, there're several way to obtain a :+ Use  to convert a piece of Bytes to . + Use key-exchanges from . + Unwrap a key, see .Z-Botan$Constant-time equal comparing bytes.!It comes with following property:The  * instance gives you constant-time compare.The   and  ! instances give you hex encoding.Z-Botan%A value used only once in AEAD modes.We use also this type to represent IV(initialization vector) for stream ciphers, but the way a nonce is generated is different: random IV is one generation choice which is usually fine, while Nonce can also be a counter, which is not ok for CBC mode.Some common nonce size:%96bit for GCM AEAD, ChaCha20Poly1305.128bit for XChaCha20Poly1305.-Block size for CBC IV(e.g. 128 bits for AES).Z-Botan"A type for human readable, it haveThe Key have the properties that:It's assumed to be UTF8 encoded and normalized, and does not have  /https://en.wikipedia.org/wiki/Control_charactercontrol-characters. There's no  % instance, you should always compare  via password hash.The   or Print instance always print "**PASSWORD**". is not intented to be saved or transmitted, it's only useful when you want to validate a user's input against password hash. See Z.Crypto.PwdHash.Z-Botan Construct a password value from  6, if there're control-characters error will be thrown.Z-Botan Construct a password value from Text , return   if contain control-characters.Z-BotanByte size of a password.Z-BotanGet plaintext of a password.Z-Botan Use password as null-terminated  const char*=, USE WITH UNSAFE FFI ONLY, PLEASE DO NOT MODIFY THE CONTENT.Z-Botan Use password as null-terminated  const char*#, PLEASE DO NOT MODIFY THE CONTENT.Z-BotanGet 64-bit random nonce.Z-BotanGet 128-bit random nonce.Z-BotanGet 192-bit random nonce.Z-BotanGet 32bit nonce from counter.Z-BotanGet 64bit nonce from counter.Z-Botan!Create a ceBytes from unsafe FFI.Z-BotanCreate a ceBytes from safe FFI.Z-Botan Create a  from  .Z-BotanGet  's content as  5, by doing this you lose the constant-time comparing.Z-BotanGet secret key's byte length.Z-BotanGet secret key's bit size.Z-BotanUnsafe convert a   to a .Note the original   may get moved by GC or swapped to disk, which may defeat the purpose of using a .Z-BotanUnsafe convert a   from a .Note the result   may get moved by GC or swapped to disk, which may defeat the purpose of using a .Z-Botan Initialize a  which pass an allocated pointer pointing to zeros to a init function.Z-BotanUse  as a  const char*#, PLEASE DO NOT MODIFY THE CONTENT.Z-BotanConstant-time compareZ-BotanThis instance will break the no-tracing property by saving secret in compiled and loaded binary.Password HashingDong Han, 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?P Z-Botan$Create a password hash using Bcrypt.Bcrypt is a password hashing scheme originally designed for use in OpenBSD, but numerous other implementations exist. It has the advantage that it requires a small amount (4K) of fast RAM to compute, which can make hardware password cracking somewhat more expensive.,Bcrypt provides outputs that look like this:>"$2a$12$7KIYdyv8Bp32WAvc.7YvI.wvRlyVn0HP/EhPmmOyMQA4YKxINO0p2"Higher work factors increase the amount of time the algorithm runs, increasing the cost of cracking attempts. The increase is exponential, so a work factor of 12 takes roughly twice as long as work factor 11. The default work factor was set to 10 up until the 2.8.0 release.It is recommended to set the work factor as high as your system can tolerate (from a performance and latency perspective) since higher work factors greatly improve the security against GPU-based attacks. For example, for protecting high value administrator passwords, consider using work factor 15 or 16; at these work factors each bcrypt computation takes several seconds. Since admin logins will be relatively uncommon, it might be acceptable for each login attempt to take some time. As of 2018, a good password cracking rig (with 8 NVIDIA 1080 cards) can attempt about 1 billion bcrypt computations per month for work factor 13. For work factor 12, it can do twice as many. For work factor 15, it can do only one quarter as many attempts.The bcrypt work factor must be at least 4 (though at this work factor bcrypt is not very secure). The bcrypt format allows up to 31, but Botan currently rejects all work factors greater than 18 since even that work factor requires roughly 15 seconds of computation on a fast machine.Z-BotanTakes a password and a bcrypt output and returns true if the password is the same as the one that was used to generate the bcrypt hash.Z-Botan password.Z-Botanwork factors (4 <= n <= 18).Z-Botan password.Z-Botanhash generated by .  AES Key WrappingAnJie Dong, Dong Han, 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?R'Z-BotanWrap the input key using kek (the key encryption key), and return the result. It will be 8 bytes longer than the input key.Z-Botan*Unwrap a key wrapped with rfc3394_keywrap.Z-BotankeyZ-BotankekZ-Botan wrapped keyZ-Botankek  Hash Functions and ChecksumsDong Han, 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?d Z-BotanA Botan Hash Object.Z-Botanhash algo nameZ-Botanhash output size in bytesZ-BotanAvailable HashsZ-BotanA recently designed hash function. Very fast on 64-bit processors. Can output a hash of any length between 1 and 64 bytes, this is specified by passing desired byte length.Z-Botan Alias for  Blake2b 32Z-Botan Alias for  Blake2b 64Z-BotanAn older (and incompatible) variant of SHA-3, but sometimes used. Prefer SHA-3 in new code.Z-BotanAn old hash function that is now known to be trivially breakable. It is very fast, and may still be suitable as a (non-cryptographic) checksum.Z-Botan$Widely used, now known to be broken.Z-BotanA 160 bit hash function, quite old but still thought to be secure (up to the limit of 2**80 computation required for a collision which is possible with any 160 bit hash function). Somewhat deprecated these days.Z-BotanWidely adopted NSA designed hash function. Starting to show significant signs of weakness, and collisions can now be generated. Avoid in new designs.Z-BotanRelatively fast 256 bit hash function, thought to be secure. Also includes the variant SHA-224. There is no real reason to use SHA-224.Z-BotanSHA-512 is faster than SHA-256 on 64-bit processors. Also includes the truncated variants SHA-384 and SHA-512/256, which have the advantage of avoiding message extension attacks.Z-BotanThe new NIST standard hash. Fairly slow. Supports 224, 256, 384 or 512 bit outputs. SHA-3 is faster with smaller outputs. Use as @SHA3_256@ or @SHA3_512@. Plain @SHA-3@ selects default 512 bit output.Z-BotanThese are actually XOFs (extensible output functions) based on SHA-3, which can output a value of any byte length. For example @SHAKE128 @128@ will produce 1024 bits of output.Z-BotanChinese national hash function, 256 bit output. Widely used in industry there. Fast and seemingly secure, but no reason to prefer it over SHA-2 or SHA-3 unless required.Z-BotanA contender for the NIST SHA-3 competition. Very fast on 64-bit systems. Can output a hash of any length between 1 and 64 bytes. It also accepts an optional @personalization string@ which can create variants of the hash. This is useful for domain separation.Z-BotanNewly designed Russian national hash function. Due to use of input-dependent table lookups, it is vulnerable to side channels. There is no reason to use it unless compatibility is needed. Warning: The Streebog Sbox has recently been revealed to have a hidden structure which interacts with its linear layer in a way which may provide a backdoor when used in certain ways. Avoid Streebog if at all possible.Z-BotanA 512-bit hash function standardized by ISO and NESSIE. Relatively slow, and due to the table based implementation it is potentially vulnerable to cache based side channels.Z-BotanParallel simply concatenates multiple hash functions. For example @Parallel SHA256 SHA512 outputs a 256+512 bit hash created by hashing the input with both SHA256 and SHA512 and concatenating the outputs.Z-BotanThis combines two cryptographic hashes in such a way that preimage and collision attacks are provably at least as hard as a preimage or collision attack on the strongest hash.Z-BotanChecksums, not suitable for cryptographic use, but can be used for error checking purposes.Z-BotanPass Hash to FFI as  botan_hash_tZ-Botan Create a new  object.Z-Botan9Copies the state of the hash object to a new hash object.Z-BotanReset the state of Hash object back to clean, as if no input has been supplied.Z-Botan)Feed a chunk of input into a hash object.Z-BotanCompute hash value.Z-BotanTrun  to a   sink, update  by write bytes to the sink. import Z.Data.CBytes import Z.Data.Vector.Hex import Z.Botan.Hash import Z.IO -- | Calculate SHA256 and MD5 checksum for a file in one streaming pass. sha256AndMd5File :: CBytes -> IO (HexBytes, HexBytes) sha256AndMd5File f = withResource (sourceFromFile f) $ src -> do md5 <- newHash MD5 sha256 <- newHash SHA256 runBIO $ src . (joinSink (sinkToHash md5) (sinkToHash sha256)) h1 <- finalHash md5 h2 <- finalHash sha256 return (HexBytes h1, HexBytes h2) Z-Botan"Directly compute a message's hash.Z-Botan*Directly compute a chunked message's hash.. One Time PasswordsDong Han, AnJie Dong, 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?l$Z-BotanTOTP is based on the same algorithm as HOTP, but instead of a counter a timestamp is used.Z-BotanHOTP generates OTPs that are a short numeric sequence, between 6 and 8 digits (most applications use 6 digits), created using the HMAC of a 64-bit counter value. If the counter ever repeats the OTP will also repeat, thus both parties must assure the counter only increments and is never repeated or decremented. Thus both client and server must keep track of the next counter expected. Anyone with access to the client-specific secret key can authenticate as that client, so it should be treated with the same security consideration as would be given to any other symmetric key or plaintext password.Z-Botan.Generate a HOTP code for the provided counter.Z-BotanVerify a HOTP code.Z-Botan0Generate a TOTP code for the provided timestamp.Z-BotanVerify a TOTP code.Z-Botanthe HOTP objectZ-Botan HOTP counterZ-Botanthe HOTP objectZ-Botanthe presented HOTP codeZ-Botanthe HOTP counterZ-Botan resync rangeZ-Botanthe TOTP objectZ-Botanthe current local timestampZ-Botanthe TOTP objectZ-Botanthe presented OTPZ-Botan%timestamp the current local timestampZ-Botanspecifies the acceptable amount of clock drift (in terms of time steps) between the two hosts. Block Cipher and Cipher modesDong Han, 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?Z-BotanA Botan stream cipher.Z-Botancipher algo nameZ-Botancipher keyspecZ-Botana proper default IV length.Z-BotanIn contrast to block ciphers, stream ciphers operate on a plaintext stream instead of blocks. Thus encrypting data results in changing the internal state of the cipher and encryption of plaintext with arbitrary length is possible in one go (in byte amounts).Z-BotanA cipher mode that converts a block cipher into a stream cipher. It offers parallel execution and can seek within the output stream, both useful properties.Z-BotanAnother stream cipher based on a block cipher. Unlike CTR mode, it does not allow parallel execution or seeking within the output stream. Prefer CTR.Z-BotanA very fast cipher, now widely deployed in TLS as part of the ChaCha20Poly1305 AEAD. Can be used with 8 (fast but dangerous), 12 (balance), or 20 rounds (conservative). Even with 20 rounds, ChaCha is very fast. Use 20 rounds.Z-BotanAn earlier iteration of the ChaCha design, this cipher is popular due to its use in the libsodium library. Prefer ChaCha.Z-BotanThis is the SHAKE-128 XOF exposed as a stream cipher. It is slower than ChaCha and somewhat obscure. It does not support IVs or seeking within the cipher stream.Z-BotanAn old and very widely deployed stream cipher notable for its simplicity. It does not support IVs or seeking within the cipher stream. Warning: RC4 is now badly broken. Avoid in new code and use only if required for compatibility with existing systems.Z-BotanA Botan cipher.Z-Botancipher algo nameZ-Botancipher keyspecZ-Botan9AEAD tag length, will be 0 for non-authenticated ciphers.Z-Botana proper default nonce length.Z-BotanAll available cipher types.A block cipher by itself, is only able to securely encrypt a single data block. To be able to securely encrypt data of arbitrary length, a mode of operation applies the block cipher@s single block operation repeatedly to encrypt an entire message.Notes on the AEAD modes(CCM, ChaCha20Poly1305, EAX, GCM, OCB, SIV):AEAD (Authenticated Encryption with Associated Data) modes provide message encryption, message authentication, and the ability to authenticate additional data that is not included in the ciphertext (such as a sequence number or header).Z-BotanChaCha20Poly1305Unlike the other AEADs which are based on block ciphers, this mode is based on the ChaCha stream cipher and the Poly1305 authentication code. It is very fast on all modern platforms.ChaCha20Poly1305 supports 64-bit, 96-bit, and (since 2.8) 192-bit nonces. 64-bit nonces are the @classic@ ChaCha20Poly1305 design. 96-bit nonces are used by the IETF standard version of ChaCha20Poly1305. And 192-bit nonces is the XChaCha20Poly1305 construction, which is somewhat less common.For best interop use the IETF version with 96-bit nonces. However 96 bits is small enough that it can be dangerous to generate nonces randomly if more than ~ 2^32 messages are encrypted under a single key, since if a nonce is ever reused ChaCha20Poly1305 becomes insecure. It is better to use a counter for the nonce in this case.If you are encrypting many messages under a single key and cannot maintain a counter for the nonce, prefer XChaCha20Poly1305 since a 192 bit nonce is large enough that randomly chosen nonces are extremely unlikely to repeat.Z-BotanGCMNIST standard, commonly used. Requires a 128-bit block cipher. Fairly slow, unless hardware support for carryless multiplies is available.Default tag size is 16Z-Botantag sizeZ-BotanOCBA block cipher based AEAD. Supports 128-bit, 256-bit and 512-bit block ciphers. This mode is very fast and easily secured against side channels. Adoption has been poor because it is patented in the United States, though a license is available allowing it to be freely used by open source software.Default tag size is 16Z-Botantag sizeZ-BotanEAX A secure composition of CTR mode and CMAC. Supports 128-bit, 256-bit and 512-bit block ciphers."Default tag size is the block sizeZ-Botantag sizeZ-BotanSIVRequires a 128-bit block cipher. Unlike other AEADs, SIV is @misuse resistant@; if a nonce is repeated, SIV retains security, with the exception that if the same nonce is used to encrypt the same message multiple times, an attacker can detect the fact that the message was duplicated (this is simply because if both the nonce and the message are reused, SIV will output identical ciphertexts).Z-BotanCCMA composition of CTR mode and CBC-MAC. Requires a 128-bit block cipher. This is a NIST standard mode, but that is about all to recommend it. Prefer EAX.!Default tag size is 16 and L is 3Z-BotanCCM with custom tag sizeZ-BotanCFBCFB uses a block cipher to create a self-synchronizing stream cipher. It is used for example in the OpenPGP protocol. There is no reason to prefer it, as it has worse performance characteristics than modes such as CTR or CBC..The default feedback bits size are 8*blocksizeZ-Botanfeedback bits sizeZ-BotanXTSXTS is a mode specialized for encrypting disk or database storage where ciphertext expansion is not possible. XTS requires all inputs be at least one full block (16 bytes for AES), however for any acceptable input length, there is no ciphertext expansion.Z-BotanCBCCBC requires the plaintext be padded using a reversible rule. The following padding schemes are implementedPKCS#7 (RFC5652) The last byte in the padded block defines the padding length p, the remaining padding bytes are set to p as well.Z-BotanCBCOneAndZeros (ISO/IEC 7816-4) The first padding byte is set to 0x80, the remaining padding bytes are set to 0x00.Z-BotanCBCANSI X9.23 The last byte in the padded block defines the padding length, the remaining padding is filled with 0x00.Z-BotanCBC2ESP (RFC4303) Padding with 0x01, 0x02, 0x03...Z-BotanCTSThis scheme allows the ciphertext to have the same length as the plaintext, however using CTS requires the input be at least one full block plus one byte. It is also less commonly implemented.Z-BotanNo padding CBCOnly use this mode when input length is a multipler of cipher block size.Z-Botanminimum keylengthZ-Botanmaximum keylengthZ-Botankeylength moduloZ-BotanA Botan block cipher.In almost all cases, a bare block cipher is not what you should be using. You probably want an authenticated cipher mode instead (see ), This interface is used to build higher level operations (such as cipher modes or MACs), or in the very rare situation where ECB is required, eg for compatibility with an existing system.Z-Botanblock cipher algo nameZ-Botanblock cipher block sizeZ-Botanblock cipher keyspecZ-BotanAvailable Block CiphersBotan includes a number of block ciphers that are specific to particular countries, as well as a few that are included mostly due to their use in specific protocols such as PGP but not widely used elsewhere. If you are developing new code and have no particular opinion, use AES-256. If you desire an alternative to AES, consider Serpent, SHACAL2 or Threefish.Warning: Avoid any 64-bit block cipher in new designs. There are combinatoric issues that affect any 64-bit cipher that render it insecure when large amounts of data are processed.Z-BotanAESComes in three variants, AES-128, AES-192, and AES-256. The standard 128-bit block cipher. Many modern platforms offer hardware acceleration. However, on platforms without hardware support, AES implementations typically are vulnerable to side channel attacks. For x86 systems with SSSE3 but without AES-NI, Botan has an implementation which avoids known side channels.Z-BotanARIASouth Korean cipher used in industry there. No reason to use it otherwise.Z-BotanBlowfishA 64-bit cipher popular in the pre-AES era. Very slow key setup. Also used (with bcrypt) for password hashing.Z-BotanCamelliaComes in three variants, Camellia-128, Camellia-192, and Camellia-256. A Japanese design standardized by ISO, NESSIE and CRYPTREC. Rarely used outside of Japan.Z-BotanCascadeCreates a block cipher cascade, where each block is encrypted by two ciphers with independent keys. Useful if you're very paranoid. In practice any single good cipher (such as Serpent, SHACAL2, or AES-256) is more than sufficient.=Please set a key with size = max_key_size_A + max_key_size_B.Z-BotanCAST-128*A 64-bit cipher, commonly used in OpenPGP.Z-BotanCAST-256A 128-bit cipher that was a contestant in the NIST AES competition. Almost never used in practice. Prefer AES or Serpent. Warning: Support for CAST-256 is deprecated and will be removed in a future major release.Z-BotanDES, 3DES, DESXOriginally designed by IBM and NSA in the 1970s. Today, DES's 56-bit key renders it insecure to any well-resourced attacker. DESX and 3DES extend the key length, and are still thought to be secure, modulo the limitation of a 64-bit block. All are somewhat common in some industries such as finance. Avoid in new code. Warning: Support for DESX is deprecated and it will be removed in a future major release.Z-BotanIDEAAn older but still unbroken 64-bit cipher with a 128-bit key. Somewhat common due to its use in PGP. Avoid in new designs.Z-BotanKasumiA 64-bit cipher used in 3GPP mobile phone protocols. There is no reason to use it outside of this context. Warning: Support for Kasumi is deprecated and will be removed in a future major release.Z-BotanLionA "block cipher construction" which can encrypt blocks of nearly arbitrary length. Built from a stream cipher and a hash function. Useful in certain protocols where being able to encrypt large or arbitrary length blocks is necessary.Z-BotanMISTY1A 64-bit Japanese cipher standardized by NESSIE and ISO. Seemingly secure, but quite slow and saw little adoption. No reason to use it in new code. Warning: Support for MISTY1 is deprecated and will be removed in a future major release.Z-BotanNoekeonA fast 128-bit cipher by the designers of AES. Easily secured against side channels.Z-BotanSEEDA older South Korean cipher, widely used in industry there. No reason to choose it otherwise.Z-BotanSerpentAn AES contender. Widely considered the most conservative design. Fairly slow unless SIMD instructions are available.Z-BotanSHACAL2The 256-bit block cipher used inside SHA-256. Accepts up to a 512-bit key. Fast, especially when SIMD or SHA-2 acceleration instructions are available. Standardized by NESSIE but otherwise obscure.Z-BotanTwofishA 128-bit block cipher that was one of the AES finalists. Has a somewhat complicated key setup and a "kitchen sink" design.Z-BotanSM4A 128-bit Chinese national cipher, required for use in certain commercial applications in China. Quite slow. Probably no reason to use it outside of legal requirements.Z-Botan Threefish-512A 512-bit tweakable block cipher that was used in the Skein hash function. Very fast on 64-bit processors.Z-BotanXTEAA 64-bit cipher popular for its simple implementation. Avoid in new code.Z-BotanPass  to FFI as botan_block_cipher_t.Z-BotanCreate a new block cipher.Z-BotanSet the cipher key, which is required before encrypting or decrypting.Z-Botan>Clear the internal state (such as keys) of this cipher object.Z-BotanEncrypt blocks of data.&The key must have been set first with .Z-BotanDecrypt blocks of data.&The key must have been set first with .Z-BotanPass  to FFI as botan_cipher_t.Z-BotanCreate a new cipher.Z-Botan>Clear the internal state (such as keys) of this cipher object.Z-Botan"Set the key for this cipher objectZ-Botan Do the encryption or decryption.BE CAREFUL ON  handling! Some s will fail if " is reused or not randomly enough.Z-BotanCreate a new stream cipher.A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream. Since encryption of each digit is dependent on the current state of the cipher, it is also known as state cipher. In practice, a digit is typically a bit and the combining operation is an exclusive-or (XOR).Z-BotanSet the key for the  objectZ-BotanSet the initail vector for a .Z-Botan>Clear the internal state (such as keys) of this cipher object.Z-BotanSeek  's state to given offset.Z-BotanUpdate cipher with some data.Since stream ciphers work by XOR data, encryption and decryption are the same process.Z-BotanExport  's key stream for other usage.Z-BotanWrap a  into a   node(experimental).The cipher should have already started by setting key, iv, etc, for example to encrypt a file in constant memory using AES with CTR mode: import Z.Data.CBytes (CBytes) import Z.IO.BIO import Z.IO import Z.Crypto.Cipher -- | encryption and decryption are the same process. cipherFile :: CBytes -> CBytes -> IO () cipherFile origin target = do let demoKey = "12345678123456781234567812345678" iv = "demo only !!!!!!" cipher <- newStreamCipher (CTR_BE AES256) setStreamCipherKey cipher demoKey setStreamCipherIV cipher iv withResource (initSourceFromFile origin) $ \ src -> withResource (initSinkToFile target) $ \ sink -> runBIO_ $ src . streamCipherBIO cipher . sink Note that many cipher modes have a maximum length limit on the plaintext under a security context, i.e. a key nonce combination. If you want to encrypt a large message, please consider divide it into smaller chunks, and re-key or change the iv.Z-BotanTurn a  into a key stream source.Z-Botantag sizeZ-BotanLZ-Botanblocks of data, length must be equal to block_size * number_of_blocksZ-Botannumber of blocksZ-Botanblocks of data, length must be equal to block_size * number_of_blocksZ-Botannumber of blocksZ-BotannonceZ-BotaninputZ-Botan0associated data, ignored if not an AEAD or emptyZ-Botantrailing input, outputZ-Botaneach chunk sizeQRSQRS "Message Authentication Codes (MAC)YouShi, Dong Han, 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?QZ-Botan mac algo nameZ-Botanmac output size in bytesZ-BotanA modern CBC-MAC variant that avoids the security problems of plain CBC-MAC. Approved by NIST. Also sometimes called OMAC.Z-BotanGMAC is related to the GCM authenticated cipher mode. It is quite slow unless hardware support for carryless multiplications is available. A new nonce must be used with each message authenticated, or otherwise all security is lost.Z-BotanAn older authentication code based on a block cipher. Serious security problems, in particular insecure if messages of several different lengths are authenticated. Avoid unless required for compatibility.Z-BotanA message authentication code based on a hash function. Very commonly used.Z-BotanA polynomial mac (similar to GMAC). Very fast, but tricky to use safely. Forms part of the ChaCha20Poly1305 AEAD mode. A new key must be used for each message, or all security is lost.Z-BotanA modern and very fast PRF. Produces only a 64-bit output. Defaults to @SipHash(2,4)@ which is the recommended configuration, using 2 rounds for each input block and 4 rounds for finalization.Z-BotanA CBC-MAC variant sometimes used in finance. Always uses DES. Sometimes called the @DES retail MAC@, also standardized in ISO 9797-1. It is slow and has known attacks. Avoid unless required.Z-BotanPass MAC to FFI as  botan_mac_t.Z-Botan Create a new  object.Z-BotanSet the random key.Z-BotanFeed a chunk of input into a  object.Z-BotanReset the state of MAC object back to clean, as if no input has been supplied.Z-BotanTrun  to a   sink, update  by write bytes to the sink.Z-Botan Directly compute a message's macZ-Botan)Directly compute a chunked message's mac.Z-BotankeyZ-BotaninputKey Derivation Functions-Dong Han, 2021 AnJie Dong, 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?PZ-BotanOften one needs to convert a human readable password into a cryptographic key. It is useful to slow down the computation of these computations in order to reduce the speed of brute force search, thus they are parameterized in some way which allows their required computation to be tuned.Z-Botaniterations ^ PBKDF2 is the @standard@ password derivation scheme, widely implemented in many different libraries.Z-BotanN, r, p ^ Scrypt is a relatively newer design which is @memory hard@, in addition to requiring large amounts of CPU power it uses a large block of memory to compute the hash. This makes brute force attacks using ASICs substantially more expensive.Z-Botaniterations, memory, parallelism ^ Argon2 is the winner of the PHC (Password Hashing Competition) and provides a tunable memory hard PBKDF.Z-Botaniterations, memory, parallelismZ-Botaniterations, memory, parallelismZ-Botan iterationsZ-Botaniterations ^ The OpenPGP algorithm is weak and strange, and should be avoided unless implementing OpenPGP.Z-BotanKey derivation functions are used to turn some amount of shared secret material into uniform random keys suitable for use with symmetric algorithms. An example of an input which is useful for a KDF is a shared secret created using Diffie-Hellman key agreement.Z-BotanDefined in RFC 5869, HKDF uses HMAC to process inputs. Also available are variants HKDF-Extract and HKDF-Expand. HKDF is the combined Extract+Expand operation. Use the combined HKDF unless you need compatibility with some other system.Z-Botan3KDF2 comes from IEEE 1363. It uses a hash function.Z-BotanKDF1 from ISO 18033-2. Very similar to (but incompatible with) KDF2.Z-BotanKDF1 from IEEE 1363. It can only produce an output at most the length of the hash function used.Z-Botan9A KDF from ANSI X9.42. Sometimes used for Diffie-Hellman.Z-BotanKDFs from NIST SP 800-108. Variants include @SP800-108-Counter@, @SP800-108-Feedback@ and @SP800-108-Pipeline@.Z-Botan'NIST SP 800-56A KDF using hash functionZ-BotanNIST SP 800-56A KDF using HMACZ-BotanNIST SP 800-56C KDF using HMACZ-Botan+Derive a key using the given KDF algorithm.Z-BotanDerive a key using the given KDF algorithm, with default empty salt and label.Z-BotanDerive a key from a passphrase for a number of iterations using the given PBKDF algorithm and params.Z-BotanDerive a key from a passphrase using the given PBKDF algorithm, the iteration params are ignored and PBKDF is run until given milliseconds have passed.Z-Botan%the name of the given PBKDF algorithmZ-Botanlength of output keyZ-BotansecretZ-BotansaltZ-BotanlabelZ-Botan%the name of the given PBKDF algorithmZ-Botanlength of output keyZ-BotansecretZ-BotanPBKDF algorithm typeZ-Botanlength of output keyZ-Botan passphraseZ-BotansaltZ-Botan%the name of the given PBKDF algorithmZ-Botan"run until milliseconds have passwdZ-Botanlength of output keyZ-Botan passphraseZ-BotansaltPublic Key Cryptography-Dong Han, 2021 AnJie Dong, 2021BSDwinterland1989@gmail.com experimental non-portableNone.  #$&'(-./289:<>?Z-BotanKey agreement object.Z-Botansize of the agreed keyZ-Botanoutput signature lengthZ-BotanSignature params.Currently available values for EMSA include EMSA1, EMSA2, EMSA3, EMSA4, and Raw. All of them, except Raw, take a parameter naming a message digest function to hash the message with. The Raw encoding signs the input directly; if the message is too big, the signing operation will fail. Raw is not useful except in very specialized applications. For RSA, use EMSA4 (also called PSS) unless you need compatibility with software that uses the older PKCS #1 v1.5 standard, in which case use EMSA3 (also called @EMSA-PKCS1-v1_5@). For DSA, ECDSA, ECKCDSA, ECGDSA and GOST 34.10-2001 you should use EMSA1.Z-Botanhash, salt sizeZ-Botanhash, salt sizeZ-Botanhash, implicit, salt sizeZ-Botanhash, implicitZ-Botan pure Ed25519Z-Botanrfc8032 HashEdDSA variantZ-Botan HashEdDSAZ-Botan'userid, hash(GM/T 0009-2012 specifies "1234567812345678" as the default userid)Z-BotanXMSS do not need paramZ-Botan,Sets of allowed params for public key types."The recommended values for eme is  EME1_SHA1 or  EME1_SHA256. If you need compatibility with protocols using the PKCS #1 v1.5 standard, you can also use  EME_PKCS1_v15'.To use SM2 encryption, use .Z-Botan hash, labelZ-Botanhash, mask gen hash, labalZ-BotanA newtype wrapper.Z-Botan2An opaque data type for a private-public key pair.Z-BotanDiscrete Logarithm GroupZ-BotanAn elliptic curve.Z-BotanA type wrapper.Z-Botan#Public key cryptography algorithms.Z-BotanRSA key of the given size, namely n bits, support encryption and signature.Z-BotanPublic key algorithms specified by China, support encryption and signature.Z-Botan.ElGamal encryption system, support encryption.Z-BotanDigital Signature Algorithm based on the discrete logarithm problem.Z-BotanDigital Signature Algorithm which uses elliptic curve cryptography.Z-Botan5Korean Certificate-based Digital Signature Algorithm.Z-Botan2Elliptic Curve German Digital Signature Algorithm.Z-BotanCryptographic algorithms defined by the Russian national standards, support signature.Z-Botan'Ed25519 elliptic-curve signatures, see  https://ed25519.cr.yp.to/ed25519.Z-Botan&eXtended Merkle Signature Scheme, see  xmsshttps://botan.randombit.net/handbook/api_ref/pubkey.html#extended-merkle-signature-scheme-xmss.Z-Botan The Diffie@Hellman key exchange.Z-Botan/The Elliptic-curve Diffie@Hellman key exchange.Z-Botan+The Curve25519 Diffie@Hellman key exchange.Z-BotanPass  to FFI.Z-BotanCreating a new key pair.Z-BotanCreating a private key.+Creating a private key requires two things:a source of random numberssome algorithm specific arguments that define the security level of the resulting key.Z-BotanLoad a private key. If the key is encrypted, password will be used to attempt decryption.Z-Botan(Get the algorithm name of a private key.Z-Botan*Export a private key in DER binary format.Z-Botan+Export a private key in PEM textual format.Z-Botan#Export a private key with password.Z-Botan9Export a private key with password in PEM textual format.Z-Botan*Export a public key from a given key pair.Z-Botan:Read an algorithm specific field from the key pair object.Z-BotanUnsafe construct a  from a botan struct.Z-BotanPass  to FFI.Z-BotanLoad a publickey.Z-Botan*Export a public key in DER binary format..Z-Botan*Export a public key in PEM textual format.Z-Botan'Get the algorithm name of a public key.Z-Botan&Estimate the strength of a public key.Z-BotanFingerprint a given publickey.Z-Botan?!Z-BotanAn opaque newtype wrapper for an X.509 Certificate Store based on botan's FlatFile_Certificate_Store.Z-BotanAn opaque newtype wrapper for an X.509 Certificate Revocation Lists.It will occasionally happen that a certificate must be revoked before its expiration date. Examples of this happening include the private key being compromised, or the user to which it has been assigned leaving an organization. Certificate revocation lists are an answer to this problem (though online certificate validation techniques are starting to become somewhat more popular). Every once in a while the CA will release a new CRL, listing all certificates that have been revoked. Also included is various pieces of information like what time a particular certificate was revoked, and for what reason. In most systems, it is wise to support some form of certificate revocation, and CRLs handle this easily.Z-Botan3An opaque newtype wrapper for an X.509 certificate.A certificate is a binding between some identifying information (called a subject) and a public key. This binding is asserted by a signature on the certificate, which is placed there by some authority (the issuer) that at least claims that it knows the subject named in the certificate really @owns@ the private key corresponding to the public key in the certificate.The major certificate format in use today is X.509v3, used for instance in the Transport Layer Security (TLS) protocol. A X.509 certificate is represented by the type .Z-BotanUse  as a  botan_cert_t.Z-Botan6Load a certificate from the DER or PEM representation.Z-BotanLoad a certificate from a file.Z-Botan8Create a new object that refers to the same certificate.Z-Botan4Return the time the certificate becomes valid, as a   in form @YYYYMMDDHHMMSSZ@ where Z is a literal character reflecting that this time is relative to UTC.Z-Botan.Return the time the certificate expires, as a   in form @YYYYMMDDHHMMSSZ@ where Z is a literal character reflecting that this time is relative to UTC.Z-BotanReturn the time the certificate becomes valid, as seconds since epoch.Z-Botan.Return the time the certificate becomes valid.Z-Botan,Return the time the certificate expires, as  .Z-Botan,Return the time the certificate expires, as  .Z-Botan+Return the finger print of the certificate.Z-Botan,Return the serial number of the certificate.Z-BotanReturn the authority key ID set in the certificate, which may be empty.Z-BotanReturn the subject key ID set in the certificate, which may be empty.Z-BotanGet the serialized representation of the public key included in this certificate.Z-Botan0Get the public key included in this certificate.Z-BotanGet a value from the issuer DN field, throw exception if not exists.Z-BotanGet a value from the subject DN field, throw exception if not exists.Z-Botan-Format the certificate as a free-form string.Z-BotanChange cert's P.Z-BotanCertificate path validation supporting Certificate Revocation Lists.Verify a certificate. Returns  = if validation was successful, 'Just reason' if unsuccessful.Z-BotanCertificate path validation supporting Certificate Revocation Lists with a .Verify a certificate. Returns  = if validation was successful, 'Just reason' if unsuccessful.Z-BotanUse  as a  botan_crl_t.Z-Botan.Load a CRL from the DER or PEM representation.Z-BotanLoad a CRL from a file.Z-BotanCheck whether a given crl contains a given cert. Return True when the certificate is revoked, False otherwise.Z-BotanUse  as a botan_x509_certstore_t.Z-BotanLoad a CertStore from a file.Z-BotanThe built-in mozilla CA .0This is a certstore extracted from Mozilla, see  #https://curl.se/docs/caextract.html.Z-BotanThe CA  on your system.Z-BotankeyZ-BotanindexZ-BotankeyZ-BotanindexZ-Botan"Intermediate certificates, set to [] if not needed.Z-BotanTrusted certificates, set to [] if not needed.Z-BotanSet required strength to indicate the minimum key and hash strength that is allowed, set to zero to use default(110).Z-Botan Hostname.Z-BotanSet reference time(seconds since epoch) to be the time which the certificate chain is validated against. Use zero to use the current system clock.Z-BotanThe certificate to be verified.Z-Botan"Intermediate certificates, set to [] if not needed.Z-BotanTrusted certificates, set to [] if not needed.Z-Botan%Certificate Revocation Lists, set to [] if not needed.Z-BotanSet required strength to indicate the minimum key and hash strength that is allowed, set to zero to use default(110).Z-Botan Hostname.Z-BotanSet reference time(seconds since epoch) to be the time which the certificate chain is validated against. Use zero to use the current system clock.Z-BotanThe certificate to be verified.Z-Botan"Intermediate certificates, set to [] if not needed.Z-BotanTrusted certificates in Z-Botan%Certificate Revocation Lists, set to [] if not needed.Z-BotanSet required strength to indicate the minimum key and hash strength that is allowed, set to zero to use default(110).Z-Botan Hostname.Z-BotanSet reference time(seconds since epoch) to be the time which the certificate chain is validated against. Use zero to use the current system clock.Z-BotanThe certificate to be verified.-P-P  !"#$$%%&&''(())**++,,--..//0011223456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                                                                                                                                                                                                                                                           &Z-Botan-0.4.0.0-Cymuol1BxyD6d85e6LsrR5 Z.Botan.ErrnoZ.Botan.Exception Z.Botan.FFI Z.Crypto.RNG Z.Crypto.MPI Z.Crypto.FPEZ.Crypto.SafeMemZ.Crypto.PwdHashZ.Crypto.KeyWrap Z.Crypto.Hash Z.Crypto.OTPZ.Crypto.Cipher Z.Crypto.MAC Z.Crypto.KDFZ.Crypto.PubKey Z.Crypto.X509 Paths_Z_BotanZ.CryptoPubKeyKeyWrapBOTAN_FFI_ERROR_UNKNOWN_ERRORBOTAN_FFI_ERROR_INVALID_OBJECTBOTAN_FFI_ERROR_NOT_IMPLEMENTED"BOTAN_FFI_ERROR_INVALID_KEY_LENGTHBOTAN_FFI_ERROR_KEY_NOT_SETBOTAN_FFI_ERROR_BAD_PARAMETERBOTAN_FFI_ERROR_NULL_POINTERBOTAN_FFI_ERROR_BAD_FLAGBOTAN_FFI_ERROR_OUT_OF_MEMORY BOTAN_FFI_ERROR_EXCEPTION_THROWN)BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACEBOTAN_FFI_ERROR_BAD_MACBOTAN_FFI_ERROR_INVALID_INPUTBOTAN_FFI_INVALID_VERIFIERBOTAN_FFI_SUCCESS UnknownError InvalidObjectNotImplementedInvalidKeyLength KeyNotSet BadParameter NullPointerBadFlag OutOfMemoryExceptionThrownInsufficientBufferSpaceBadMac InvalidInputInvalidVerifierSomeBotanExceptionbotanExceptionToExceptionbotanExceptionFromExceptionthrowBotanIfMinusthrowBotanIfMinus_throwBotanError$fExceptionSomeBotanException$fShowSomeBotanException$fExceptionInvalidVerifier$fExceptionInvalidInput$fExceptionBadMac"$fExceptionInsufficientBufferSpace$fExceptionExceptionThrown$fExceptionOutOfMemory$fExceptionBadFlag$fExceptionNullPointer$fExceptionBadParameter$fExceptionKeyNotSet$fExceptionInvalidKeyLength$fExceptionNotImplemented$fExceptionInvalidObject$fExceptionUnknownError$fShowUnknownError$fShowInvalidObject$fShowNotImplemented$fShowInvalidKeyLength$fShowKeyNotSet$fShowBadParameter$fShowNullPointer $fShowBadFlag$fShowOutOfMemory$fShowExceptionThrown$fShowInsufficientBufferSpace $fShowBadMac$fShowInvalidInput$fShowInvalidVerifierKeyUsageConstraintCipherDirection CipherEncrypt CipherDecrypt BotanStructT BotanStructbotan_fpe_destroyhs_botan_fpe_decrypths_botan_fpe_encrypths_botan_fpe_fe1_initbotan_totp_checkbotan_totp_generatebotan_totp_destroyhs_botan_totp_initbotan_hotp_checkbotan_hotp_generatebotan_hotp_destroyhs_botan_hotp_iniths_botan_key_unwrap3394botan_key_wrap3394botan_x509_certstore_destroy botan_x509_certstore_load_systembotan_x509_certstore_load_filebotan_x509_is_revokedbotan_x509_crl_destroybotan_x509_crl_load_filehs_botan_x509_crl_load!botan_x509_cert_validation_status,hs_botan_x509_cert_verify_with_certstore_crl"hs_botan_x509_cert_verify_with_crlhs_botan_x509_cert_verifybotan_x509_cert_allowed_usagebotan_x509_cert_to_stringbotan_x509_cert_get_subject_dnbotan_x509_cert_get_issuer_dnbotan_x509_cert_get_public_key#botan_x509_cert_get_public_key_bits"botan_x509_cert_get_subject_key_id$botan_x509_cert_get_authority_key_id!botan_x509_cert_get_serial_numberbotan_x509_cert_get_fingerprintbotan_x509_cert_not_afterbotan_x509_cert_not_before botan_x509_cert_get_time_expiresbotan_x509_cert_get_time_startsbotan_x509_cert_dupbotan_x509_cert_load_filehs_botan_x509_cert_loadbotan_x509_cert_destroyhs_botan_pk_op_key_agreementbotan_pk_op_key_agreement_size'botan_pk_op_key_agreement_export_public!botan_pk_op_key_agreement_destroy botan_pk_op_key_agreement_createhs_botan_pk_op_verify_finishhs_botan_pk_op_verify_updatebotan_pk_op_verify_destroybotan_pk_op_verify_createbotan_pk_op_sign_destroybotan_pk_op_sign_finishhs_botan_pk_op_sign_updatebotan_pk_op_sign_output_lengthbotan_pk_op_sign_createhs_botan_pk_op_decrypt!botan_pk_op_decrypt_output_lengthbotan_pk_op_decrypt_destroybotan_pk_op_decrypt_createhs_botan_pk_op_encrypt!botan_pk_op_encrypt_output_lengthbotan_pk_op_encrypt_destroybotan_pk_op_encrypt_createbotan_pubkey_load_dhbotan_privkey_load_dhbotan_pubkey_load_elgamalbotan_privkey_load_elgamalbotan_pubkey_load_dsabotan_privkey_load_dsabotan_pubkey_load_rsabotan_privkey_load_rsabotan_pubkey_get_fieldbotan_pubkey_destroybotan_pubkey_fingerprintbotan_pubkey_estimated_strengthbotan_pubkey_algo_namebotan_privkey_algo_namebotan_pubkey_exporths_botan_pubkey_loadbotan_privkey_destroybotan_privkey_get_fieldbotan_privkey_export_pubkeybotan_privkey_export_encryptedbotan_privkey_exporths_botan_privkey_loadbotan_privkey_createhs_botan_mac_get_keyspechs_botan_mac_namehs_botan_mac_clearhs_botan_mac_updatebotan_mac_set_keybotan_mac_finalbotan_mac_output_lengthbotan_mac_destroybotan_mac_iniths_botan_bcrypt_is_validbotan_bcrypt_generate hs_botan_kdfhs_botan_pwdhash_timed_safehs_botan_pwdhash_timedhs_botan_pwdhash)botan_stream_cipher_get_default_iv_length#botan_stream_cipher_valid_iv_length#botan_stream_cipher_write_keystreamhs_botan_stream_cipher_cipherhs_botan_stream_cipher_set_ivbotan_stream_cipher_set_keybotan_stream_cipher_get_keyspecbotan_stream_cipher_clearbotan_stream_cipher_seekbotan_stream_cipher_destroybotan_stream_cipher_iniths_botan_cipher_output_sizebotan_cipher_get_tag_length%botan_cipher_get_default_nonce_lengthbotan_cipher_valid_nonce_length#hs_botan_cipher_set_associated_datahs_botan_cipher_finishhs_botan_cipher_startbotan_cipher_set_keybotan_cipher_get_keyspecbotan_cipher_clearbotan_cipher_destroybotan_cipher_initbotan_hash_finalhs_botan_hash_updatebotan_hash_output_lengthbotan_hash_clearbotan_hash_copy_statebotan_hash_destroybotan_hash_init$hs_botan_block_cipher_decrypt_blocks$hs_botan_block_cipher_encrypt_blocksbotan_block_cipher_set_keybotan_block_cipher_clearbotan_block_cipher_get_keyspecbotan_block_cipher_block_sizebotan_block_cipher_destroybotan_block_cipher_initbotan_mp_clear_bitbotan_mp_set_bitbotan_mp_get_bitbotan_mp_is_prime botan_mp_gcdbotan_mp_rand_rangebotan_mp_rand_bitsbotan_mp_mod_inversebotan_mp_rshiftbotan_mp_lshiftbotan_mp_powmod botan_mp_swap botan_mp_cmpbotan_mp_to_uint32botan_mp_is_negativebotan_mp_is_positivebotan_mp_is_evenbotan_mp_is_oddbotan_mp_is_zerobotan_mp_equalbotan_mp_mod_mul botan_mp_div botan_mp_mul botan_mp_sub botan_mp_addbotan_mp_flip_signhs_botan_mp_from_binhs_botan_mp_to_binhs_botan_mp_set_from_dechs_botan_mp_set_from_hexhs_botan_mp_to_dechs_botan_mp_to_hexbotan_mp_num_bitsbotan_mp_num_bytesbotan_mp_set_from_mpbotan_mp_set_from_intbotan_mp_destroy botan_mp_iniths_botan_rng_add_entropybotan_rng_reseed_from_rngbotan_rng_reseed botan_rng_getbotan_rng_destroybotan_rng_initbotan_constant_time_comparebotan_constant_time_compare_bahs_botan_deallocate_memoryhs_botan_deallocate_memory_phs_botan_allocate_memory DECIPHER_ONLY ENCIPHER_ONLYCRL_SIGN KEY_CERT_SIGN KEY_AGREEMENTDATA_ENCIPHERMENTKEY_ENCIPHERMENTNON_REPUDIATIONDIGITAL_SIGNATURENO_CONSTRAINTSallocBotanBufferUTF8UnsafeallocBotanBufferUnsafewithBotanStructnewBotanStructnewBotanStruct'cipherDirectionToFlag$fShowCipherDirection$fEqCipherDirection$fOrdCipherDirection$fGenericCipherDirection$fPrintCipherDirection$fJSONCipherDirectionRNGRNGType SystemRNG AutoSeededRNG ProcessorRNGnewRNGwithRNGgetRNG getRandom reseedRNGreseedRNGFromRNG addEntropyRNG $fShowRNG $fGenericRNG $fPrintRNG $fShowRNGType $fEqRNGType $fOrdRNGType$fGenericRNGType$fPrintRNGType $fJSONRNGTypeMPInewMPInewMPI'copyMPIwithMPI unsafeWithMPI unsafeNewMPI unsafeNewMPI'byteSizebitSizefromCInttoWord32 toDecimal fromDecimaltoHexfromHex isNegativeisZeroisOddisEvenmulModpowMod modInverserandBits randRangegcdisPrim $fPrintMPI $fShowMPI $fBitsMPI $fIntegralMPI $fJSONMPI $fEnumMPI $fRealMPI$fNumMPI$fOrdMPI$fEqMPIFPEnewFPE encryptFPE decryptFPE $fShowFPE $fGenericFPE $fPrintFPESecretCEBytesNonceInvalidPasswordException PasswordContainsControlCharacterPassword mkPasswordmkPasswordMaybe passwordSizepasswordToTextwithPasswordUnsafewithPasswordSaferand96bitNoncerand128bitNoncerand192bitNonce cnt32bitNonce cnt64bitNonce ceBytesSizeceBytesBitSizenewCEBytesUnsafenewCEBytesSafeceBytes unCEBytes secretSize secretBitSizeunsafeSecretFromBytesunsafeSecretToBytes newSecret withSecret$fIsStringPassword$fPrintPassword$fShowPassword#$fExceptionInvalidPasswordException$fPrintCEBytes $fShowCEBytes $fEqCEBytes $fEqSecret$fIsStringSecret $fPrintSecret $fShowSecret$fShowInvalidPasswordException genBcrypt validBcryptkeyWrap keyUnwrapHashhashNamehashSizeHashTypeBLAKE2b BLAKE2b256 BLAKE2b512Keccak1600_224Keccak1600_256Keccak1600_384Keccak1600_512MD4MD5 RIPEMD160SHA160SHA256SHA224SHA512SHA384 SHA512_256SHA3_224SHA3_256SHA3_384SHA3_512SHAKE128SHAKE256SM3Skein512 Streebog256 Streebog512 WhirlpoolParallelComb4PAdler32CRC24CRC32hashTypeToCByteswithHashnewHashcopyHash clearHash updateHash finalHash sinkToHashhash hashChunks $fShowHash $fGenericHash $fPrintHash$fShowHashType$fReadHashType $fEqHashType $fOrdHashType$fGenericHashType$fPrintHashType$fJSONHashTypeTOTP OTPDigitLenOTPAlgoHOTP OTP_DIGIT_8 OTP_DIGIT_7 OTP_DIGIT_6 OTP_SHA512 OTP_SHA256OTP_SHA1newHOTPgenHOTP checkHOTPnewTOTPgenTOTP checkTOTP $fShowTOTP $fGenericTOTP $fPrintTOTP $fShowHOTP $fGenericHOTP $fPrintHOTP StreamCipherstreamCipherNamestreamCipherKeySpecdefaultIVLengthStreamCipherTypeCTR_BEOFBChaCha8ChaCha12ChaCha20Salsa20 SHAKE128'RC4Cipher cipherName cipherKeySpeccipherTagLengthdefaultNonceLength CipherModeChaCha20Poly1305GCMGCM'OCBOCB'EAXEAX'SIVCCMCCM'CFBCFB'XTS CBC_PKCS7CBC_OneAndZeros CBC_X9'23CBC_ESPCBC_CTS CBC_NoPaddingKeySpec keyLenMin keyLenMax keyLenMod BlockCipherblockCipherNameblockCipherSizeblockCipherKeySpecBlockCipherTypeAES128AES192AES256ARIA128ARIA192ARIA256Blowfish Camellia128 Camellia192 Camellia256CascadeCAST128CAST256DESDESX TripleDESIDEAKASUMILionMISTY1NoekeonSEEDSerpentSHACAL2TwofishSM4 Threefish512XTEAblockCipherTypeToCByteswithBlockCiphernewBlockCiphersetBlockCipherKeyclearBlockCipher encryptBlocks decryptBlocks withCipher newCipher clearCipher setCipherKey runCipherwithStreamCiphernewStreamCiphersetStreamCipherKeysetStreamCipherIVclearStreamCipherseekStreamCipherrunStreamCipherstreamCipherKeyStreamstreamCipherBIOkeyStreamSource$fShowStreamCipher$fGenericStreamCipher$fPrintStreamCipher$fShowCipherMode$fReadCipherMode$fEqCipherMode$fOrdCipherMode$fGenericCipherMode$fPrintCipherMode$fJSONCipherMode$fShowStreamCipherType$fReadStreamCipherType$fEqStreamCipherType$fOrdStreamCipherType$fGenericStreamCipherType$fPrintStreamCipherType$fJSONStreamCipherType$fShowBlockCipherType$fReadBlockCipherType$fEqBlockCipherType$fOrdBlockCipherType$fGenericBlockCipherType$fPrintBlockCipherType$fJSONBlockCipherType $fShowCipher$fGenericCipher $fPrintCipher$fShowBlockCipher$fGenericBlockCipher$fPrintBlockCipher $fEqKeySpec $fOrdKeySpec $fShowKeySpec$fGenericKeySpec$fPrintKeySpecMACmacNamemacSizeMACTypeCMACGMACCBC_MACHMACPoly1305SipHash X9'19_MACmacTypeToCByteswithMACnewMAC setKeyMAC updateMACfinalMACclearMAC sinkToMACmac macChunks $fShowMAC $fGenericMAC $fPrintMAC $fShowMACType $fReadMACType $fEqMACType $fOrdMACType$fGenericMACType$fPrintMACType $fJSONMACType PBKDFTypePBKDF2ScryptArgon2dArgon2iArgon2idBcrypt OpenPGP_S2KKDFTypeHKDF HKDF_Extract HKDF_ExpandKDF2 KDF1_18033KDF1TLS_PRF TLS_12_PRFSP800_108_CounterSP800_108_FeedbackSP800_108_Pipeline SP800_56AHash SP800_56AMAC SP800_56CkdfTypeToCByteskdfkdf'pbkdfTypeToParampbkdf pbkdfTimed $fShowKDFType $fReadKDFType $fEqKDFType $fOrdKDFType$fGenericKDFType$fPrintKDFType $fJSONKDFType KeyAgreementkeyAgreementSizeVerifierSigner signerSizeSignFmt DER_SEQUENCE IEEE_1363 SignParamEMSA1EMSA2 EMSA3_RAWEMSA3 EMSA4_RawEMSA4 ISO_9796_DS2 ISO_9796_DS3EMSA_Raw Ed25519Pure Ed25519ph Ed25519Hash SM2SignParamXMSSEmptyParamEncParamEME_RAWEME_PKCS1_v1'5EME_OAEP EME_OAEP' SM2EncParamPrivKeyDLGroupECGroupXMSSTypeKeyTypeRSASM2ElGamalDSAECDSAECKCDSAECGDSA GOST_34'10Ed25519XMSSDHECDH Curve25519DSA_BOTAN_3072DSA_BOTAN_2048 DSA_JCE_1024 MODP_SRP_8192 MODP_SRP_6144 MODP_SRP_4096 MODP_SRP_3072 MODP_SRP_2048 MODP_SRP_1536 MODP_SRP_1024MODP_IETF_8192MODP_IETF_6144MODP_IETF_4096MODP_IETF_3072MODP_IETF_2048MODP_IETF_1536MODP_IETF_1024FFDHE_IETF_8192FFDHE_IETF_6144FFDHE_IETF_4096FFDHE_IETF_3072FFDHE_IETF_2048 Sm2p256v1Frp256v1 Gost_512A Gost_256A X962_p239v3 X962_p239v2 X962_p239v1 X962_p192v3 X962_p192v2Brainpool512r1Brainpool384r1Brainpool320r1Brainpool256r1Brainpool224r1Brainpool192r1Brainpool160r1 Secp521r1 Secp384r1 Secp256r1 Secp256k1 Secp224r1 Secp224k1 Secp192r1 Secp192k1 Secp160r2 Secp160r1 Secp160k1XMSS_SHAKE_20_512XMSS_SHAKE_16_512XMSS_SHAKE_10_512XMSS_SHAKE_20_256XMSS_SHAKE_16_256XMSS_SHAKE_10_256XMSS_SHA2_20_512XMSS_SHA2_16_512XMSS_SHA2_10_512XMSS_SHA2_20_256XMSS_SHA2_16_256XMSS_SHA2_10_256 withPrivKey newKeyPair newPrivKey loadPrivKeyprivKeyAlgoNameexportPrivKeyDERexportPrivKeyPEMexportPrivKeyEncryptedDERexportPrivKeyEncryptedPEMprivKeyToPubKey privKeyParambotanStructToPubKey withPubKey loadPubKeyexportPubKeyDERexportPubKeyPEMpubKeyAlgoName estStrengthfingerPrintPubKey pubKeyParam getRSAParamsgetRSAPubParams newRSAPrivKey newRSAPubKeygetDSAPrivParams newDSAPrivKeygetDSAPubParams newDSAPubKeygetElGamalPrivParamsnewElGamalPrivKeygetElGamalPubParamsnewElGamalPubKeygetDHPrivParams newDHPrivKeygetDHPubParams newDHPubKey pkEncrypt pkDecrypt newSigner updateSigner finalSigner sinkToSignersign signChunks newVerifierupdateVerifier finalVerifiersinkToVerifierverify verifyChunksnewKeyAgreementexportKeyAgreementPublickeyAgree$fShowKeyAgreement$fGenericKeyAgreement$fPrintKeyAgreement$fShowVerifier$fGenericVerifier$fPrintVerifier $fShowSigner$fGenericSigner $fPrintSigner $fEqSignFmt $fOrdSignFmt $fShowSignFmt $fEnumSignFmt$fGenericSignFmt$fPrintSignFmt$fShowSignParam$fReadSignParam $fEqSignParam$fOrdSignParam$fGenericSignParam$fPrintSignParam$fJSONSignParam $fShowPubKey $fEqPubKey $fOrdPubKey$fGenericPubKey $fPrintPubKey $fShowPrivKey$fGenericPrivKey$fPrintPrivKey CertStoreCRLCertwithCertloadCert loadCertFiledupCert certStartTextcertExpireText certStart certStart' certExpire certExpire'certFingerPrint certSerialcertIDAuthority certIDSubject certPubBits certPubKey certDNIssuer certDNSubject certToText certUsage verifyCert verifyCertCRLverifyCertCRL'withCRLloadCRL loadCRLFile isRevokedX509 withCertStoreloadCertStoreFilemozillaCertStoresystemCertStore$fShowCertStore$fGenericCertStore$fPrintCertStore $fShowCRL $fGenericCRL $fPrintCRL $fShowCert $fGenericCert $fPrintCertversion getBinDir getLibDir getDynLibDir getDataDir getLibexecDir getSysconfDirgetDataFileNamebaseGHC.BaseassertGHC.Stack.Types CallStackGHC.IO.ExceptionArrayExceptionUndefinedElementIndexOutOfBounds#Z-IO-0.8.1.0-4Kzew1Lb9vj1hED4qlFngsZ.IO.Exception throwUVErrorthrowUV ignoreSync catchSyncunwrap'unwrapthrowOtherErrorthrowECLOSEDSTM throwECLOSED throwUVIf_ throwUVIfthrowUVIfMinus_throwUVIfMinusthrowOOMIfNullioExceptionFromExceptionioExceptionToExceptionSomeIOException AlreadyExists NoSuchThing ResourceBusyResourceExhausted UnexpectedEOFIllegalOperationPermissionDeniedUnsatisfiedConstraints SystemError ProtocolError OtherErrorInvalidArgumentInappropriateType HardwareFaultUnsupportedOperation TimeExpiredResourceVanished InterruptedIOEInfo ioeCallStackioeNameioeDescription Z.IO.UV.Errno uvErrName uvStdErrorUV_E2BIG UV_EACCES UV_EADDRINUSEUV_EADDRNOTAVAILUV_EAFNOSUPPORT UV_EAGAINUV_EAI_ADDRFAMILY UV_EAI_AGAINUV_EAI_BADFLAGSUV_EAI_BADHINTSUV_EAI_CANCELED UV_EAI_FAIL UV_EAI_FAMILY UV_EAI_MEMORY UV_EAI_NODATA UV_EAI_NONAMEUV_EAI_OVERFLOWUV_EAI_PROTOCOLUV_EAI_SERVICEUV_EAI_SOCKTYPE UV_EALREADYUV_EBADFUV_EBUSY UV_ECANCELED UV_ECHARSETUV_ECONNABORTEDUV_ECONNREFUSED UV_ECONNRESETUV_EDESTADDRREQ UV_EEXIST UV_EFAULTUV_EFBIGUV_EHOSTUNREACHUV_EINTR UV_EINVALUV_EIO UV_EISCONN UV_EISDIRUV_ELOOP UV_EMFILE UV_EMSGSIZEUV_ENAMETOOLONG UV_ENETDOWNUV_ENETUNREACH UV_ENFILE UV_ENOBUFS UV_ENODEV UV_ENOENT UV_ENOMEM UV_ENONETUV_ENOPROTOOPT UV_ENOSPC UV_ENOSYS UV_ENOTCONN UV_ENOTDIR UV_ENOTEMPTY UV_ENOTSOCK UV_ENOTSUPUV_EPERMUV_EPIPE UV_EPROTOUV_EPROTONOSUPPORT UV_EPROTOTYPE UV_ERANGEUV_EROFS UV_ESHUTDOWN UV_ESPIPEUV_ESRCH UV_ETIMEDOUT UV_ETXTBSYUV_EXDEV UV_UNKNOWNUV_EOFUV_ENXIO UV_EMLINK uv_strerror uv_err_nameGHC.Exception.Type SomeException HasCallStackArithExceptionOverflow UnderflowLossOfPrecision DivideByZeroRatioZeroDenominatorDenormal Exception toExceptiondisplayException fromException GHC.Exception ErrorCallErrorCallWithLocationthrowGHC.IO MaskingStateUnmaskedMaskedUninterruptibleMaskedInterruptiblecatchthrowIO interruptiblegetMaskingStatemask_maskuninterruptibleMask_uninterruptibleMaskevaluateAsyncException StackOverflow HeapOverflow UserInterrupt ThreadKilledSomeAsyncExceptionAssertionFailedCompactionFailedAllocationLimitExceededDeadlockBlockedIndefinitelyOnSTMBlockedIndefinitelyOnMVarasyncExceptionToExceptionasyncExceptionFromExceptionioError GHC.Conc.SyncthrowToControl.Exception.BaseNestedAtomicallyNonTermination TypeError NoMethodError RecUpdError RecConError RecSelErrorPatternMatchFail catchJusthandle handleJust mapExceptiontrytryJust onExceptionbracketfinallybracket_bracketOnErrorControl.ExceptionHandlercatchesallowInterrupt GHC.Stack callStackGHC.WordWord32 Data.BitstestBitghc-prim GHC.ClassesEqGHC.ShowShow%Z-Data-0.8.5.0-1ay6rKu6m803xDdDiRxHpqZ.Data.Text.PrintPrintZ.Data.Text.BaseText GHC.MaybeNothingZ.Data.Vector.BaseBytesZ.IO.BIOBIO$time-1.11.1.2-IDX6rUdkRsJ8WUfrjOQtbd#Data.Time.Clock.Internal.SystemTime SystemTime