Crypt::CBC - Encrypt Data with Cipher Block Chaining Mode
use Crypt::CBC;
$cipher = new Crypt::CBC('my secret key','IDEA');
$ciphertext = $cipher->encrypt("This data is hush hush");
$plaintext = $cipher->decrypt($ciphertext);
$cipher->start('encrypting');
open(F,"./BIG_FILE");
while (read(F,$buffer,1024)) {
print $cipher->crypt($buffer);
}
print $cipher->finish;
This module is a Perl-only implementation of the cryptographic cipher
block chaining mode (CBC). In combination with a block cipher such as
DES or IDEA, you can encrypt and decrypt messages of arbitrarily long
length. The encrypted messages are compatible with the encryption
format used by SSLeay.
To use this module, you will first create a new Crypt::CBC cipher object with
new(). At the time of cipher creation, you specify an encryption key
to use and, optionally, a block encryption algorithm. You will then
call the start() method to initialize the encryption or decryption
process, crypt() to encrypt or decrypt one or more blocks of data, and
lastly finish(), to flush the encryption stream. For your
convenience, you can call the encrypt() and decrypt() methods to
operate on a whole data value at once.
$cipher = new Crypt::CBC($key,$algorithm);
The new() method creates a new Crypt::CBC object.
You must provide an encryption/decryption key, which can be any series
of characters of any length. Internally, the actual key used is
derived from the MD5 hash of the key you provide. The optional second
argument is the block encryption algorithm to use, specified as a
package name. You may use any block encryption algorithm that you
have installed. At the time this was written, only two were available
on CPAN, Crypt::DES and Crypt::IDEA. You may refer to them using
their full names (``Crypt::IDEA'') or in abbreviated form (``IDEA''.) If
no algorithm is provided, DES is assumed.
$cipher->start('encrypting');
$cipher->start('decrypting');
The start() method prepares the cipher for a series of encryption or
decryption steps, resetting the internal state of the cipher if
necessary. You must provide a string indicating whether you wish to
encrypt or decrypt. ``E'' or any word that begins with an ``e'' indicates
encryption. ``D'' or any word that begins with a ``d'' indicates
decryption.
$ciphertext = $cipher->crypt($plaintext);
After calling start(), you should call crypt() as many times as
necessary to encrypt the desired data.
$ciphertext = $cipher->finish();
The CBC algorithm must buffer data blocks inernally until they are
even multiples of the encryption algorithm's blocksize (typically 8
bytes). After the last call to crypt() you should call finish().
This flushes the internal buffer and returns any leftover ciphertext.
In a typical application you will read the plaintext from a file or
input stream and write the result to standard output in a loop that
might look like this:
$cipher = new Crypt::CBC('hey jude!');
$cipher->start('encrypting');
print $cipher->crypt($_) while <>;
print $cipher->finish();
$ciphertext = $cipher->encrypt($plaintext)
This convenience function runs the entire sequence of start(), crypt()
and finish() for you, processing the provided plaintext and returning
the corresponding ciphertext.
$plaintext = $cipher->decrypt($ciphertext)
This convenience function runs the entire sequence of start(), crypt()
and finish() for you, processing the provided ciphertext and returning
the corresponding plaintext.
$ciphertext = $cipher->encrypt_hex($plaintext)
$plaintext = $cipher->decrypt_hex($ciphertext)
These are convenience functions that operate on ciphertext in a
hexadecimal representation. encrypt_hex($plaintext) is exactly
equivalent to unpack('H*',encrypt($plaintext)). These functions
can be useful if, for example, you wish to place the encrypted
information into an e-mail message, Web page or URL.
Two examples, des.pl and idea.pl can be found in the eg/ subdirectory
of the Crypt-CBC distribution. These implement command-line DES and
IDEA encryption algorithms.
The encryption and decryption process is about a tenth the speed of
the equivalent SSLeay programs (compiled C). This could be improved
by implementing this module in C. It may also be worthwhile to
optimize the DES and IDEA block algorithms further.
None that I know of.
Lincoln Stein, lstein@cshl.org
perl(1), Crypt::DES(3), Crypt::IDEA(3)
|