GCrypt - Perl interface to the GNU Crypto library
use GCrypt; $cipher = new GCrypt::Cipher('aes', 'cbc'); $cipher->setkey('a secret'); $cipher->setiv('init vector'); $ciphertext = $cipher->encrypt('plaintext'); $plaintext = $cipher->decrypt($ciphertext);
GCrypt is the Perl interface to the same-named LGPL'd library of cryptographic functions. Currently only symmetric encryption/decryption is supported by this interface.
Note that if you are still confused by the crypto terminology, head over to "BACKGROUND" first.
Symmetric encryption/decryption is done by first obtaining a Cipher object:
$cipher = new GCrypt::Cipher(ALGORITHM[, MODE[, FLAGS]]);
ALGORITHM is a string naming the algorithm. At the time of writing, the following choices are available:
MODE is a string specifying one of the following encryption/decryption modes:
Between calls the "last block" is stored in the IV.
If no mode is specified cbc is selected for block ciphers, and stream for stream ciphers.
FLAGS is a string containing zero or more flags seperated by a pipe (
|). The possible flags are:
Encryption and decryption operations will use KEY until a different one is set. If KEY is shorter than the cipher's keylen (see the
keylen method) it will be zero-padded, if it is longer it will be truncated.
Set the initialisation vector to IV for the next encrypt/decrypt operation. If IV is missing a "standard" IV of all zero is used. The same IV is set in newly created cipher objects.
This method encrypts PLAINTEXT with $cipher, returning the corresponding ciphertext. Null byte padding is automatically appended if PLAINTEXT's length is not evenly divisible by $cipher's block size.
The counterpart to encrypt, decrypt takes a CIPHERTEXT and produces the original plaintext (given that the right key was used, of course).
Returns the number of bytes of keying material this cipher needs.
As their name implies, block ciphers operate on blocks of data. This method returns the size of this blocks in bytes for this particular cipher. For stream ciphers
1 is returned, since this implementation does not support feeding less than a byte into the cipher.
Apply the CFB sync operation.
None, as the interface is object-oriented.
Symmetric ciphers are basically black boxes that you prime with a key. Then you can feed them plaintext, which they will munch into the encrypted result called ciphertext. They work into the other direction as well (hence the "symmetric"), taking ciphertext as input and reconstructing it into plaintext.
There are two kind of symmetric ciphers: block ciphers like AES take their input in chunks of a fixed size (e.g. 256 bit), producing a corresponding block of output (usually of the same size) for each such chunk. If the plaintext length is not evenly divisible by the block size, padding (normally a suitable number of null bytes) is appended to the end. This has to be removed again after decryption.
stream ciphers take input one bit at a time (you can think of them as special block ciphers with the smallest possible block size), and produce a corresponding output bit. Their advantage is that each bit of plaintext can be immediately encrypted as soon as it is available (think: encryption of an audio stream).
The gcrypt manual should be available via
info gcrypt from the shell or
C-h i g (gcrypt) from inside emacs.
Robert Bihlmeyer, <firstname.lastname@example.org>
Copyright 2002 by Robert Bihlmeyer
This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.