This is Info file pm.info, produced by Makeinfo version 1.68 from the input file bigpm.texi.  File: pm.info, Node: Crypt/ECB, Next: Crypt/GPG, Prev: Crypt/DES_PP, Up: Module List Encrypt Data using ECB Mode *************************** NAME ==== Crypt::ECB - Encrypt Data using ECB Mode SYNOPSIS ======== Use Crypt::ECB OO style use Crypt::ECB; $crypt = Crypt::ECB->new; $crypt->padding(PADDING_AUTO); $crypt->cipher("Blowfish") || die $crypt->errstring; $crypt->key("some_key"); $enc = $crypt->encrypt("Some data."); print $crypt->decrypt($enc); or use the function style interface use Crypt::ECB qw(encrypt decrypt encrypt_hex decrypt_hex); $ciphertext = encrypt($key2, "Blowfish", "Some data", PADDING_AUTO); $plaintext = decrypt($key2, "Blowfish", $ciphertext, PADDING_AUTO); $hexcode = encrypt_hex("foo_key", "IDEA", $plaintext); $plain = decrypt_hex("foo_key", "IDEA", "A01B45BC"); DESCRIPTION =========== This module is a Perl-only implementation of the ECB mode. In combination with a block cipher such as DES, IDEA or Blowfish, you can encrypt and decrypt messages of arbitrarily long length. Though for security reasons other modes than ECB such as CBC should be preferred. See textbooks on cryptography if you want to know why. The functionality of the module can be accessed via OO methods or via standard function calls. Remember that some crypting module like for example Blowfish has to be installed. The syntax follows that of Crypt::CBC meaning you can access Crypt::ECB exactly like Crypt::CBC, though Crypt::ECB is more flexible. For example you can change the key or the cipher without having to create a new crypt object. METHODS ======= new(), key(), cipher(), padding() --------------------------------- $crypt = Crypt::ECB->new; $crypt->key("Some_key"); $crypt->cipher("Blowfish") || die $crypt->errstring; $crypt->padding(PADDING_AUTO); print $crypt->key; print $crypt->cipher; print $crypt->padding; $crypt = Crypt::ECB->new("Some_key","Blowfish"); $crypt->cipher || die "'Blowfish' wasn't loaded for some reason."; new() initializes the variables it uses. Optional parameters are key and cipher. If called without parameters you have to call key() and *cipher()* before you can start crypting. If called with key but without cipher, for compatibility with Crypt::CBC 'DES' is assumed. key() sets the key if given a parameter. It always returns the key. Note that some crypting modules require keys of definite length. For example the Crypt::Blowfish module expects an eight byte key. *cipher()* sets the block cipher to be used if given a parameter. It tries to load the corresponding module. If an error occurs, it returns 0 and sets $crypt->{Errstring}. Otherwise it returns the cipher name. Free packages available for Perl are for example Blowfish, DES or IDEA. If called without parameter it just returns the name of the cipher. *padding()* sets the way how data is padded up to a multiple of the cipher's blocksize. Until now two ways are implemented: When set to PADDING_NONE, no padding is done. You then have to take care of correct padding (and truncating) yourself. When set to PADDING_AUTO, the ECB module handles padding (and truncating when decrypting) the same way Crypt::CBC does. By default the padding style is set to PADDING_NONE. This means if you don't bother and your data has not the correct length, the module will complain and therefore force you to think about what you really want. start(), mode(), crypt(), finish() ---------------------------------- $crypt->start('encrypt') || die $crypt->errstring; $enc = $crypt->crypt($data1) . $crypt->crypt($data2) . $crypt->finish; $crypt->start('decrypt'); print $crypt->mode; start() sets the crypting mode and checks if all required variables like key and cipher are set. Allowed parameters are any words starting either with 'e' or 'd'. The Method returns the mode which is set or 0 if an error occurred. mode() is called without parameters and just returns the mode which is set. crypt() processes the data given as argument. If called without argument $_ is processed. The method returns the processed data. Cipher and key have to be set in order to be able to process data. If some of these are missing or start() was not called before, the method dies. After having sent all data to be processed to crypt() you have to call finish() in order to flush data that's left in the buffer. caching() --------- $crypt->caching(1); # caching on $crypt->caching(0); # caching off print $crypt->caching; The caching mode is returned. If given an argument caching mode is set. Caching is on if caching() evaluates true, otherwise caching is off. By default caching is on. What is this caching? The Crypt::ECB module communicates with the cipher module via some object. Creating the cipher object takes some time for the cipher module has to do some initialization. Now caching means that the same cipher object is used until caching is turned off or the key or the cipher module are changed. If caching is off, a new cipher object is created is created each time crypt() or finish() are called and destroyed at the end of these methods. Crypting using caching is *much* faster than without caching. encrypt(), decrypt(), encrypt_hex(), decrypt_hex() -------------------------------------------------- $enc = $crypt->encrypt($data); print $crypt->decrypt($enc); $hexenc = $crypt->encrypt_hex($data); print $crypt->decrypt_hex($hexenc); encrypt() and decrypt() are convenience methods which call start(), crypt() and finish() for you. *encrypt_hex()* and *decrypt_hex()* are convenience functions that operate on ciphertext in a hexadecimal representation. They are exactly equivalent to $hexenc = join('',unpack('H*',$crypt->encrypt($data))); print $crypt->decrypt(pack('H*',$hexenc)); These functions can be useful if, for example, you wish to place the encrypted information into an e-mail message, Web page or URL. errstring() ----------- print $crypt->errstring; Some methods like *cipher()* or start() return 0 if an error occurs. You can then retrieve a more detailed error message by calling $crypt->errstring. VARIABLES ========= Variables which could be of interest to the outside world are: $crypt->{Key}, $crypt->{Cipher}, $crypt->{Module}, $crypt->{Keysize}, $crypt->{Blocksize}, $crypt->{Mode}, $crypt->{Caching}, $crypt->{Padding}, $crypt->{Errstring}. The variables should not be set directly, use instead the above described methods. Reading should not pose a problem, but is also provided by the above methods. CONSTANTS ========= The two constants naming the padding styles are exported by default: PADDING_NONE => 0 PADDING_AUTO => 1 FUNCTIONS ========= For convenience en- or decrypting can also be done by calling ordinary functions. The functions are: encrypt(), decrypt(), *encrypt_hex*, *decrypt_hex*. The module is smart enough to recognize whether these functions are called in an OO context or not. encrypt(), decrypt(), encrypt_hex(), decrypt_hex() -------------------------------------------------- $ciphertext = encrypt($key, $cipher, $plaintext, PADDING_AUTO); $plaintext = decrypt($key, $cipher, $ciphertext, PADDING_AUTO); $ciphertext = encrypt_hex($key, $cipher, $plaintext, PADDING_AUTO); $plaintext = decrypt_hex($key, $cipher, $ciphertext, PADDING_AUTO); encrypt() and decrypt() process the provided text and return either the corresponding ciphertext (encrypt) or plaintext (decrypt). Data and padstyle are optional, but remember that by default no padding is done. If data is omitted, $_ is assumed. *encrypt_hex()* and *decrypt_hex()* operate on ciphertext in a hexadecimal representation. Otherwise usage is the same as for encrypt() and decrypt(). BUGS ==== None that I know of. TODO ==== The other block cipher modes CBC, CFB and OFB could be implemented. Convenience encrypt and decrypt functions utilizing base64 encoding could be added. COPYING ======= This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. AUTHOR ====== Christoph Appel, cappel@debis.com SEE ALSO ======== perl(1), Crypt::DES(3), Crypt::IDEA(3), Crypt::CBC(3)  File: pm.info, Node: Crypt/GPG, Next: Crypt/HCE_MD5, Prev: Crypt/ECB, Up: Module List A module for accessing GnuPG functionality. ******************************************* NAME ==== Crypt::GPG - A module for accessing GnuPG functionality. SYNOPSIS ======== use Crypt::GPG; $gpg = new Crypt::GPG; $gpg->gpgbin ($path_to_gpg); # The GnuPG executable. $gpg->gpgopts ($option); # Extra options for the GnuPG command. $gpg->secretkey ($keyid); # Set ID of default secret key. $gpg->passphrase ($passphrase); # Set passphrase. $gpg->armor ($boolean); # Switch ASCII armoring on/off. $gpg->detach ($boolean); # Switch detached signatures on/off. $gpg->encryptsafe ($boolean); # Switch paranoid encryption on/off. $gpg->version ($versionstring); # Set version string. $gpg->comment ($commentstring); # Set comment string. $gpg->debug ($boolean); # Switch debugging output on/off. $signed = $gpg->sign (@message); @recipients = $gpg->msginfo (@ciphertext); $ciphertext = $gpg->encrypt (\@plaintext, \@recipients); ($signature, $plaintext) = $gpg->verify (\@ciphertext, [ \@message ]); $status = $gpg->keygen ($name, $email, $keytype, $keysize, $expire, $passphrase); $gpg->addkey (\@key, $pretend); @keys = $gpg->keyinfo (@ids); (The methods below will likely be encapsulated into the Crypt::GPG::Key class in a future release, bewarned!) $key = $keys[0]; $gpg->delkey ($key); $gpg->disablekey ($key); $gpg->enablekey ($key); $keystring = $gpg->export ($key); $gpg->keypass ($key, $oldpassphrase, $newpassphrase); DESCRIPTION =========== The Crypt::GPG module provides near complete access to GnuPG functionality through an object oriented interface. It provides methods for encryption, decryption, signing, signature verification, key generation, key export and import, and most other key management functions. This module works almost identically to its cousin, Crypt::PGP5. The two modules together provide an almost uniform interface to deal with both PGP and GPG. Eventually, these module will be folded into a single module which will interface with GPG as well as all versions of PGP. CONSTRUCTOR =========== new () Creates and returns a new Crypt::GPG object. DATA METHODS ============ *gpgbin ()* Sets the *GPGBIN* instance variable which gives the path to the GnuPG binary. *gpgopts ()* Sets the *GPGOPTS* instance variable which may be used to pass additional options to the GnuPG binary. For proper functioning of this module, it is advisable to always include '-lock-multiple' in the GPGOPTS string. *secretkey ()* Sets the *SECRETKEY* instance variable which may be a KeyID or a username. This is the ID of the default key to use for signing. *passphrase ()* Sets the *PASSPHRASE* instance variable, required for signing and decryption. *armor ()* Sets the *ARMOR* instance variable. If set to 0, Crypt::GPG doesn't ASCII armor its output. Else, it does. Default is to use ascii-armoring. I haven't tested the methods in this module without ASCII armoring yet. *detach ()* Sets the *DETACH* instance variable. If set to 1, the sign method will produce detached signature certificates, else it won't. The default is to produce detached signatures. *encryptsafe ()* Sets the *ENCRYPTSAFE* instance variable. If set to 1, encryption will fail if trying to encrypt to a key which is not trusted. This is the default. Switch to 0 if you want to encrypt to untrusted keys. *version ()* Sets the VERSION instance variable which can be used to change the Version: string on the GnuPG output to whatever you like. *comment ()* Sets the *COMMENT* instance variable which can be used to change the Comment: string on the GnuPG output to whatever you like. *debug ()* Sets the DEBUG instance variable which causes the raw output of Crypt::GPG's interaction with the GnuPG binary to be dumped to STDOUT. OBJECT METHODS ============== *sign (@message)* Signs *@message* with the secret key specified with *secretkey ()* and returns the result as a string. *decrypt ( \@message, [ \@signature ])* Decrypts and/or verifies the message in *@message*, optionally using the detached signature in *@signature*, and returns the plaintext message as a string, along with a Crypt::GPG::Signature object corresponding to the signature on the message, if the message was signed. *msginfo (@ciphertext)* Returns a list of the recipient key IDs that *@ciphertext* is encrypted to. *encrypt (\@plaintext, \@keylist)* Encrypts *@plaintext* with the public keys of the recipients listed in *@keylist* and returns the result in a string, or undef if there was an error while processing. Returns undef if any of the keys are not found. *addkey (\@key, $pretend)* Adds the keys given in *@key* to the user's key ring and returns a list of Crypt::GPG::Key objects corresponding to the keys that were added. If *$pretend* is true, it pretends to add the key and creates the key object, but doesn't actually perform the key addition. *export ($key)* Exports the key specified by the Crypt::GPG::Key object $key and returns the result as a string. *keygen ($name, $email, $keytype, $keysize, $expire, $passphrase)* Creates a new keypair with the parameters specified. The only supported *$keytype* is 'ELG-E'. *$keysize* can be any of 768, 1024, 2048, 3072 or 4096. Returns undef if there was an error, otherwise returns a filehandle that reports the progress of the key generation process similar to the way GnuPG does. The key generation is not complete till you read an EOF from the returned filehandle. *keyinfo (@keyids)* Returns an array of Crypt::GPG::Key objects corresponding to the Key IDs listed in *@keyids*. *parsekeys (@keylist)* Parses a raw GnuPG formatted key listing in *@keylist* and returns an array of Crypt::GPG::Key objects. *keypass ($key, $oldpass, $newpass)* Change the passphrase for a key. Returns true if the passphrase change succeeded, false if not, or undef if there was an error. *delkey ($keyid)* Deletes the key specified by the Crypt::GPG::Key object $key from the user's key ring. Returns undef if there was an error, or 1 if the key was successfully deleted. *disablekey ($keyid)* Disables the key specified by the Crypt::GPG::Key object $key. *enablekey ($keyid)* Enables the key specified by the Crypt::GPG::Key object $key. BUGS ==== * Error checking needs work. * Some key manipulation functions are missing. * The method call interface is subject to change in future versions, specifically, key manipulation methods will be encapsulated into the Crypt::GPG::Key class in a future version. * The current implementation will probably eat up all your RAM if you try to operate on huge messages. In future versions, this will be addressed by reading from and returning filehandles, rather than using in-core data. * Methods may break if you don't use ASCII armoring. AUTHOR ====== Crypt::GPG is Copyright (c) 2000 Ashish Gulhati . All Rights Reserved. ACKNOWLEDGEMENTS ================ Thanks to Barkha for inspiration and lots of laughs; to the GnuPG team and Phil Zimmerman; and of-course, to Larry Wall, Richard Stallman, and Linus Torvalds. LICENSE ======= This code is free software; you can redistribute it and/or modify it under the same terms as Perl itself. It would be nice if you would mail your patches to me, and I would love to hear about projects that make use of this module. DISCLAIMER ========== This is free software. If it breaks, you own both parts.  File: pm.info, Node: Crypt/HCE_MD5, Next: Crypt/HCE_SHA, Prev: Crypt/GPG, Up: Module List Perl extension implementing one way hash chaining encryption using MD5 ********************************************************************** NAME ==== Crypt::HCE_MD5 - Perl extension implementing one way hash chaining encryption using MD5 SYNOPSIS ======== use Crypt::HCE_MD5; $hce_md5 = Crypt::HCE_MD5->new("SharedSecret", "Random01,39j309ad"); $hce_md5 = Crypt::HCE_MD5->new('KEYBUG', "TheSecret", "junk o rama"); $crypted = $hce_md5->hce_block_encrypt("Encrypt this information"); $info = $hce_md5->hce_block_decrypt($crypted); $mime_crypted = $hce_md5->hce_block_encode_mime("Encrypt and Base64 this information"); $info = $hce_md5->hce_block_decode_mime($mime_crypted); DESCRIPTION =========== This module implements a chaining block cipher using a one way hash. This method of encryption is the same that is used by radius (RFC2138) and is also described in Applied Cryptography. Two interfaces are provided in the module. The first is straight block encryption/decryption the second does base64 mime encoding/decoding of the encrypted/decrypted blocks. The idea is the the two sides have a shared secret that supplies one of the keys and a randomly generated block of bytes provides the second key. The random key is passed in cleartext between the two sides. An example client and server are packaged as modules with this module. They are used in the tests. They can also be found in the examples directory. The 'KEYBUG' flag is for decrypting data encrypted with an older version of Crypt::HCE_MD5. There was a bug in the chaining portion that prevented the full 16 bytes of the previous block from being using in creating the chaining hash. Decrypt your old data and re-encrypt it without the KEYBUG flag. The release after this one will have the KEYBUG feature removed, but I'll leave this version on CPAN Thanks to Jake Angerman for pointing out the weakness. AUTHOR ====== Eric Estabrooks, eric@urbanrage.com SEE ALSO ======== perl(1).  File: pm.info, Node: Crypt/HCE_SHA, Next: Crypt/IDEA, Prev: Crypt/HCE_MD5, Up: Module List Perl extension implementing one way hash chaining encryption using SHA ********************************************************************** NAME ==== Crypt::HCE_SHA - Perl extension implementing one way hash chaining encryption using SHA SYNOPSIS ======== use Crypt::HCE_SHA; $hce_sha = Crypt::HCE_SHA->new("SharedSecret", "Random01,39j309ad"); $crypted = $hce_sha->hce_block_encrypt("Encrypt this information"); $info = $hce_sha->hce_block_decrypt($crypted); $mime_crypted = $hce_sha->hce_block_encode_mime("Encrypt and Base64 this information"); $info = $hce_sha->hce_block_decode_mime($mime_crypted); DESCRIPTION =========== This module implements a chaining block cipher using a one way hash. This method of encryption is the same that is used by radius (RFC2138) and is also described in Applied Cryptography. Two interfaces are provided in the module. The first is straight block encryption/decryption the second does base64 mime encoding/decoding of the encrypted/decrypted blocks. The idea is the the two sides have a shared secret that supplies one of the keys and a randomly generated block of bytes provides the second key. The random key is passed in cleartext between the two sides. An example client and server are packaged as modules with this module. They are used in the tests. They can be found in the examples directory. Thanks to Jake Angerman for the bug report on the bug in key generation for the chaining portion of the algorithm AUTHOR ====== Eric Estabrooks, eric@urbanrage.com SEE ALSO ======== perl(1).  File: pm.info, Node: Crypt/IDEA, Next: Crypt/PGP2, Prev: Crypt/HCE_SHA, Up: Module List Perl interface to IDEA block cipher *********************************** NAME ==== IDEA - Perl interface to IDEA block cipher SYNOPSIS ======== use Crypt::IDEA; DESCRIPTION =========== This perl extension is an implementation of the IDEA block cipher algorithm. The module implements the Crypt::BlockCipher interface, which has the following methods blocksize =item keysize =item encrypt =item decrypt FUNCTIONS ========= blocksize Returns the size (in bytes) of the block cipher. keysize Returns the size (in bytes) of the key. new my $cipher = new IDEA $key; This creates a new IDEA BlockCipher object, using $key, where $key is a key of `keysize()' bytes. encrypt my $cipher = new IDEA $key; my $ciphertext = $cipher->encrypt($plaintext); This function encrypts $plaintext and returns the $ciphertext where $plaintext and $ciphertext should be of `blocksize()' bytes. decrypt my $cipher = new IDEA $key; my $plaintext = $cipher->decrypt($ciphertext); This function decrypts $ciphertext and returns the $plaintext where $plaintext and $ciphertext should be of `blocksize()' bytes. EXAMPLE ======= my $key = pack("H32", "0123456789ABCDEF0123456789ABCDEF"); my $cipher = new IDEA $key; my $ciphertext = $cipher->encrypt("plaintex"); # NB - 8 bytes print unpack("H16", $ciphertext), "\n"; SEE ALSO ======== Crypt::DES Bruce Schneier, *Applied Cryptography*, 1995, Second Edition, published by John Wiley & Sons, Inc. COPYRIGHT ========= This implementation is copyright Systemics Ltd ( http://www.systemics.com/ ). The IDEA algorithm is patented in Europe and the United States by Ascom-Tech AG. Module altered on 22 May 1999 to allow functionality with perl -MCPAN, Changes by Dave Paris (edited lib paths).  File: pm.info, Node: Crypt/PGP2, Next: Crypt/PGP5, Prev: Crypt/IDEA, Up: Module List module for programmatic PGP 2.x on Unix *************************************** NAME ==== Crypt::PGP2 - module for programmatic PGP 2.x on Unix DESCRIPTION =========== Perl module wrapper for Unix PGP 2.x You can get PGP from ftp://ftp.cert.dfn.de/pub/tools/crypt/pgp/pgpi/2.x/src/ This module: * is a wrapper that does parameter validation and provides application isolation from the external pgp program * returns the PGP banner and error constants. PARAMETERS ========== The parameters are positional: $plaintext Plaintext that you want to encrypt. (mandatory) $key keyring id of recipient who has a public key. (mandatory) $options PGP options you want, limited to any combination of 'a', and 't'. # -a means ASCII armour, needed when emailing ciphertext # -t means portable text newlines, needed for portability (Optional - default is -feat) RETURN CODES ============ encrypt returns a list of 3 scalars like this: ($ciphertext, $message, $error) $ciphertext Ciphertext result of encrypting $Plaintext. $message pgp statement and pgp banner returned from external program $error error status from this program PGP_ERR_SUCCESS - success PGP_ERR_FAIL - failure to start external command PGP_ERR_BAD_OPTIONS - optional pgp options invalid PGP_ERR_MISSING_KEY - mandatory keyring ID missing PGP_ERR_MISSING_TEXT - mandatory plaintext missing SAMPLE PROGRAM ============== #!/usr/bin/perl -Tw $ENV{'PATH'} = ''; use strict; # must scope all symbols use diagnostics; # lint checking and verbose warnings use Crypt::PGP2; my $plaintext = 'Sample plaintext'; my ($ciphertext, $msg, $error) = encrypt($plaintext,'james','at'); if ($error == PGP_ERR_SUCCESS) { print "Ciphertext: $ciphertext\nMsg: $msg\nError: $error\n"; } else { print "PGP error: $error\n"; } NOTES ===== PGP creates temporary work files, but we don't have control over this. This may be a security and reliability problem that you should investigate. Note that to encrypt a message, the only key required is the public key of the recipient. No private keys are required, so not even your private keyring needs to be on the same machine as the webserver. Only when signing a message or deciphering a message is a private key or keyring required. Your minimum key length should be 1024 bits and should be changed regularly. BUGS ==== See Notes for general concerns. This module relies on Open3, which may not be supported on Windows NT. Only recent versions of Open3 do not leak memory. AUTHORS ======= james@rf.net VERSION ======= See $VERSION  File: pm.info, Node: Crypt/PGP5, Next: Crypt/Passwd, Prev: Crypt/PGP2, Up: Module List An Object Oriented Interface to PGP5. ************************************* NAME ==== Crypt::PGP5 - An Object Oriented Interface to PGP5. SYNOPSIS ======== use Crypt::PGP5; $pgp = new Crypt::PGP5; $pgp->secretkey ($keyid); # Set ID of default secret key. $pgp->passphrase ($passphrase); # Set passphrase. $pgp->armor ($boolean); # Switch ASCII armoring on/off. $pgp->detach ($boolean); # Switch detached signatures on/off. $pgp->encryptsafe ($boolean); # Switch paranoid encryption on/off. $pgp->version ($versionstring); # Set version string. $pgp->debug ($boolean); # Switch debugging output on/off. $signed = $pgp->sign (@message); @recipients = $pgp->msginfo (@ciphertext); $ciphertext = $pgp->encrypt ([@recipients], @plaintext); ($signature, $plaintext) = $pgp->verify (@ciphertext); ($signature, $plaintext) = $pgp->dverify ([@signature], [@message]); (Most of the methods below will be encapsulated into the Crypt::PGP5::Key class by next release, bewarned!) $pgp->addkey ($keyring, @key); $pgp->delkey ($keyid); $pgp->disablekey ($keyid); $pgp->enablekey ($keyid); @keys = $pgp->keyinfo (@ids); $keystring = $pgp->extractkey ($userid, $keyring); $pgp->keypass ($keyid, $oldpasswd, $newpasswd); $status = $pgp->keygen ($name, $email, $keytype, $keysize, $expire, $pass); DESCRIPTION =========== The Crypt::PGP5 module provides near complete access to PGP 5 functionality through an object oriented interface. It provides methods for encryption, decryption, signing, signature verification, key generation, key export and import, and most other key management functions. CONSTRUCTOR =========== new () Creates and returns a new Crypt::PGP5 object. DATA METHODS ============ *secretkey ()* Sets the *SECRETKEY* instance variable which may be a KeyID or a username. This is the ID of the default key to use for signing. *passphrase ()* Sets the *PASSPHRASE* instance variable, required for signing and decryption. *armor ()* Sets the *ARMOR* instance variable. If set to 0, Crypt::PGP5 doesn't ASCII armor its output. Else, it does. Default is to use ascii-armoring. I haven't tested this without ASCII armoring yet. *detach ()* Sets the *DETACH* instance variable. If set to 1, the sign method will produce detached signature certificates, else it won't. The default is to produce detached signatures. *encryptsafe ()* Sets the *ENCRYPTSAFE* instance variable. If set to 1, encryption will fail if trying to encrypt to a key which is not trusted. This is the default. Switch to 0 if you want to encrypt to untrusted keys. *version ()* Sets the VERSION instance variable which can be used to change the Version: string on the PGP output to whatever you like. *debug ()* Sets the DEBUG instance variable which causes the raw output of Crypt::PGP5's interaction with the PGP binary to be dumped to STDOUT. OBJECT METHODS ============== *sign (@message)* Signs *@message* with the secret key specified with *secretkey ()* and returns the result as a string. *verify (@message)* Verifies or decrypts the message in *@message* and returns the Crypt::PGP5::Signature object corresponding to the signature on the message (if any, or undef otherwise), and a string containing the decrypted message. *dverify ([@message], [@signature])* Verifies the detactched signature *@signature* on *@message* and returns a Crypt::PGP5::Signature object corresponding to the signature on the message, along with a string containing the plaintext message. *msginfo (@ciphertext)* Returns a list of the recipient key IDs that *@ciphertext* is encrypted to. *encrypt ([$keyid1, $keyid2...], @plaintext)* Encrypts *@plaintext* with the public keys of the recipients listed in the arrayref passed as the first argument and returns the result in a string, or undef if there was an error while processing. Returns ciphertext if the message could be encrypted to at least one of the recipients. *addkey ($key, $pretend)* Adds the keys given in $key to the user's key ring and returns a list of Crypt::PGP::Key objects corresponding to the keys that were added. If *$pretend* is true, it pretends to add the key and creates the key object, but doesn't actually perform the key addition. *delkey ($keyid)* Deletes the key with *$keyid* from the user's key ring. *disablekey ($keyid)* Disables the key with *$keyid*. *enablekey ($keyid)* Enables the key with *$keyid*. *keyinfo (@keyids)* Returns an array of Crypt::PGP5::Key objects corresponding to the keyids listed in *@keyids*. *parsekeys (@keylist)* Parses a raw PGP formatted key listing and returns a list of Crypt::PGP5::Key objects. *keypass ($keyid, $oldpass, $newpass)* Change the passphrase for a key. Returns true if the passphrase change succeeded, false if not. *extractkey ($userid, $keyring)* Extracts the key for *$userid* from *$keyring* and returns the result. The *$keyring* argument is optional and defaults to the public keyring set with *pubring ()*. *keygen ($name, $email, $keytype, $keysize, $expire, $pass)* Creates a new keypair with the parameters specified. *$keytype* may be one of 'RSA' or 'DSS'. *$keysize* can be any of 768, 1024, 2048, 3072 or 4096 for DSS keys, and 768, 1024 or 2048 for RSA type keys. Returns undef if there was an error, otherwise returns a filehandle that reports the progress of the key generation process similar to the way PGP does. The key generation is not complete till you read an EOF from the returned filehandle. BUGS ==== * Error checking needs work. * Some key manipulation functions are missing. * May not work with versions of PGP other than PGPfreeware 5.0i. * The method call interface is subject to change in future versions, specifically, key manipulation methods will be encapsulated into the Crypt::PGP5::Key class in a future version. * The current implementation will probably eat up all your RAM if you try to operate on huge messages. In future versions, this will be addressed by reading from and returning filehandles, rather than using in-core data. AUTHOR ====== Crypt::PGP5 is Copyright (c) 1999-2000 Ashish Gulhati . All Rights Reserved. ACKNOWLEDGEMENTS ================ Thanks to Barkha for inspiration and lots of laughs; to Rex Rogers at Laissez Faire City for putting together a great environment to hack on freedom technologies; and of-course, to Phil Zimmerman, Larry Wall, Richard Stallman, and Linus Torvalds. LICENSE ======= This code is free software; you can redistribute it and/or modify it under the same terms as Perl itself. It would be nice if you would mail your patches to me, and I would love to hear about projects that make use of this module. DISCLAIMER ========== This is free software. If it breaks, you own both parts.  File: pm.info, Node: Crypt/Passwd, Next: Crypt/PasswdMD5, Prev: Crypt/PGP5, Up: Module List Perl wrapper around the UFC Crypt ********************************* NAME ==== Crypt::Passwd - Perl wrapper around the UFC Crypt SYNOPSIS ======== use Crypt::Passwd; $crypted_password = unix_std_crypt("password", "salt"); $ultrix_password = unix_ext_crypt("password", "salt"); DESCRIPTION =========== This module provides an interface layer between Perl 5 and Michael Glad's UFC Crypt library. The interface is comprised in two functions, described below. *unix_std_crypt(passwd, salt)* provides an interface to the traditional crypt() function, as implemented by the UFC library. It returns the crypted password, perturbed with the salt. *unix_ext_crypt(passwd, salt)* provides the interface to the crypt16() function, present in Ultrix and Digital Unix systems as implemented in the UFC Library. This code is provided as is, with no warranties. It is subject to the same terms and conditions that Perl and the UFC Crypt library. AUTHOR ====== Luis E. Munoz, lem@cantv.net SEE ALSO ======== perl(1), crypt(3), fcrypt(3), crypt16(3)  File: pm.info, Node: Crypt/PasswdMD5, Next: Crypt/Primes, Prev: Crypt/Passwd, Up: Module List Provides interoperable MD5-based crypt() function ************************************************* NAME ==== unix_md5_crypt - Provides interoperable MD5-based crypt() function SYNOPSIS ======== use Crypt::PasswdMD5; $cryptedpassword = unix_md5_crypt($password, $salt); DESCRIPTION =========== the `unix_md5_crypt()' provides a crypt()-compatible interface to the rather new MD5-based crypt() function found in modern operating systems. It's based on the implementation found on FreeBSD 2.2.[56]-RELEASE and contains the following license in it: "THE BEER-WARE LICENSE" (Revision 42): wrote this file. As long as you retain this notice you can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp `apache_md5_crypt()' provides a function compatible with Apache's `.htpasswd' files. This was contributed by Bryan Hart . As suggested by William A. Rowe, Jr. , it is exported by default.  File: pm.info, Node: Crypt/Primes, Next: Crypt/RC4, Prev: Crypt/PasswdMD5, Up: Module List Provable Prime Number Generator suitable for Cryptographic Applications. ************************************************************************ NAME ==== Crypt::Primes - Provable Prime Number Generator suitable for Cryptographic Applications. VERSION ======= $Revision: 0.46 $ $Date: 2001/03/04 18:26:03 $ SYNOPSIS ======== # generate a random, provable 512-bit prime. use Crypt::Primes qw(maurer); my $prime = maurer (Size => 512); # generate a random, provable 2048-bit prime and report # progress on console. my $another_prime = maurer ( Size => 2048, Verbosity => 1 ); # generate a random 1024-bit prime and a group # generator of Z*(n). my $hash_ref = maurer ( Size => 1024, Generator => 1, Verbosity => 1 ); WARNING ======= The codebase is stable, but the API will most definitely change in a future release. DESCRIPTION =========== This module implements Ueli Maurer's algorithm for generating large *provable* primes and secure parameters for public-key cryptosystems. The generated primes are almost uniformly distributed over the set of primes of the specified bitsize and expected time for generation is less than the time required for generating a pseudo-prime of the same size with Miller-Rabin tests. Detailed description and running time analysis of the algorithm can be found in Maurer's paper[1]. Crypt::Primes is a pure perl implementation. It uses Math::Pari for multiple precision integer arithmetic and number theoretic functions. Random numbers are gathered with Crypt::Random, a perl interface to /dev/u?random devices found on most modern Unix operating systems. FUNCTIONS ========= The following functions are availble for import. They must be explicitely imported. maurer(%params) Generates a prime number of the specified bitsize. Takes a hash as parameter and returns a Math::Pari object (prime number) or a hash reference (prime number and generator) when group generator computation is requested. Following hash keys are understood: Size Bitsize of the required prime number. Verbosity Level of verbosity of progress reporting. Report is printed on STDOUT. Level of 1 indicates normal, terse reporting. Level of 2 prints lots of intermediate computations, useful for debugging. Generator When Generator key is set to a non-zero value, a group generator of Z*(n) is computed. Group generators are required key material in public-key cryptosystems like Elgamal and Diffie-Hellman that are based on intractability of the discrete logarithm problem. When this option is present, maurer() returns a hash reference that contains two keys, Prime and Generator. Relprime When set to 1, maurer() stores intermediate primes in a class array, and ensures they are not used during construction of primes in the future calls to maurer() with Reprime => 1. This is used by rsaparams(). rsaparams(%params) Generates two primes (p,q) and public exponent (e) of a RSA key pair. The key pair generated with this method is resistant to iterative encryption attack. See Appendix 2 of [1] for more information. rsaparams() takes the same arguments as maurer() with the exception of `Generator' and `Relprime'. Size specifies the common bitsize of p an q. Returns a hash reference with keys p, q and e. trialdiv($n,$limit) Performs trial division on $n to ensure it's not divisible by any prime smaller than or equal to $limit. The module maintains a lookup table of primes (from 2 to 65521) for this purpose. If $limit is not provided, a suitable value is computed automatically. trialdiv() is used by maurer() to weed out composite random numbers before performing computationally intensive modular exponentiation tests. It is, however, documented should you need to use it directly. IMPLEMENTATION NOTE =================== This module implements a modified FastPrime, as described in [1], to facilitate group generator computation. (Refer to [1] and [2] for description and pseudo-code of FastPrime). The modification involves introduction of an additional constraint on relative size r of q. While computing r, we ensure k * r is always greater than maxfact, where maxfact is the bitsize of the largest number we can factor easily. This value defaults to 140 bits. As a result, R is always smaller than maxfact, which allows us to get a complete factorization of 2Rq and use it to find a generator of the cyclic group Z*(2Rq). RUNNING TIME ============ Crypt::Primes generates 512-bit primes in 7 seconds (on average), and 1024-bit primes in 37 seconds (on average), on my PII 300 Mhz notebook. There are no computational limits by design; primes upto 8192-bits were generated to stress test the code. For detailed runtime analysis see [1]. SEE ALSO ======== largeprimes(1), Crypt::Random(3), Math::Pari(3) BIBLIOGRAPHY ============ 1. Fast Generation of Prime Numbers and Secure Public-Key Cryptographic Parameters, Ueli Maurer (1994). 2. Corrections to Fast Generation of Prime Numbers and Secure Public-Key Cryptographic Parameters, Ueli Maurer (1996). 3. Handbook of Applied Cryptography by Menezes, Paul C. van Oorschot and Scott Vanstone (1997). AUTHOR ====== Vipul Ved Prakash, LICENSE ======= Copyright (c) 1998-2001, Vipul Ved Prakash. All rights reserved. This code is free software; you can redistribute it and/or modify it under the same terms as Perl itself. TODO ==== Maurer's algorithm generates primes of progressively larger bitsize using a recursive construction method. The algorithm enters recursion with a prime number and bitsize of the next prime to be generated. (Bitsizes of the intermediate primes are computed using a probability distribution that ensures generated primes are sufficiently random.) This recursion can be distributed over multiple machines, participating in a competitive computation model, to achieve close to best running time of the algorithm. Support for this will be implemented some day, possibly when the next version of Penguin hits CPAN.  File: pm.info, Node: Crypt/RC4, Next: Crypt/RIPEMD160, Prev: Crypt/Primes, Up: Module List Perl implementation of the RC4 encryption algorithm *************************************************** NAME ==== Crypt::RC4 - Perl implementation of the RC4 encryption algorithm SYNOPSIS ======== use Crypt::RC4; $encrypted = RC4( $passphrase, $plaintext ); $decrypt = RC4( $passphrase, $encrypted ); DESCRIPTION =========== A simple implementation of the RC4 algorithm, developed by RSA Security, Inc. Here is the description from RSA's website: RC4 is a stream cipher designed by Rivest for RSA Data Security (now RSA Security). It is a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation. Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10100. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. Independent analysts have scrutinized the algorithm and it is considered secure. Based substantially on the "RC4 in 3 lines of perl" found at http://www.cypherspace.org A major bug in v1.0 was fixed by David Hook (dgh@wumpus.com.au). Thanks, David. AUTHOR ====== Kurt Kincaid (sifukurt@yahoo.com) Ronald Rivest for RSA Security, Inc. David Hook (dgh@wumpus.com.au) SEE ALSO ======== perl(1), http://www.cypherspace.org, http://www.rsasecurity.com  File: pm.info, Node: Crypt/RIPEMD160, Next: Crypt/RIPEMD160/MAC, Prev: Crypt/RC4, Up: Module List Perl extension for the RIPEMD-160 Hash function *********************************************** NAME ==== Crypt::RIPEMD160 - Perl extension for the RIPEMD-160 Hash function SYNOPSIS ======== use Crypt::RIPEMD160; $context = new Crypt::RIPEMD160; $context->reset(); $context->add(LIST); $context->addfile(HANDLE); $digest = $context->digest(); $string = $context->hexdigest(); $digest = Crypt::RIPEMD160->hash(SCALAR); $string = Crypt::RIPEMD160->hexhash(SCALAR); DESCRIPTION =========== The *Crypt::RIPEMD160* module allows you to use the RIPEMD160 Message Digest algorithm from within Perl programs. The module is based on the implementation from Antoon Bosselaers from Katholieke Universiteit Leuven. A new RIPEMD160 context object is created with the new operation. Multiple simultaneous digest contexts can be maintained, if desired. The context is updated with the add operation which adds the strings contained in the LIST parameter. Note, however, that `add('foo', 'bar')', `add('foo')' followed by `add('bar')' and `add('foobar')' should all give the same result. The final message digest value is returned by the digest operation as a 20-byte binary string. This operation delivers the result of add operations since the last new or reset operation. Note that the digest operation is effectively a destructive, read-once operation. Once it has been performed, the context must be reset before being used to calculate another digest value. Several convenience functions are also provided. The *addfile* operation takes an open file-handle and reads it until end-of file in 8192 byte blocks adding the contents to the context. The file-handle can either be specified by name or passed as a type-glob reference, as shown in the examples below. The *hexdigest* operation calls digest and returns the result as a printable string of hexdecimal digits. This is exactly the same operation as performed by the unpack operation in the examples below. The hash operation can act as either a static member function (ie you invoke it on the RIPEMD160 class as in the synopsis above) or as a normal virtual function. In both cases it performs the complete RIPEMD160 cycle (reset, add, digest) on the supplied scalar value. This is convenient for handling small quantities of data. When invoked on the class a temporary context is created. When invoked through an already created context object, this context is used. The latter form is slightly more efficient. The *hexhash* operation is analogous to *hexdigest*. EXAMPLES ======== use Crypt::RIPEMD160; $ripemd160 = new Crypt::RIPEMD160; $ripemd160->add('foo', 'bar'); $ripemd160->add('baz'); $digest = $ripemd160->digest(); print("Digest is " . unpack("H*", $digest) . "\n"); The above example would print out the message Digest is f137cb536c05ec2bc97e73327937b6e81d3a4cc9 provided that the implementation is working correctly. Remembering the Perl motto ("There's more than one way to do it"), the following should all give the same result: use Crypt::RIPEMD160; $ripemd160 = new Crypt::RIPEMD160; die "Can't open /etc/passwd ($!)\n" unless open(P, "/etc/passwd"); seek(P, 0, 0); $ripemd160->reset; $ripemd160->addfile(P); $d = $ripemd160->hexdigest; print "addfile (handle name) = $d\n"; seek(P, 0, 0); $ripemd160->reset; $ripemd160->addfile(\*P); $d = $ripemd160->hexdigest; print "addfile (type-glob reference) = $d\n"; seek(P, 0, 0); $ripemd160->reset; while (

) { $ripemd160->add($_); } $d = $ripemd160->hexdigest; print "Line at a time = $d\n"; seek(P, 0, 0); $ripemd160->reset; $ripemd160->add(

); $d = $ripemd160->hexdigest; print "All lines at once = $d\n"; seek(P, 0, 0); $ripemd160->reset; while (read(P, $data, (rand % 128) + 1)) { $ripemd160->add($data); } $d = $ripemd160->hexdigest; print "Random chunks = $d\n"; seek(P, 0, 0); $ripemd160->reset; undef $/; $data =

; $d = $ripemd160->hexhash($data); print "Single string = $d\n"; close(P); NOTE ==== The RIPEMD160 extension may be redistributed under the same terms as Perl. The RIPEMD160 algorithm is published in "Fast Software Encryption, LNCS 1039, D. Gollmann (Ed.), pp.71-82". The basic C code implementing the algorithm is covered by the following copyright: ` /********************************************************************\ * * FILE: rmd160.c * * CONTENTS: A sample C-implementation of the RIPEMD-160 * hash-function. * TARGET: any computer with an ANSI C compiler * * AUTHOR: Antoon Bosselaers, ESAT-COSIC * DATE: 1 March 1996 * VERSION: 1.0 * * Copyright (c) Katholieke Universiteit Leuven * 1996, All Rights Reserved * \********************************************************************/ ' RIPEMD-160 test suite results (ASCII): ====================================== ` * message: "" (empty string) hashcode: 9c1185a5c5e9fc54612808977ee8f548b2258d31 * message: "a" hashcode: 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe * message: "abc" hashcode: 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc * message: "message digest" hashcode: 5d0689ef49d2fae572b881b123a85ffa21595f36 * message: "abcdefghijklmnopqrstuvwxyz" hashcode: f71c27109c692c1b56bbdceb5b9d2865b3708dbc * message: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" hashcode: 12a053384a9c0c88e405a06c27dcf49ada62eb2b * message: "A...Za...z0...9" hashcode: b0e20b6e3116640286ed3a87a5713079b21f5189 * message: 8 times "1234567890" hashcode: 9b752e45573d4b39f4dbd3323cab82bf63326bfb * message: 1 million times "a" hashcode: 52783243c1697bdbe16d37f97f68f08325dc1528 ' This copyright does not prohibit distribution of any version of Perl containing this extension under the terms of the GNU or Artistic licences. AUTHOR ====== The RIPEMD-160 interface was written by Christian H. Geuer (CHGEUER) (`christian.geuer@crypto.gun.de'). SEE ALSO ======== MD5(3pm) and SHA(1).  File: pm.info, Node: Crypt/RIPEMD160/MAC, Next: Crypt/RSA, Prev: Crypt/RIPEMD160, Up: Module List Perl extension for RIPEMD-160 MAC function ****************************************** NAME ==== Crypt::RIPEMD160::MAC - Perl extension for RIPEMD-160 MAC function SYNOPSIS ======== use Crypt::RIPEMD160::MAC; $key = "This is the secret key"; $mac = new Crypt::RIPEMD160::MAC($key); $mac->reset(); $mac->add(LIST); $mac->addfile(HANDLE); $digest = $mac->mac(); $string = $mac->hexmac(); DESCRIPTION =========== The *Crypt::RIPEMD160* module allows you to use the RIPEMD160 Message Digest algorithm from within Perl programs. EXAMPLES ======== use Crypt::RIPEMD160; $ripemd160 = new Crypt::RIPEMD160; $ripemd160->add('foo', 'bar'); $ripemd160->add('baz'); $digest = $ripemd160->digest(); print("Digest is " . unpack("H*", $digest) . "\n"); The above example would print out the message Digest is f137cb536c05ec2bc97e73327937b6e81d3a4cc9 provided that the implementation is working correctly. AUTHOR ====== The RIPEMD-160 interface was written by Christian H. Geuer (`christian.geuer@crypto.gun.de'). SEE ALSO ======== MD5(3pm) and SHA(1).