Filter-Crypto
view release on metacpan or search on metacpan
Decrypt/lib/Filter/Crypto/Decrypt.pm view on Meta::CPAN
=item Infinite loop when running a program using an encrypted Data::Alias.
See L<https://rt.cpan.org/Ticket/Display.html?id=122951>.
=back
=head1 SEE ALSO
L<Filter::Crypto>;
L<Filter::CBC>, L<Crypt::License>.
The latter two modules (in separate CPAN distributions, not related to the
Filter-Crypto distribution in any way) are both Perl-level source code filters
and are thus even less secure than this module is. (This module's filter code
is written in XS and C.)
=head1 ACKNOWLEDGEMENTS
Much of the XS code is based on that in the Filter::decrypt module (version
1.49), written by Paul Marquess.
Makefile.PL view on Meta::CPAN
use constant CIPHER_NAME_IDEA => 'IDEA';
use constant CIPHER_NAME_RC2 => 'RC2';
use constant CIPHER_NAME_DESX => 'DESX';
use constant CIPHER_NAME_BLOWFISH => 'Blowfish';
use constant CIPHER_NAME_NULL => 'Null';
use constant CIPHER_NAME_RC5 => 'RC5';
use constant CIPHER_NAME_CAST5 => 'CAST5';
use constant CIPHER_NAME_AES => 'AES';
use constant CIPHER_MODE_ECB => 'ECB';
use constant CIPHER_MODE_CBC => 'CBC';
use constant CIPHER_MODE_CFB => 'CFB';
use constant CIPHER_MODE_OFB => 'OFB';
use constant CIPHER_KEY_GIVEN_PSWD => 1;
use constant CIPHER_KEY_RANDOM_PSWD => 2;
use constant CIPHER_KEY_GIVEN => 3;
use constant CIPHER_KEY_RANDOM => 4;
use constant RAND_OPTION_STR => 'rand';
use constant RAND_PSWD_LEN => 32;
Makefile.PL view on Meta::CPAN
print "\n";
$self->cipher_name($cipher_name);
}
sub query_cipher_mode {
my $self = shift;
my @cipher_modes = (
[ CIPHER_MODE_ECB, 'ECB (Electronic Codebook Mode)' ],
[ CIPHER_MODE_CBC, 'CBC (Cipher Block Chaining Mode)' ],
[ CIPHER_MODE_CFB, 'CFB (64-Bit Cipher Feedback Mode)' ],
[ CIPHER_MODE_OFB, 'OFB (64-Bit Output Feedback Mode)' ]
);
my $cipher_mode = $self->opts()->{'cipher-mode'};
if (defined $cipher_mode) {
my %lc_cipher_modes = map { lc $_->[0] => $_->[0] } @cipher_modes;
if (exists $lc_cipher_modes{lc $cipher_mode}) {
$self->show_found_var('Using specified cipher mode', $cipher_mode);
$cipher_mode = $lc_cipher_modes{lc $cipher_mode};
}
else {
$self->exit_with_error(114,
"No such cipher mode '%s'", $cipher_mode
);
}
}
else {
my $message = 'Modes of operation available:';
my $question = 'Which mode of operation do you want to use?';
my $default = CIPHER_MODE_CBC;
$cipher_mode = $self->prompt_list(
$message, \@cipher_modes, $question, $default
);
}
print "\n";
return $cipher_mode;
}
Makefile.PL view on Meta::CPAN
}
return $rng;
}
sub configure_des_cipher {
my $self = shift;
my %cipher_funcs = (
CIPHER_MODE_ECB, 'EVP_des_ecb()',
CIPHER_MODE_CBC, 'EVP_des_cbc()',
CIPHER_MODE_CFB, 'EVP_des_cfb()',
CIPHER_MODE_OFB, 'EVP_des_ofb()'
);
my $cipher_mode = $self->query_cipher_mode();
$self->cipher_func($cipher_funcs{$cipher_mode});
$self->cipher_needs_iv(1);
# The DES cipher can only use an 8 byte key (of which only 7 bytes are
# actually used by the algorithm): see FIPS PUB 46-3.
$self->query_key_len(-fixed => 8);
}
sub configure_des_ede_cipher {
my $self = shift;
my $ver_num = $self->ver_num();
my %cipher_funcs = (
CIPHER_MODE_ECB, ($ver_num < 90700
? 'EVP_des_ede()' : 'EVP_des_ede_ecb()'),
CIPHER_MODE_CBC, 'EVP_des_ede_cbc()',
CIPHER_MODE_CFB, 'EVP_des_ede_cfb()',
CIPHER_MODE_OFB, 'EVP_des_ede_ofb()'
);
my $cipher_mode = $self->query_cipher_mode();
$self->cipher_func($cipher_funcs{$cipher_mode});
$self->cipher_needs_iv(1);
# The DES-EDE cipher is two-key triple-DES (i.e. in which an encrypt
# operation is encrypt with key 1, decrypt with key 2, encrypt with key 1),
# and therefore requires a key length equivalent to two DES keys, i.e. 16
Makefile.PL view on Meta::CPAN
$self->query_key_len(-fixed => 16);
}
sub configure_des_ede3_cipher {
my $self = shift;
my $ver_num = $self->ver_num();
my %cipher_funcs = (
CIPHER_MODE_ECB, ($ver_num < 90700
? 'EVP_des_ede3()' : 'EVP_des_ede3_ecb()'),
CIPHER_MODE_CBC, 'EVP_des_ede3_cbc()',
CIPHER_MODE_CFB, 'EVP_des_ede3_cfb()',
CIPHER_MODE_OFB, 'EVP_des_ede3_ofb()'
);
my $cipher_mode = $self->query_cipher_mode();
$self->cipher_func($cipher_funcs{$cipher_mode});
$self->cipher_needs_iv(1);
# The DES-EDE3 cipher is three-key triple-DES (i.e. in which an encrypt
# operation is encrypt with key 1, decrypt with key 2, encrypt with key 3),
# and therefore requires a key length equivalent to two DES keys, i.e. 24
Makefile.PL view on Meta::CPAN
# The RC4 cipher can use any key length: see rc4.doc in old SSLeay
# distributions.
$self->query_key_len(-min => 1, -default => 16);
}
sub configure_idea_cipher {
my $self = shift;
my %cipher_funcs = (
CIPHER_MODE_ECB, 'EVP_idea_ecb()',
CIPHER_MODE_CBC, 'EVP_idea_cbc()',
CIPHER_MODE_CFB, 'EVP_idea_cfb()',
CIPHER_MODE_OFB, 'EVP_idea_ofb()'
);
my $cipher_mode = $self->query_cipher_mode();
$self->cipher_func($cipher_funcs{$cipher_mode});
$self->cipher_needs_iv(1);
# The IDEA cipher can only use a 16 byte key: see idea.doc in old SSLeay
# distributions.
$self->query_key_len(-fixed => 16);
}
sub configure_rc2_cipher {
my $self = shift;
my %cipher_funcs = (
CIPHER_MODE_ECB, 'EVP_rc2_ecb()',
CIPHER_MODE_CBC, 'EVP_rc2_cbc()',
CIPHER_MODE_CFB, 'EVP_rc2_cfb()',
CIPHER_MODE_OFB, 'EVP_rc2_ofb()'
);
my $cipher_mode = $self->query_cipher_mode();
$self->cipher_func($cipher_funcs{$cipher_mode});
$self->cipher_needs_iv(1);
# The RC2 cipher can use any key length from 1 to 128 bytes: see RFC 2268.
$self->query_key_len(-min => 1, -max => 128, -default => 16);
Makefile.PL view on Meta::CPAN
# The DESX cipher can only use a 24 byte key: see des.pod in recent OpenSSL
# distributions.
$self->query_key_len(-fixed => 24);
}
sub configure_blowfish_cipher {
my $self = shift;
my %cipher_funcs = (
CIPHER_MODE_ECB, 'EVP_bf_ecb()',
CIPHER_MODE_CBC, 'EVP_bf_cbc()',
CIPHER_MODE_CFB, 'EVP_bf_cfb()',
CIPHER_MODE_OFB, 'EVP_bf_ofb()'
);
my $cipher_mode = $self->query_cipher_mode();
$self->cipher_func($cipher_funcs{$cipher_mode});
$self->cipher_needs_iv(1);
# The Blowfish cipher can use any key length up to 72 bytes: see
# blowfish.doc in old SSLeay distributions.
$self->query_key_len(-min => 1, -max => 72, -default => 16);
Makefile.PL view on Meta::CPAN
# The null cipher does not require a key: it does nothing.
$self->query_key_len(-fixed => 0);
}
sub configure_rc5_cipher {
my $self = shift;
my %cipher_funcs = (
CIPHER_MODE_ECB, 'EVP_rc5_32_12_16_ecb()',
CIPHER_MODE_CBC, 'EVP_rc5_32_12_16_cbc()',
CIPHER_MODE_CFB, 'EVP_rc5_32_12_16_cfb()',
CIPHER_MODE_OFB, 'EVP_rc5_32_12_16_ofb()'
);
my $cipher_mode = $self->query_cipher_mode();
$self->cipher_func($cipher_funcs{$cipher_mode});
$self->cipher_needs_iv(1);
# The RC5 cipher can use any key length from 0 to 255 bytes: see RFC 2040.
$self->query_key_len(-min => 0, -max => 255, -default => 16);
# The RC5 cipher also has a parameter called "number of rounds".
$self->query_rc5_rounds();
}
sub configure_cast5_cipher {
my $self = shift;
my %cipher_funcs = (
CIPHER_MODE_ECB, 'EVP_cast5_ecb()',
CIPHER_MODE_CBC, 'EVP_cast5_cbc()',
CIPHER_MODE_CFB, 'EVP_cast5_cfb()',
CIPHER_MODE_OFB, 'EVP_cast5_ofb()'
);
my $cipher_mode = $self->query_cipher_mode();
$self->cipher_func($cipher_funcs{$cipher_mode});
$self->cipher_needs_iv(1);
# The CAST5 cipher can use any key length from 5 to 16 bytes: see RFC 2144.
$self->query_key_len(-min => 5, -max => 16, -default => 16);
}
sub configure_aes_cipher {
my $self = shift;
my %cipher_funcs = (
CIPHER_MODE_ECB, 'EVP_aes_ecb()',
CIPHER_MODE_CBC, 'EVP_aes_cbc()',
CIPHER_MODE_CFB, 'EVP_aes_cfb()',
CIPHER_MODE_OFB, 'EVP_aes_ofb()'
);
my $cipher_mode = $self->query_cipher_mode();
my $cipher_func = $cipher_funcs{$cipher_mode};
# The AES cipher can only use a 16, 24 or 32 byte key: see FIPS PUB 197. Do
# not offer the choice of 24 or 32 byte keys for 0.9.7 because they do not
# seem to work. I do not know why, and the problem does not seem to occur
# with debug OpenSSL builds, which does not make it very easy to find out
Makefile.PL view on Meta::CPAN
The default cipher is AES if it is available, or else DES_EDE3 if that is
available, or else whichever one nearest the end of the list above is available.
=item B<-m E<lt>modeE<gt>>, B<--cipher-mode=E<lt>modeE<gt>>
Specify the mode of operation if a block cipher was chosen above. The following
modes are available:
ECB (Electronic Codebook Mode)
CBC (Cipher Block Chaining Mode)
CFB (64-Bit Cipher Feedback Mode)
OFB (64-Bit Output Feedback Mode)
The CBC mode is used by default.
This option is ignored for the DESX block cipher (which is only available in CBC
mode) and for the stream cipher(s) and the null cipher.
=item B<-p {E<lt>pswdE<gt>|rand}>, B<--pswd={E<lt>pswdE<gt>|rand}>
Specify the password from which to derive the key used for the encryption or
decryption. (This is known as "password-based encryption" (PBE).) The special
value "rand" means that a 32-byte password will be randomly generated using the
random number generator specified by the B<--rng> option.
The key will be derived using the PBKDF2 algorithm defined in PKCS#5 v2.0 (which
Makefile.PL view on Meta::CPAN
Note that this style of accepting all default values except for specifically
overridden ones applies equally well to the prefix directory option, so creating
a default configuration with a non-standard OpenSSL installation location can be
easily handled, e.g.
perl Makefile.PL --defaults -d /usr/local
Alternatively, you can explicitly provide values for every option that would
otherwise cause an interactive prompt to be given, e.g.
perl Makefile.PL -b both -n AES -m CBC -l 32 -p rand -r openssl -i y
This will use the AES cipher in CBC mode with a 32-byte key derived from a
password randomly generated by B<openssl>; the B<crypt_file> script will be
installed. If the OpenSSL or SSLeay prefix directory is not in one of the
locations in which it can be found automatically by B<Makefile.PL> then use the
B<-d> option as shown in the previous examples too.
=back
=head1 ENVIRONMENT
Any standard ExtUtils::MakeMaker environment variables may be used, namely:
( run in 0.698 second using v1.01-cache-2.11-cpan-df04353d9ac )