++ed by:
TOBYINK EMAZEP NEMUX CRUX BEROV

6 PAUSE user(s)
8 non-PAUSE user(s).

Karel Miko

NAME

Crypt::AuthEnc::EAX - Authenticated encryption in EAX mode

SYNOPSIS

 ### example 1
 use Crypt::AuthEnc::EAX;

 # encrypt + authenticate
 my $ae = Crypt::AuthEnc::EAX->new("AES", $key, $nonce);
 $ae->header_add('headerdata part1');
 $ae->header_add('headerdata part2');
 $ct = $ae->encrypt_add('data1');
 $ct = $ae->encrypt_add('data2');
 $ct = $ae->encrypt_add('data3');
 $tag = $ae->encrypt_done();

 # decrypt + verify
 my $ae = Crypt::AuthEnc::EAX->new("AES", $key, $nonce);
 $ae->header_add('headerdata part1');
 $ae->header_add('headerdata part2');
 $pt = $ae->decrypt_add('ciphertext1');
 $pt = $ae->decrypt_add('ciphertext2');
 $pt = $ae->decrypt_add('ciphertext3');

 my $result = $ae->decrypt_done($tag);
 #or
 my $tag_dec = $ae->decrypt_done;
 die "TAG mismatch" unless $tag eq $tag_dec;

 ### example 2
 use Crypt::AuthEnc::EAX qw(eax_encrypt_authenticate eax_decrypt_verify);

 my ($ciphertext, $tag) = eax_encrypt_authenticate('AES', $key, $nonce, $header, $plaintext);
 my $plaintext = eax_decrypt_verify('AES', $key, $nonce, $header, $ciphertext, $tag);

DESCRIPTION

EAX is a mode that requires a cipher, CTR and OMAC support and provides encryption and authentication. It is initialized with a random nonce that can be shared publicly, a header which can be fixed and public, and a random secret symmetric key.

EXPORT

Nothing is exported by default.

You can export selected functions:

  use Crypt::AuthEnc::EAX qw(eax_encrypt_authenticate eax_decrypt_verify);

FUNCTIONS

eax_encrypt_authenticate

 my ($ciphertext, $tag) = eax_encrypt_authenticate($cipher, $key, $nonce, $header, $plaintext);

 # $cipher .. 'AES' or name of any other cipher with 16-byte block len
 # $key ..... AES key of proper length (128/192/256bits)
 # $nonce ... unique nonce/salt (no need to keep it secret)
 # $header .. meta-data you want to send with the message but not have encrypted

eax_decrypt_verify

  my $plaintext = eax_decrypt_verify($cipher, $key, $nonce, $header, $ciphertext, $tag);

  # on error returns undef

METHODS

new

 my $ae = Crypt::AuthEnc::EAX->new($cipher, $key, $nonce);
 #or
 my $ae = Crypt::AuthEnc::EAX->new($cipher, $key, $nonce, $header);

 # $cipher .. 'AES' or name of any other cipher with 16-byte block len
 # $key ..... AES key of proper length (128/192/256bits)
 # $nonce ... unique nonce/salt (no need to keep it secret)
 # $header .. meta-data you want to send with the message but not have encrypted

header_add

 $ae->header_add($header_data);                 #can be called multiple times

encrypt_add

 $ciphertext = $ae->encrypt_add($data);         #can be called multiple times

encrypt_done

 $tag = $ae->encrypt_done();

decrypt_add

 $plaintext = $ae->decrypt_add($ciphertext);    #can be called multiple times

decrypt_done

 my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 #or
 my $tag = $ae->decrypt_done;           # returns $tag value

clone

 my $ae_new = $ae->clone;

SEE ALSO