- TECHNICAL DETAILS
- SEE ALSO
- LICENSE AND COPYRIGHT
Crypt::EECDH - Simple ephemeral ECDH + AES hybrid cryptosystem
$Revision: 1.007 $ $Date: Tue Oct 16 23:45:54 PDT 2018 $
use Crypt::EECDH; my $eecdh = new Crypt::EECDH; # Generate server's signing keypair my ($pub_signkey, $sec_signkey) = $eecdh->signkeygen; # Generate server's messaging key and signature my ($pubkey, $seckey, $signature) = $eecdh->keygen( PrivateKey => $sec_signkey, PublicKey => $pub_signkey ); my $msg = "Testing"; # Encrypt a message to server my ($encrypted, $clientsec) = $eecdh->encrypt( PublicKey => $pubkey, Message => $msg, SigningKey => $pub_signkey, Signature => $signature ); # Server decrypts message my ($decrypted, $clientpub) = $eecdh->decrypt( Key => $seckey, Ciphertext => $encrypted ); print "OK\n" if $decrypted eq $msg; # Server encrypts response (using a fresh ephemeral keypair) my ($encrypted2, $newsec) = $eecdh->encrypt( PublicKey => $clientpub, Message => $msg ); # Client decrypts the response my ($decrypted2, $newpub) = $eecdh->decrypt( Key => $clientsec, Ciphertext => $encrypted2); # Now client can use $newpub to encrypt another message and the # exchange can continue. Note that the server will need to hold on # to $newsec in order to decrypt the response. # Alternately the client can use server's $pubkey for all messages # it sends, which frees server from having to keep track of new # ephemeral keys.
A simple hybrid crypto system with ephemeral ECDH key agreement in combination with the AES cipher.
This modules uses Daniel J. Bernstein's curve25519 to perform a Diffie-Hellman key agreement. A new keypair is generated for every encryption operation. The shared key resulting from the key agreement is hashed and used to encrypt the plaintext using AES in CBC mode (with the IV deterministically derived from the public key). It also adds a HMAC, with the key derived from the same shared secret as the encryption key.
Some of the code in this module (and most of the text of the previous paragraph) is from the Crypt::ECDH_ES module, which provides one-way communication functionality in an ephemeral-static mode, where one side (the decoder or "server") uses a static key.
Crypt::EECDH provides full two-way encryption capability with ephemeral keys on both sides. Instead of a static messaging key, the server uses a static signing key, and signs its ephemeral messaging keys with its signing key. The signing key is never used to encrypt messages. The server may generate a new ephemeral messaging key pair at the start of each client session, or it may perodically generate and publish new messaging keys.
Creates and returns a new Crypt::EECDH object. The following optional named parameters can be provided:
Debug - Set to a true value to have the module emit messages useful for debugging.
Generates and returns a signing keypair as a two element list, with the public key as the first element, private key as the second.
Generates and returns a messaging keypair as a two element list, with the public key as the first element, private key as the second. The following optional parameters may be provided:
PrivateKey - The signing private key
PublicKey - The signing public key
Encrypts a message. A new keypair is generated for each encryption operation. Returns a list whose first element is the cipherext and second element is the generated private key. The following named parameters are required:
PublicKey - The public messaging key of the recipient
Message - The message to be encrypted
The following optional parameters can be provided:
SigningKey - The public signing key of the recipient
Signature - Signature on the messaging key
Decrypts a message. Returns a list whose first element is the decrypted message and second element is the public key of the sender. The following named parameters are required:
Key - The private messaging key of the recipient
Ciphertext - The ciphertext to be decrypted
<crypt-eecdh at hash.neo.tc>
Please report any bugs or feature requests to
bug-crypt-eecdh at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Crypt-EECDH. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
You can find documentation for this module with the perldoc command.
You can also look for information at:
RT: CPAN's request tracker
AnnoCPAN: Annotated CPAN documentation
Some of the code in this module is from Crypt::ECDH_ES by Leon Timmermans <email@example.com>
Copyright (c) Ashish Gulhati.
This software package is Open Software; you can use, redistribute, and/or modify it under the terms of the Open Artistic License 2.0.
Please see http://www.opensoftwr.org/oal20.txt for the full license terms, and ensure that the license grant applies to you before using or modifying this software. By using or modifying this software, you indicate your agreement with the license terms.