Crypt::NaCl::Sodium::onetimeauth - One-time authentication (Poly1305)
version 1.0.8.0
use Crypt::NaCl::Sodium qw( :utils ); my $crypto_onetimeauth = Crypt::NaCl::Sodium->onetimeauth(); my ($msg, $key, $mac); $msg = "First message"; # generate one-time secret key $key = $crypto_onetimeauth->keygen(); # calculate authenticator $mac = $crypto_onetimeauth->mac( $msg, $key ); # verify message if ( $crypto_onetimeauth->verify($mac, $msg, $key) ) { # verified OK }
The crypto_onetimeauth's "mac", viewed as a function of the message for a uniform random key, is designed to meet the standard notion of unforgeability after a single message. After the sender authenticates one message, an attacker cannot find authenticators for any other messages.
crypto_onetimeauth
The sender must not use this function to authenticate more than one message under the same key. Authenticators for two messages under the same key should be expected to reveal enough information to allow forgeries of authenticators on other messages.
When multiple messages need to be authenticated use Crypt::NaCl::Sodium::auth.
my $key = $crypto_onetimeauth->keygen();
Helper method to generate a random key to be used by $crypto_onetimeauth.
$crypto_onetimeauth
The length of the $key equals "KEYBYTES".
$key
NOTE: keep the key confidential.
Returns Data::BytesLocker object.
my $mac = $crypto_onetimeauth->mac( $msg, $key );
Computes the MAC of the $msg using given $key.
$msg
The length of the $mac equals "BYTES".
$mac
NOTE: Never use this method to authenticate more than one message under the same key.
unless ( $crypto_onetimeauth->verify( $mac, $msg, $key ) ) { die "Impostor alert!"; }
Verifies the integrity and authenticity of the $msg using given $mac and $key.
Method returns true if message has been verified, false otherwise.
Multi-part computation is also supported.
my $ctx = $crypto_onetimeauth->init( $key ); $ctx->update( $msgX ); $ctx->update( $msgY )->update( $msgZ, ... ); my $mac = $ctx->final(); my $msgXYZ = join('', $msgX, $msgY, $msgZ, ...); unless ( $crypto_onetimeauth->verify( $mac, $msgXYZ, $key) ) { die "Impostor alert!"; }
my $ctx = $crypto_onetimeauth->init( $key );
Creates a context for multi-part computation using given $key generated using "keygen".
Returns Crypt::NaCl::Sodium::onetimeauth::stream object which encapsulates the computation state of the algorithm.
Crypt::NaCl::Sodium::onetimeauth::stream
while ( <> ) { $ctx->update( $_ ); print "Line: $.: ", $ctx->clone->final->to_hex, "\n"; }
Returns a copy of $ctx object, that contains the current computation state.
$ctx
$ctx->update( $msg, ... );
Appends its arguments to the message for which the MAC is being calculated.
Returns the $ctx object itself.
my $mac = $ctx->final();
Computes the final MAC of the input data.
my $key_length = $crypto_onetimeauth->KEYBYTES;
Returns the length of key.
my $mac_length = $crypto_onetimeauth->BYTES;
Returns the length of MAC.
crypto_onetimeauth uses Poly1305 authenticator, which is proven to meet the standard notion of unforgeability after a single message.
Data::BytesLocker - guarded data storage
Cryptography in NaCl
Alex J. G. Burzyński <ajgb@cpan.org>
This software is copyright (c) 2015 by Alex J. G. Burzyński <ajgb@cpan.org>.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
To install Crypt::NaCl::Sodium, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Crypt::NaCl::Sodium
CPAN shell
perl -MCPAN -e shell install Crypt::NaCl::Sodium
For more information on module installation, please visit the detailed CPAN module installation guide.