++ed by:
ARPI

1 PAUSE user

Felipe Gasper
and 1 contributors

NAME

Crypt::Perl - Cryptography in Pure Perl

DESCRIPTION

Just as it sounds: cryptography with no non-core XS dependencies! This is useful if you don’t have access to other tools that do this work like OpenSSL, CryptX, etc. Of course, if you do have access to one of those tools, they may suit your purpose better.

See submodules for usage examples of:

SUPPORTED PUBLIC KEY ENCRYPTION ALGORITHMS

SECURITY

NO GUARANTEES!!! So far this is just my own effort—and a port of existing (likely also un-audited) logic at that. There has been no formal security review. I did find one security problem in one of the source libraries; there may well be more.

That said, I am reasonably confident that this is a “good enough” effort for the intended circumstance (i.e., no access to other tools). Patches are always welcome! :)

SPEED

Most operations here are reasonably quick, but certain ones (e.g., RSA key generation) are pretty slow. Depending on your use case, this may or may not be workable for you. It will always, of course, be slower than C-based implementations like OpenSSL or LibTomCrypt. This code does take advantage of XS-based backends for modules like Math::BigInt and Bytes::Random::Secure::Tiny where available.

TODO

There are TODO items listed in the submodules; the following are general to the entire distribution.

  • Security audit. A check against OpenSSL or LibTomCrypt would be awesome. I find OpenSSL overly confusing to read, and I didn’t think to check LibTomCrypt until I had solved the major problems.

  • Document the exception system so that applications can use it.

  • Add more tests.

  • Make it faster :)

ACKNOWLEDGEMENTS

Much of the logic here comes from Kenji Urushima’s jsrsasign.

Most of the tests depend on the near-ubiquitous OpenSSL, without which the Internet would be a very, very different reality from what we know!

LICENSE

This library is licensed under the same license as Perl.

AUTHOR

Felipe Gasper (FELIPE)