Crypt::EECDH - Simple ephemeral ECDH + AES hybrid cryptosystem
$Revision: 1.005 $ $Date: Sat Jun 10 10:46:49 PDT 2017 $
A simple ephemeral ECDH + AES hybrid cryptosystem.
use Crypt::EECDH; my $eecdh = new Crypt::EECDH; # Generate server's signing keypair my ($pub_signkey, $sec_signkey) = $eecdh->signkeygen; # Generate server's messaging key and signature my ($pubkey, $seckey, $signature) = $eecdh->keygen( PrivateKey => $sec_signkey, PublicKey => $pub_signkey ); my $msg = "Testing"; # Encrypt a message to server my ($clientsec, $encrypted) = $eecdh->encrypt( PublicKey => $pubkey, Message => $msg, SigningKey => $pub_signkey, Signature => $signature ); # Server decrypts message my ($clientpub, $decrypted) = $eecdh->decrypt( Key => $seckey, Ciphertext => $encrypted ); print "OK\n" if $decrypted eq $msg; # Server encrypts response (using a fresh ephemeral keypair) my ($newsec, $encrypted2) = $eecdh->encrypt( PublicKey => $clientpub, Message => $msg ); # Client decrypts the response my ($newpub, $decrypted2) = $eecdh->decrypt( Key => $clientsec, Ciphertext => $encrypted2); # Now client can use $newpub to encrypt another message and the # exchange can continue. Note that the server will need to hold on # to $newsec in order to decrypt the response. # Alternately the client can use server's $pubkey for all messages # it sends, which frees server from having to keep track of client # keys.
A simple hybrid crypto system with ephemeral ECDH key agreement in combination with the AES cipher.
This modules uses Daniel J. Bernstein's curve25519 to perform a Diffie-Hellman key agreement. A new keypair is generated for every encryption operation. The shared key resulting from the key agreement is hashed and used to encrypt the plaintext using AES in CBC mode (with the IV deterministically derived from the public key). It also adds a HMAC, with the key derived from the same shared secret as the encryption key.
Some of the code of this module (and most of the previous paragraph) is borrowed from the Crypt::ECDH_ES module, which provides one-way communication functionality in an ephemeral-static mode, where one side (the decoder or "server") uses a static key.
Crypt::EECDH provides full two-way encryption capability with ephemeral keys on both sides. Instead of a static messaging key, the server uses a static signing key, and signs its ephemeral messaging keys with its signing key. The signing key is never used to encrypt messages. The server may generate a new ephemeral messaging key pair at the start of each client session, or it may perodically generate and publish new messaging keys.
Creates and returns a new Crypt::EECDH object. The following optional named parameters can be provided:
SigScheme - The signature scheme to use for the signing keys. Valid options are 'ECDSA' and 'Ed25519', which use the Crypt::EC_DSA and Crypt::Ed25519 modules respectively. The default is 'ECDSA'.
Debug - Set to a true value to have the module emit messages useful for debugging.
Generates and returns a signing keypair as a two element list, with the public key as the first element, private key as the second.
Generates and returns a messaging keypair as a two element list, with the public key as the first element, private key as the second. The following optional parameters may be provided:
PrivateKey - The signing private key
PublicKey - The signing public key
Encrypts a message. A new keypair is generated for each encryption operation. Returns a list whose first element is the cipherext and second element is the generated private key. The following named parameters are required:
PublicKey - The public messaging key of the recipient
Message - The message to be encrypted
The following optional parameters can be provided:
SigningKey - The public signing key of the recipient
Signature - Signature on the messaging key
Decrypts a message. Returns a list whose first element is the decrypted message and second element is the public key of the sender. The following named parameters are required:
Key - The private messaging key of the recipient
Ciphertext - The ciphertext to be decrypted
Crypt::ECDH_ES
Ashish Gulhati, <crypt-eecdh at hash.neo.tc>
<crypt-eecdh at hash.neo.tc>
Please report any bugs or feature requests to bug-crypt-eecdh at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Crypt-EECDH. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
bug-crypt-eecdh at rt.cpan.org
You can find documentation for this module with the perldoc command.
perldoc Crypt::EECDH
You can also look for information at:
RT: CPAN's request tracker
http://rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-EECDH
AnnoCPAN: Annotated CPAN documentation
http://annocpan.org/dist/Crypt-EECDH
CPAN Ratings
http://cpanratings.perl.org/d/Crypt-EECDH
Search CPAN
http://search.cpan.org/dist/Crypt-EECDH/
Some of the code in this module is borrowed from Crypt::ECDH_ES by Leon Timmermans <leont@cpan.org>
Copyright (c) 2017 Ashish Gulhati.
This program is free software; you can redistribute it and/or modify it under the terms of the Artistic License 2.0.
See http://www.perlfoundation.org/artistic_license_2_0 for the full license terms.
To install Crypt::EECDH, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Crypt::EECDH
CPAN shell
perl -MCPAN -e shell install Crypt::EECDH
For more information on module installation, please visit the detailed CPAN module installation guide.