Crypt::KeyWrap - AES key wrap / unwrap functions
# wrapping use Crypt::KeyWrap qw(aes_key_wrap); my $kek = pack("H*", "5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8"); # shared secret, keep private my $pt_data = pack("H*", "c37b7e6492584340bed12207808941155068f738"); my $ct_data = aes_key_wrap($kek, $pt_data); # unwrapping use Crypt::KeyWrap qw(aes_key_unwrap); my $kek = pack("H*", "5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8"); # shared secret, keep private my $ct_data = pack("H*", "138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a"); my $pt_data = aes_key_unwrap($kek, $pt_data);
Implements key wrapping algorithms defined in https://tools.ietf.org/html/rfc7518
Currently supported:
A128KW A192KW A256KW A128GCMKW A192GCMKW A256GCMKW
Not supported yet:
ECDH-ES ECDH-ES+A128KW ECDH-ES+A192KW ECDH-ES+A256KW PBES2-HS256+A128KW PBES2-HS384+A192KW PBES2-HS512+A256KW RSA-OAEP RSA-OAEP-256 RSA1_5
AES key wrap algorithm as defined in https://tools.ietf.org/html/rfc7518#section-4.4 (implements algorithms A128KW, A192KW, A256KW).
A128KW
A192KW
A256KW
Implementation follows https://tools.ietf.org/html/rfc5649 and https://tools.ietf.org/html/rfc3394.
The implementation is also compatible with http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf (it supports AES based KW, KWP + TDEA/DES_EDE based TKW).
AES Key Wrap algorithm.
$ct_data = aes_key_wrap($kek, $pt_data); # or $ct_data = aes_key_wrap($kek, $pt_data, $cipher, $padding, $inverse); # params: # $kek .. key encryption key (16bytes for AES128, 24 for AES192, 32 for AES256) # $pt_data .. plaintext data # optional params: # $cipher .. 'AES' (default) or 'DES_EDE' # $padding .. 1 (default) or 0 handle $pt_data padding (relevant for AES only) # $inverse .. 0 (default) or 1 use cipher in inverse mode as defined by SP.800-38F
Values $ct_data, $pt_data and $kek are binary octets. If you disable padding you have to make sure that $pt_data length is multiply of 8 (for AES) or multiply of 4 (for DES_EDE);
$ct_data
$pt_data
$kek
AES key unwrap algorithm as defined in https://tools.ietf.org/html/rfc7518#section-4.4 (implements algorithms A128KW, A192KW, A256KW).
AES Key Unwrap algorithm.
$pt_data = aes_key_unwrap($kek, $ct_data); # or $pt_data = aes_key_unwrap($kek, $ct_data, $cipher, $padding, $inverse); # params: # $kek .. key encryption key (16bytes for AES128, 24 for AES192, 32 for AES256) # $ct_data .. ciphertext data # optional params: # $cipher .. 'AES' (default) or 'DES_EDE' # $padding .. 1 (default) or 0 - use $pt_data padding (relevant for AES only) # $inverse .. 0 (default) or 1 - use cipher in inverse mode as defined by SP.800-38F
Values $ct_data, $pt_data and $kek are binary octets.
AES GCM key wrap algorithm as defined in https://tools.ietf.org/html/rfc7518#section-4.7 (implements algorithms A128GCMKW, A192GCMKW, A256GCMKW).
A128GCMKW
A192GCMKW
A256GCMKW
($ct_data, $tag, $iv) = gcm_key_wrap($kek, $pt_data); #or ($ct_data, $tag, $iv) = gcm_key_wrap($kek, $pt_data, $aad); #or ($ct_data, $tag, $iv) = gcm_key_wrap($kek, $pt_data, $aad, $cipher, $iv); # params: # $kek .. key encryption key (16bytes for AES128, 24 for AES192, 32 for AES256) # $pt_data .. plaintext data # optional params: # $aad .. additional authenticated data, DEFAULT is '' (empty string) # $cipher .. cipher to be used by GCM, DEFAULT is 'AES' # $iv .. initialization vector (if not defined a random IV is generated)
Values $ct_data, $pt_data, $aad, $iv, $tag and $kek are binary octets.
$aad
$iv
$tag
AES GCM key unwrap algorithm as defined in https://tools.ietf.org/html/rfc7518#section-4.7 (implements algorithms A128GCMKW, A192GCMKW, A256GCMKW).
$pt_data = gcm_key_unwrap($kek, $ct_data, $tag, $iv); # or $pt_data = gcm_key_unwrap($kek, $ct_data, $tag, $iv, $aad); # or $pt_data = gcm_key_unwrap($kek, $ct_data, $tag, $iv, $aad, $cipher); # params: # $kek .. key encryption key (16bytes for AES128, 24 for AES192, 32 for AES256) # $ct_data .. ciphertext data # $tag .. GCM's tag # $iv .. initialization vector # optional params: # $aad .. additional authenticated data, DEFAULT is '' (empty string) # $cipher .. cipher to be used by GCM, DEFAULT is 'AES'
Crypt::Cipher::AES
To install CryptX, copy and paste the appropriate command in to your terminal.
cpanm
cpanm CryptX
CPAN shell
perl -MCPAN -e shell install CryptX
For more information on module installation, please visit the detailed CPAN module installation guide.