Crypto::Util - A lightweight Crypt/Digest convenience API
use Crypto::Util; # also has a Sub::Exporter to return functions wrapping a default instance my $util = Crypto::Util->new; $util->default_key("my secret"); # MAC or cipher+digest based tamper resistent encapsulation my $tamper_resistent_string = $util->tamper_protected( $data ); # can also take refs my $trusted = $util->thaw_tamper_protected( $untrusted_string, key => "another secret" ); # without specifying which encoding returns base32 or hex if base32 is unavailable my $encoded = $util->encode_string( $bytes ); my $hash = $util->digest( $bytes, digest => "md5" ); die "baaaad" unless $util->verify_hash( hash => $hash, data => $bytes, digest => "md5", );
This is a sloppy release. By 0.01 the docs should be in place, as well as some more features I want in. As the saying goes, release prematurely, cry often.
This module provides an easy, intuitive and forgiving API for weilding crypto-fu.
Features which are currently missing but are scheduled for 0.01:
xMAC support
Crypt::SaltedHash support
Bruce Schneier Fact Database http://geekz.co.uk/lovesraymond/archive/bruce-schneier-facts
Entropy fetching (get N weak/strong bytes, etc) from e.g. OpenSSL bindings, /dev/*random, and EGD.
Pipelined encrypting/digesting... Currently all the methods are named foo_string. In the future, a foo variant that auto DWIMs will be added, and a foo_stream, foo_handle, foo_callbacks api will be layered over a simple push API (like Crypt::CBC).
Usability patches are very welcome - this is supposed to be an easy api for random people to be able to easily (but responsibly) use the more low level Crypt:: and Digest:: modules on the CPAN.
Dependency hell is avoided using a fallback mechanism that tries to choose an algorithm based on an overridable list.
For "simple" use install Crypt::Util and your favourite digest, cipher and cipher mode (CBC, CFB, etc).
To ensure predictable behavior the fallback behavior can be disabled as necessary.
params: data => $anything, encrypt => bool || alg (defaults to true, false means just hmac), key (encrypt_string), digest => bool || alg, encode => bool || alg (defaults to true/"uri", see encode string), fatal => bool (defaults to true, turning it off will return undef on failure instead of dying)
with odd args the first is treated as data
implicitly storables data if it's a ref
encode => bool || alg (defaults to false), encrypt => bool || alg, key (defaults to server_key)
with odd args the firstr is treated as the string
params: cipher, key
Return an object using Crypt::CBC
digest => alg
hash => string (the hash to verify), string => string (the digested string), all params of digest_string, fatal => bool (defaults to false)
just calls digest_string and then eq
params: digest
Returns an object using Digest
encoding => symbolic type (uri, printable) or concrete type (none, hex, base64, base32)
XXX emac, hmac, etc wrapper?
mac => string (the mac to verify), string => string (the digested string), type => "digest" || "cipher" # hmac or cmac, fatal => bool (defaults to false, whbich just returns undef on failure)
mac => string (the mac to verify), string => string (the digested string), fatal => bool (defaults to false), all params of hmac_digest_string
cmac, emac
A fairly entropic random string, suitable for digesting
digest => bool || alg (defaults to true), encode bool || alg
digest => bool || alg (defaults to false), encode bool || alg, bytes => $n (defaults to 32)
might not be supported (tries /dev/random and/or the OpenSSL bindings)
encoding into a URI safe string
# "default" is there to be overridden by configs, if it returns nothing fallback will be called # "fallback" is for when nothing is configured -- the class's default
When true only the first item from the fallback list will be tried, and if it can't be loaded there will be loud deaths.
Enable this to ensure portability
find the first from fallback_cipher_list
qw/Rijndael Twofish Blowfish IDEA RC6 RC5/;
qw/SHA1 RIPEMD-160 Whirlpool MD5/
"hex"
"base32", "hex"
"uri_base64" # XXX make this uri_escape?
"base64"
To install Crypt::Util, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Crypt::Util
CPAN shell
perl -MCPAN -e shell install Crypt::Util
For more information on module installation, please visit the detailed CPAN module installation guide.