Сергей Романов


Crypt::OpenPGP::Ciphertext - Encrypted data packet


    use Crypt::OpenPGP::Ciphertext;

    my $key_data = 'f' x 64;    ## Not a very good key :)

    my $ct = Crypt::OpenPGP::Ciphertext->new(
        Data   => "foo bar baz",
        SymKey => $key_data,
    my $serialized = $ct->save;

    my $buffer = Crypt::OpenPGP::Buffer->new;
    my $ct2 = Crypt::OpenPGP::Ciphertext->parse( $buffer );
    my $data = $ct->decrypt( $key_data );


Crypt::OpenPGP::Ciphertext implements symmetrically encrypted data packets, providing both encryption and decryption functionality. Both standard encrypted data packets and encrypted-MDC (modification detection code) packets are supported by this class. In the first case, the encryption used in the packets is a variant on standard CFB mode, and is described in the OpenPGP RFC, in section 13.9 (OpenPGP CFB mode). In the second case (encrypted-MDC packets), the encryption is performed in standard CFB mode, without the special resync used in PGP's CFB.


Crypt::OpenPGP::Ciphertext->new( %arg )

Creates a new symmetrically encrypted data packet object and returns that object. If there are no arguments in %arg, the object is created with an empty data container; this is used, for example, in parse (below), to create an empty packet which is then filled from the data in the buffer.

If you wish to initialize a non-empty object, %arg can contain:

  • Data

    A block of octets that make up the plaintext data to be encrypted.

    This argument is required (for a non-empty object).

  • SymKey

    The symmetric cipher key: a string of octets that make up the key data of the symmetric cipher key. This should be at least long enough for the key length of your chosen cipher (see Cipher, below), or, if you have not specified a cipher, at least 64 bytes (to allow for long cipher key sizes).

    This argument is required (for a non-empty object).

  • Cipher

    The name (or ID) of a supported PGP cipher. See Crypt::OpenPGP::Cipher for a list of valid cipher names.

    This argument is optional; by default Crypt::OpenPGP::Cipher will use DES3.

  • MDC

    When set to a true value, encrypted texts will use encrypted MDC (modification detection code) packets instead of standard encrypted data packets. These are a newer form of encrypted data packets that are followed by a SHA-1 hash of the plaintext data. This prevents attacks that modify the encrypted text by using a message digest to detect changes.

    By default MDC is set to 0, and encrypted texts use standard encrypted data packets. Set it to a true value to turn on MDC packets.


Returns the block of ciphertext created in new (assuming that you created a non-empty packet by specifying some data; otherwise returns an empty string).


Given $buffer, a Crypt::OpenPGP::Buffer object holding (or with offset pointing to) a symmetrically encrypted data packet, returns a new Crypt::OpenPGP::Ciphertext object, initialized with the ciphertext in the buffer.

$ct->decrypt($key, $alg)

Decrypts the ciphertext in the Crypt::OpenPGP::Ciphertext object and returns the plaintext. $key is the encryption key, and $alg is the name (or ID) of the Crypt::OpenPGP::Cipher type used to encrypt the message. Obviously you can't just guess at these parameters; this method (along with parse, above) is best used along with the Crypt::OpenPGP::SessionKey object, which holds an encrypted version of the key and cipher algorithm.


Please see the Crypt::OpenPGP manpage for author, copyright, and license information.