[OpenSPARC-T2-DV] / tools / perl-5.8.0 / man / man3 / Crypt::CBC.3

.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  | will give a
.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used to
.\" do unbreakable dashes and therefore won't be available.  \*(C` and \*(C'
.\" expand to `' in nroff, nothing in troff, for use with C<>.
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.if \nF \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    nr % 0
.    rr F
.\}
.\"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "CBC 3"
.TH CBC 3 "2002-09-11" "perl v5.8.0" "User Contributed Perl Documentation"
.SH "NAME"
Crypt::CBC \- Encrypt Data with Cipher Block Chaining Mode
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 8
\&  use Crypt::CBC;
\&  $cipher = Crypt::CBC->new( {'key'             => 'my secret key',
\&                              'cipher'          => 'Blowfish',
\&                              'iv'              => '$KJh#(}q',
\&                              'regenerate_key'  => 0,   # default true
\&                              'padding'         => 'space',
\&                              'prepend_iv'      => 0
\&                           });
.Ve
.PP
.Vb 2
\&  $ciphertext = $cipher->encrypt("This data is hush hush");
\&  $plaintext = $cipher->decrypt($ciphertext);
.Ve
.PP
.Vb 6
\&  $cipher->start('encrypting');
\&  open(F,"./BIG_FILE");
\&  while (read(F,$buffer,1024)) {
\&      print $cipher->crypt($buffer);
\&  }
\&  print $cipher->finish;
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This module is a Perl-only implementation of the cryptographic cipher
block chaining mode (\s-1CBC\s0).  In combination with a block cipher such as
\&\s-1DES\s0 or \s-1IDEA\s0, you can encrypt and decrypt messages of arbitrarily long
length.  The encrypted messages are compatible with the encryption
format used by \fBSSLeay\fR.
.PP
To use this module, you will first create a Crypt::CBC cipher object with
\&\fInew()\fR.  At the time of cipher creation, you specify an encryption key
to use and, optionally, a block encryption algorithm.  You will then
call the \fIstart()\fR method to initialize the encryption or decryption
process, \fIcrypt()\fR to encrypt or decrypt one or more blocks of data, and
lastly \fIfinish()\fR, to pad and encrypt the final block.  For your
convenience, you can call the \fIencrypt()\fR and \fIdecrypt()\fR methods to
operate on a whole data value at once.
.Sh "\fInew()\fP"
.IX Subsection "new()"
.Vb 7
\&  $cipher = Crypt::CBC->new( {'key'             => 'my secret key',
\&                              'cipher'          => 'Blowfish',
\&                              'iv'              => '$KJh#(}q',
\&                              'regenerate_key'  => 0,   # default true
\&                              'padding'         => 'space',
\&                              'prepend_iv'      => 0
\&                           });
.Ve
.PP
.Vb 2
\&  # or (for compatibility with earlier versions)
\&  $cipher = new Crypt::CBC($key,$algorithm);
.Ve
.PP
The \fInew()\fR method creates a new Crypt::CBC object.  
.PP
You must provide an encryption/decryption key, which can be any series
of characters of any length.  If regenerate_key is not specified as a
false value, the actual key used is derived from the \s-1MD5\s0 hash of the
key you provide.  The cipher is optional and will default to \s-1DES\s0 unless
specified otherwise. You may use any compatible block encryption
algorithm that you have installed. Currently, this includes Crypt::DES,
Crypt::DES_EDE3, Crypt::IDEA, Crypt::Blowfish, and Crypt::Rijndael. You
may refer to them using their full names (\*(L"Crypt::IDEA\*(R") or in 
abbreviated form (\*(L"\s-1IDEA\s0\*(R").  
.PP
An initialization vector may be specified, either by passing in a key of
\&'iv' as an option to new, or by calling 
\&\f(CW$cipher\fR\->set_initialization_key($iv) before calling \f(CW$cipher\fR\->\fIstart()\fR.  
The \s-1IV\s0 will be ignored in decryption if the ciphertext is prepended by 
text which matches the regex /^RandomIV.{8}/, in which case the 8 
characters following \*(L"RandomIV\*(R" will be used as the \s-1IV\s0. When encrypting,
by default the ciphertext will be prepended with "RandomIV<\s-1IV\s0>\*(L"
(16 bytes). To disable this, set 'prepend_iv' to a false value. The 
padding method can be specified by the 'padding' option. If no padding 
method is specified, PKCS#5 (\*(R"standard") padding is assumed.
.Sh "\fIstart()\fP"
.IX Subsection "start()"
.Vb 2
\&   $cipher->start('encrypting');
\&   $cipher->start('decrypting');
.Ve
.PP
The \fIstart()\fR method prepares the cipher for a series of encryption or
decryption steps, resetting the internal state of the cipher if
necessary.  You must provide a string indicating whether you wish to
encrypt or decrypt.  \*(L"E\*(R" or any word that begins with an \*(L"e\*(R" indicates
encryption.  \*(L"D\*(R" or any word that begins with a \*(L"d\*(R" indicates
decryption.
.Sh "\fIcrypt()\fP"
.IX Subsection "crypt()"
.Vb 1
\&   $ciphertext = $cipher->crypt($plaintext);
.Ve
.PP
After calling \fIstart()\fR, you should call \fIcrypt()\fR as many times as
necessary to encrypt the desired data.  
.Sh "\fIfinish()\fP"
.IX Subsection "finish()"
.Vb 1
\&   $ciphertext = $cipher->finish();
.Ve
.PP
The \s-1CBC\s0 algorithm must buffer data blocks inernally until they are
even multiples of the encryption algorithm's blocksize (typically 8
bytes).  After the last call to \fIcrypt()\fR you should call \fIfinish()\fR.
This flushes the internal buffer and returns any leftover ciphertext.
.PP
In a typical application you will read the plaintext from a file or
input stream and write the result to standard output in a loop that
might look like this:
.PP
.Vb 4
\&  $cipher = new Crypt::CBC('hey jude!');
\&  $cipher->start('encrypting');
\&  print $cipher->crypt($_) while <>;
\&  print $cipher->finish();
.Ve
.Sh "\fIencrypt()\fP"
.IX Subsection "encrypt()"
.Vb 1
\&  $ciphertext = $cipher->encrypt($plaintext)
.Ve
.PP
This convenience function runs the entire sequence of \fIstart()\fR, \fIcrypt()\fR
and \fIfinish()\fR for you, processing the provided plaintext and returning
the corresponding ciphertext.
.Sh "\fIdecrypt()\fP"
.IX Subsection "decrypt()"
.Vb 1
\&  $plaintext = $cipher->decrypt($ciphertext)
.Ve
.PP
This convenience function runs the entire sequence of \fIstart()\fR, \fIcrypt()\fR
and \fIfinish()\fR for you, processing the provided ciphertext and returning
the corresponding plaintext.
.Sh "\fIencrypt_hex()\fP, \fIdecrypt_hex()\fP"
.IX Subsection "encrypt_hex(), decrypt_hex()"
.Vb 2
\&  $ciphertext = $cipher->encrypt_hex($plaintext)
\&  $plaintext  = $cipher->decrypt_hex($ciphertext)
.Ve
.PP
These are convenience functions that operate on ciphertext in a
hexadecimal representation.  \fBencrypt_hex($plaintext)\fR is exactly
equivalent to \fBunpack('H*',encrypt($plaintext))\fR.  These functions
can be useful if, for example, you wish to place the encrypted
.Sh "\fIget_initialization_vector()\fP"
.IX Subsection "get_initialization_vector()"
.Vb 1
\&  $iv = $cipher->get_initialization_vector()
.Ve
.PP
This function will return the \s-1IV\s0 used in encryption and or decryption.
This function may be useful to determine the random \s-1IV\s0 used when 
encrypting if none is specified in \fInew()\fR. The \s-1IV\s0 is not guaranteed to
be set when encrypting until \fIstart()\fR is called, and when decrypting 
until \fIcrypt()\fR is called the first time.
.Sh "\fIset_initialization_vector()\fP"
.IX Subsection "set_initialization_vector()"
.Vb 1
\&  $cipher->set_initialization_vector('76543210')
.Ve
.PP
This function sets the \s-1IV\s0 used in encryption and/or decryption. This 
function may be useful if the \s-1IV\s0 is not contained within the ciphertext
string being decrypted, or if a particular \s-1IV\s0 is desired for encryption.
If not set, a random \s-1IV\s0 will be generated. The \s-1IV\s0 is not guaranteed to
be set when encrypting until \fIstart()\fR is called, and when decrypting
until \fIcrypt()\fR is called the first time.
.Sh "Padding methods"
.IX Subsection "Padding methods"
Use the 'padding' option to change the padding method.
.PP
When the last block of plaintext is shorter than the block size,
it must be padded. Padding methods include: \*(L"standard\*(R" (i.e., PKCS#5),
\&\*(L"oneandzeroes\*(R", \*(L"space\*(R", and \*(L"null\*(R".
.PP
.Vb 5
\&   standard: (default) Binary safe
\&      pads with the number of bytes that should be truncated. So, if 
\&      blocksize is 8, then "0A0B0C" will be padded with "05", resulting
\&      in "0A0B0C0505050505". If the final block is a full block of 8 
\&      bytes, then a whole block of "0808080808080808" is appended.
.Ve
.PP
.Vb 4
\&   oneandzeroes: Binary safe
\&      pads with "80" followed by as many "00" necessary to fill the
\&      block. If the last block is a full block and blocksize is 8, a
\&      block of "8000000000000000" will be appended.
.Ve
.PP
.Vb 4
\&   null: text only
\&      pads with as many "00" necessary to fill the block. If the last 
\&      block is a full block and blocksize is 8, a block of 
\&      "0000000000000000" will be appended.
.Ve
.PP
.Vb 2
\&   space: text only
\&      same as "null", but with "20".
.Ve
.PP
Both the standard and oneandzeroes paddings are binary safe.  The
space and null paddings are recommended only for text data.  Which
type of padding you use depends on whether you wish to communicate
with an external (non Crypt::CBC library).  If this is the case, use
whatever padding method is compatible.
.PP
You can also pass in a custom padding function.  To do this, create a
function that takes the arguments:
.PP
.Vb 1
\&   $padded_block = function($block,$blocksize,$direction);
.Ve
.PP
where \f(CW$block\fR is the current block of data, \f(CW$blocksize\fR is the size to
pad it to, \f(CW$direction\fR is \*(L"e\*(R" for encrypting and \*(L"d\*(R" for decrypting,
and \f(CW$padded_block\fR is the result after padding or depadding.
.PP
When encrypting, the function should always return a string of
<blocksize> length, and when decrypting, can expect the string coming
in to always be that length. See \fI_standard_padding()\fR, \fI_space_padding()\fR,
\&\fI_null_padding()\fR, or \fI_oneandzeroes_padding()\fR in the source for examples.
.PP
Standard and oneandzeroes padding are recommended, as both space and
null padding can potentially truncate more characters than they should. 
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Two examples, des.pl and idea.pl can be found in the eg/ subdirectory
of the Crypt-CBC distribution.  These implement command-line \s-1DES\s0 and
\&\s-1IDEA\s0 encryption algorithms.
.SH "LIMITATIONS"
.IX Header "LIMITATIONS"
The encryption and decryption process is about a tenth the speed of
the equivalent SSLeay programs (compiled C).  This could be improved
by implementing this module in C.  It may also be worthwhile to
optimize the \s-1DES\s0 and \s-1IDEA\s0 block algorithms further.
.SH "BUGS"
.IX Header "BUGS"
Please report them.
.SH "AUTHOR"
.IX Header "AUTHOR"
Lincoln Stein, lstein@cshl.org
.PP
This module is distributed under the \s-1ARTISTIC\s0 \s-1LICENSE\s0 using the same
terms as Perl itself.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIperl\fR\|(1), \fICrypt::DES\fR\|(3), \fICrypt::IDEA\fR\|(3), rfc2898 (PKCS#5)
Commit	Line	Data
86530b38 AT	1	.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13
	2	.\"
	3	.\" Standard preamble:
	4	.\" ========================================================================
	5	.de Sh \" Subsection heading
	6	.br
	7	.if t .Sp
	8	.ne 5
	9	.PP
	10	\fB\\$1\fR
	11	.PP
	12	..
	13	.de Sp \" Vertical space (when we can't use .PP)
	14	.if t .sp .5v
	15	.if n .sp
	16	..
	17	.de Vb \" Begin verbatim text
	18	.ft CW
	19	.nf
	20	.ne \\$1
	21	..
	22	.de Ve \" End verbatim text
	23	.ft R
	24	.fi
	25	..
	26	.\" Set up some character translations and predefined strings. \*(-- will
	27	.\" give an unbreakable dash, \(PI will give pi, \(L" will give a left
	28	.\" double quote, and \*(R" will give a right double quote. \| will give a
	29	.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
	30	.\" do unbreakable dashes and therefore won't be available. \(C` and \(C'
	31	.\" expand to `' in nroff, nothing in troff, for use with C<>.
	32	.tr \(W-\|\(bv\(Tr
	33	.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
	34	.ie n \{\
	35	. ds -- \(*W-
	36	. ds PI pi
	37	. if (\n(.H=4u)&(1m=24u) .ds -- \(W\h'-12u'\(W\h'-12u'-\" diablo 10 pitch
	38	. if (\n(.H=4u)&(1m=20u) .ds -- \(W\h'-12u'\(W\h'-8u'-\" diablo 12 pitch
	39	. ds L" ""
	40	. ds R" ""
	41	. ds C` ""
	42	. ds C' ""
	43	'br\}
	44	.el\{\
	45	. ds -- \\|\(em\\|
	46	. ds PI \(*p
	47	. ds L" ``
	48	. ds R" ''
	49	'br\}
	50	.\"
	51	.\" If the F register is turned on, we'll generate index entries on stderr for
	52	.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
	53	.\" entries marked with X<> in POD. Of course, you'll have to process the
	54	.\" output yourself in some meaningful fashion.
	55	.if \nF \{\
	56	. de IX
	57	. tm Index:\\$1\t\\n%\t"\\$2"
	58	..
	59	. nr % 0
	60	. rr F
	61	.\}
	62	.\"
	63	.\" For nroff, turn off justification. Always turn off hyphenation; it makes
	64	.\" way too many mistakes in technical documents.
65	.hy 0
66	.if n .na
67	.\"
68	.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
69	.\" Fear. Run. Save yourself. No user-serviceable parts.
70	. \" fudge factors for nroff and troff
71	.if n \{\
72	. ds #H 0
73	. ds #V .8m
74	. ds #F .3m
75	. ds #[ \f1
76	. ds #] \fP
77	.\}
78	.if t \{\
79	. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
80	. ds #V .6m
81	. ds #F 0
82	. ds #[ \&
83	. ds #] \&
84	.\}
85	. \" simple accents for nroff and troff
86	.if n \{\
87	. ds ' \&
88	. ds ` \&
89	. ds ^ \&
90	. ds , \&
91	. ds ~ ~
92	. ds /
93	.\}
94	.if t \{\
95	. ds ' \\k:\h'-(\\n(.wu8/10-\(#H)'\'\h"\|\\n:u"
96	. ds ` \\k:\h'-(\\n(.wu8/10-\(#H)'\`\h'\|\\n:u'
97	. ds ^ \\k:\h'-(\\n(.wu10/11-\(#H)'^\h'\|\\n:u'
98	. ds , \\k:\h'-(\\n(.wu*8/10)',\h'\|\\n:u'
99	. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'\|\\n:u'
100	. ds / \\k:\h'-(\\n(.wu8/10-\(#H)'\z\(sl\h'\|\\n:u'
101	.\}
102	. \" troff and (daisy-wheel) nroff accents
103	.ds : \\k:\h'-(\\n(.wu8/10-\(#H+.1m+\(#F)'\v'-\(#V'\z.\h'.2m+\(#F'.\h'\|\\n:u'\v'\(#V'
104	.ds 8 \h'\(#H'\(b\h'-\*(#H'
105	.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\(#H)/2u'\v'-.3n'\(#[\z\(de\v'.3n'\h'\|\\n:u'\*(#]
106	.ds d- \h'\(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\(#H'
107	.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'\|\\n:u'
108	.ds th \(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u2/3)'\s-1o\s+1\*(#]
109	.ds Th \(#[\s+2I\s-2\h'-\w'I'u3/5'\v'-.3m'o\v'.3m'\*(#]
110	.ds ae a\h'-(\w'a'u*4/10)'e
111	.ds Ae A\h'-(\w'A'u*4/10)'E
112	. \" corrections for vroff
113	.if v .ds ~ \\k:\h'-(\\n(.wu9/10-\(#H)'\s-2\u~\d\s+2\h'\|\\n:u'
114	.if v .ds ^ \\k:\h'-(\\n(.wu10/11-\(#H)'\v'-.4m'^\v'.4m'\h'\|\\n:u'
115	. \" for low resolution devices (crt and lpr)
116	.if \n(.H>23 .if \n(.V>19 \
117	\{\
118	. ds : e
119	. ds 8 ss
120	. ds o a
121	. ds d- d\h'-1'\(ga
122	. ds D- D\h'-1'\(hy
123	. ds th \o'bp'
124	. ds Th \o'LP'
125	. ds ae ae
126	. ds Ae AE
127	.\}
128	.rm #[ #] #H #V #F C
129	.\" ========================================================================
130	.\"
131	.IX Title "CBC 3"
132	.TH CBC 3 "2002-09-11" "perl v5.8.0" "User Contributed Perl Documentation"
133	.SH "NAME"
134	Crypt::CBC \- Encrypt Data with Cipher Block Chaining Mode
135	.SH "SYNOPSIS"
136	.IX Header "SYNOPSIS"
137	.Vb 8
138	\& use Crypt::CBC;
139	\& $cipher = Crypt::CBC->new( {'key' => 'my secret key',
140	\& 'cipher' => 'Blowfish',
141	\& 'iv' => '$KJh#(}q',
142	\& 'regenerate_key' => 0, # default true
143	\& 'padding' => 'space',
144	\& 'prepend_iv' => 0
145	\& });
146	.Ve
147	.PP
148	.Vb 2
149	\& $ciphertext = $cipher->encrypt("This data is hush hush");
150	\& $plaintext = $cipher->decrypt($ciphertext);
151	.Ve
152	.PP
153	.Vb 6
154	\& $cipher->start('encrypting');
155	\& open(F,"./BIG_FILE");
156	\& while (read(F,$buffer,1024)) {
157	\& print $cipher->crypt($buffer);
158	\& }
159	\& print $cipher->finish;
160	.Ve
161	.SH "DESCRIPTION"
162	.IX Header "DESCRIPTION"
163	This module is a Perl-only implementation of the cryptographic cipher
164	block chaining mode (\s-1CBC\s0). In combination with a block cipher such as
165	\&\s-1DES\s0 or \s-1IDEA\s0, you can encrypt and decrypt messages of arbitrarily long
166	length. The encrypted messages are compatible with the encryption
167	format used by \fBSSLeay\fR.
168	.PP
169	To use this module, you will first create a Crypt::CBC cipher object with
170	\&\fInew()\fR. At the time of cipher creation, you specify an encryption key
171	to use and, optionally, a block encryption algorithm. You will then
172	call the \fIstart()\fR method to initialize the encryption or decryption
173	process, \fIcrypt()\fR to encrypt or decrypt one or more blocks of data, and
174	lastly \fIfinish()\fR, to pad and encrypt the final block. For your
175	convenience, you can call the \fIencrypt()\fR and \fIdecrypt()\fR methods to
176	operate on a whole data value at once.
177	.Sh "\fInew()\fP"
178	.IX Subsection "new()"
179	.Vb 7
180	\& $cipher = Crypt::CBC->new( {'key' => 'my secret key',
181	\& 'cipher' => 'Blowfish',
182	\& 'iv' => '$KJh#(}q',
183	\& 'regenerate_key' => 0, # default true
184	\& 'padding' => 'space',
185	\& 'prepend_iv' => 0
186	\& });
187	.Ve
188	.PP
189	.Vb 2
190	\& # or (for compatibility with earlier versions)
191	\& $cipher = new Crypt::CBC($key,$algorithm);
192	.Ve
193	.PP
194	The \fInew()\fR method creates a new Crypt::CBC object.
195	.PP
196	You must provide an encryption/decryption key, which can be any series
197	of characters of any length. If regenerate_key is not specified as a
198	false value, the actual key used is derived from the \s-1MD5\s0 hash of the
199	key you provide. The cipher is optional and will default to \s-1DES\s0 unless
200	specified otherwise. You may use any compatible block encryption
201	algorithm that you have installed. Currently, this includes Crypt::DES,
202	Crypt::DES_EDE3, Crypt::IDEA, Crypt::Blowfish, and Crypt::Rijndael. You
203	may refer to them using their full names (\(L"Crypt::IDEA\(R") or in
204	abbreviated form (\(L"\s-1IDEA\s0\(R").
205	.PP
206	An initialization vector may be specified, either by passing in a key of
207	\&'iv' as an option to new, or by calling
208	\&\f(CW$cipher\fR\->set_initialization_key($iv) before calling \f(CW$cipher\fR\->\fIstart()\fR.
209	The \s-1IV\s0 will be ignored in decryption if the ciphertext is prepended by
210	text which matches the regex /^RandomIV.{8}/, in which case the 8
211	characters following \(L"RandomIV\(R" will be used as the \s-1IV\s0. When encrypting,
212	by default the ciphertext will be prepended with "RandomIV<\s-1IV\s0>\*(L"
213	(16 bytes). To disable this, set 'prepend_iv' to a false value. The
214	padding method can be specified by the 'padding' option. If no padding
215	method is specified, PKCS#5 (\*(R"standard") padding is assumed.
216	.Sh "\fIstart()\fP"
217	.IX Subsection "start()"
218	.Vb 2
219	\& $cipher->start('encrypting');
220	\& $cipher->start('decrypting');
221	.Ve
222	.PP
223	The \fIstart()\fR method prepares the cipher for a series of encryption or
224	decryption steps, resetting the internal state of the cipher if
225	necessary. You must provide a string indicating whether you wish to
226	encrypt or decrypt. \(L"E\(R" or any word that begins with an \(L"e\(R" indicates
227	encryption. \(L"D\(R" or any word that begins with a \(L"d\(R" indicates
228	decryption.
229	.Sh "\fIcrypt()\fP"
230	.IX Subsection "crypt()"
231	.Vb 1
232	\& $ciphertext = $cipher->crypt($plaintext);
233	.Ve
234	.PP
235	After calling \fIstart()\fR, you should call \fIcrypt()\fR as many times as
236	necessary to encrypt the desired data.
237	.Sh "\fIfinish()\fP"
238	.IX Subsection "finish()"
239	.Vb 1
240	\& $ciphertext = $cipher->finish();
241	.Ve
242	.PP
243	The \s-1CBC\s0 algorithm must buffer data blocks inernally until they are
244	even multiples of the encryption algorithm's blocksize (typically 8
245	bytes). After the last call to \fIcrypt()\fR you should call \fIfinish()\fR.
246	This flushes the internal buffer and returns any leftover ciphertext.
247	.PP
248	In a typical application you will read the plaintext from a file or
249	input stream and write the result to standard output in a loop that
250	might look like this:
251	.PP
252	.Vb 4
253	\& $cipher = new Crypt::CBC('hey jude!');
254	\& $cipher->start('encrypting');
255	\& print $cipher->crypt($_) while <>;
256	\& print $cipher->finish();
257	.Ve
258	.Sh "\fIencrypt()\fP"
259	.IX Subsection "encrypt()"
260	.Vb 1
261	\& $ciphertext = $cipher->encrypt($plaintext)
262	.Ve
263	.PP
264	This convenience function runs the entire sequence of \fIstart()\fR, \fIcrypt()\fR
265	and \fIfinish()\fR for you, processing the provided plaintext and returning
266	the corresponding ciphertext.
267	.Sh "\fIdecrypt()\fP"
268	.IX Subsection "decrypt()"
269	.Vb 1
270	\& $plaintext = $cipher->decrypt($ciphertext)
271	.Ve
272	.PP
273	This convenience function runs the entire sequence of \fIstart()\fR, \fIcrypt()\fR
274	and \fIfinish()\fR for you, processing the provided ciphertext and returning
275	the corresponding plaintext.
276	.Sh "\fIencrypt_hex()\fP, \fIdecrypt_hex()\fP"
277	.IX Subsection "encrypt_hex(), decrypt_hex()"
278	.Vb 2
279	\& $ciphertext = $cipher->encrypt_hex($plaintext)
280	\& $plaintext = $cipher->decrypt_hex($ciphertext)
281	.Ve
282	.PP
283	These are convenience functions that operate on ciphertext in a
284	hexadecimal representation. \fBencrypt_hex($plaintext)\fR is exactly
285	equivalent to \fBunpack('H*',encrypt($plaintext))\fR. These functions
286	can be useful if, for example, you wish to place the encrypted
287	.Sh "\fIget_initialization_vector()\fP"
288	.IX Subsection "get_initialization_vector()"
289	.Vb 1
290	\& $iv = $cipher->get_initialization_vector()
291	.Ve
292	.PP
293	This function will return the \s-1IV\s0 used in encryption and or decryption.
294	This function may be useful to determine the random \s-1IV\s0 used when
295	encrypting if none is specified in \fInew()\fR. The \s-1IV\s0 is not guaranteed to
296	be set when encrypting until \fIstart()\fR is called, and when decrypting
297	until \fIcrypt()\fR is called the first time.
298	.Sh "\fIset_initialization_vector()\fP"
299	.IX Subsection "set_initialization_vector()"
300	.Vb 1
301	\& $cipher->set_initialization_vector('76543210')
302	.Ve
303	.PP
304	This function sets the \s-1IV\s0 used in encryption and/or decryption. This
305	function may be useful if the \s-1IV\s0 is not contained within the ciphertext
306	string being decrypted, or if a particular \s-1IV\s0 is desired for encryption.
307	If not set, a random \s-1IV\s0 will be generated. The \s-1IV\s0 is not guaranteed to
308	be set when encrypting until \fIstart()\fR is called, and when decrypting
309	until \fIcrypt()\fR is called the first time.
310	.Sh "Padding methods"
311	.IX Subsection "Padding methods"
312	Use the 'padding' option to change the padding method.
313	.PP
314	When the last block of plaintext is shorter than the block size,
315	it must be padded. Padding methods include: \(L"standard\(R" (i.e., PKCS#5),
316	\&\(L"oneandzeroes\(R", \(L"space\(R", and \(L"null\(R".
317	.PP
318	.Vb 5
319	\& standard: (default) Binary safe
320	\& pads with the number of bytes that should be truncated. So, if
321	\& blocksize is 8, then "0A0B0C" will be padded with "05", resulting
322	\& in "0A0B0C0505050505". If the final block is a full block of 8
323	\& bytes, then a whole block of "0808080808080808" is appended.
324	.Ve
325	.PP
326	.Vb 4
327	\& oneandzeroes: Binary safe
328	\& pads with "80" followed by as many "00" necessary to fill the
329	\& block. If the last block is a full block and blocksize is 8, a
330	\& block of "8000000000000000" will be appended.
331	.Ve
332	.PP
333	.Vb 4
334	\& null: text only
335	\& pads with as many "00" necessary to fill the block. If the last
336	\& block is a full block and blocksize is 8, a block of
337	\& "0000000000000000" will be appended.
338	.Ve
339	.PP
340	.Vb 2
341	\& space: text only
342	\& same as "null", but with "20".
343	.Ve
344	.PP
345	Both the standard and oneandzeroes paddings are binary safe. The
346	space and null paddings are recommended only for text data. Which
347	type of padding you use depends on whether you wish to communicate
348	with an external (non Crypt::CBC library). If this is the case, use
349	whatever padding method is compatible.
350	.PP
351	You can also pass in a custom padding function. To do this, create a
352	function that takes the arguments:
353	.PP
354	.Vb 1
355	\& $padded_block = function($block,$blocksize,$direction);
356	.Ve
357	.PP
358	where \f(CW$block\fR is the current block of data, \f(CW$blocksize\fR is the size to
359	pad it to, \f(CW$direction\fR is \(L"e\(R" for encrypting and \(L"d\(R" for decrypting,
360	and \f(CW$padded_block\fR is the result after padding or depadding.
361	.PP
362	When encrypting, the function should always return a string of
363	<blocksize> length, and when decrypting, can expect the string coming
364	in to always be that length. See \fI_standard_padding()\fR, \fI_space_padding()\fR,
365	\&\fI_null_padding()\fR, or \fI_oneandzeroes_padding()\fR in the source for examples.
366	.PP
367	Standard and oneandzeroes padding are recommended, as both space and
368	null padding can potentially truncate more characters than they should.
369	.SH "EXAMPLES"
370	.IX Header "EXAMPLES"
371	Two examples, des.pl and idea.pl can be found in the eg/ subdirectory
372	of the Crypt-CBC distribution. These implement command-line \s-1DES\s0 and
373	\&\s-1IDEA\s0 encryption algorithms.
374	.SH "LIMITATIONS"
375	.IX Header "LIMITATIONS"
376	The encryption and decryption process is about a tenth the speed of
377	the equivalent SSLeay programs (compiled C). This could be improved
378	by implementing this module in C. It may also be worthwhile to
379	optimize the \s-1DES\s0 and \s-1IDEA\s0 block algorithms further.
380	.SH "BUGS"
381	.IX Header "BUGS"
382	Please report them.
383	.SH "AUTHOR"
384	.IX Header "AUTHOR"
385	Lincoln Stein, lstein@cshl.org
386	.PP
387	This module is distributed under the \s-1ARTISTIC\s0 \s-1LICENSE\s0 using the same
388	terms as Perl itself.
389	.SH "SEE ALSO"
390	.IX Header "SEE ALSO"
391	\&\fIperl\fR\\|(1), \fICrypt::DES\fR\\|(3), \fICrypt::IDEA\fR\\|(3), rfc2898 (PKCS#5)