| 1 |
NAME |
| 2 |
Crypt::Twofish2 - Crypt::CBC compliant Twofish encryption module |
| 3 |
|
| 4 |
SYNOPSIS |
| 5 |
use Crypt::Twofish2; |
| 6 |
|
| 7 |
# keysize() is 32, but 24 and 16 are also possible |
| 8 |
# blocksize() is 16 |
| 9 |
|
| 10 |
$cipher = new Crypt::Twofish2 "a" x 32, Crypt::Twofish2::MODE_CBC; |
| 11 |
|
| 12 |
$crypted = $cipher->encrypt($plaintext); |
| 13 |
# - OR - |
| 14 |
$plaintext = $cipher->decrypt($crypted); |
| 15 |
|
| 16 |
DESCRIPTION |
| 17 |
This module implements the twofish cipher in a less braindamaged (read: |
| 18 |
slow and ugly) way than the existing "Crypt::Twofish" module. |
| 19 |
|
| 20 |
Although it is "Crypt::CBC" compliant you usually gain nothing by using |
| 21 |
that module (except generality, which is often a good thing), since |
| 22 |
"Crypt::Twofish2" can work in either ECB or CBC mode itself. |
| 23 |
|
| 24 |
keysize |
| 25 |
Returns the keysize, which is 32 (bytes). The Twofish2 cipher |
| 26 |
actually supports keylengths of 16, 24 or 32 bytes, but there is no |
| 27 |
way to communicate this to "Crypt::CBC". |
| 28 |
|
| 29 |
blocksize |
| 30 |
The blocksize for Twofish2 is 16 bytes (128 bits), which is somewhat |
| 31 |
unique. It is also the reason I need this module myself ;) |
| 32 |
|
| 33 |
$cipher = new $key [, $mode] |
| 34 |
Create a new "Crypt::Twofish2" cipher object with the given key |
| 35 |
(which must be 128, 192 or 256 bits long). The additional $mode |
| 36 |
argument is the encryption mode, either "MODE_ECB" (electronic |
| 37 |
cookbook mode, the default), "MODE_CBC" (cipher block chaining, the |
| 38 |
same that "Crypt::CBC" does) or "MODE_CFB1" (1-bit cipher feedback |
| 39 |
mode). |
| 40 |
|
| 41 |
ECB mode is very insecure (read a book on cryptography if you don't |
| 42 |
know why!), so you should probably use CBC mode. CFB1 mode is not |
| 43 |
tested and is most probably broken, so do not try to use it. |
| 44 |
|
| 45 |
In ECB mode you can use the same cipher object to encrypt and |
| 46 |
decrypt data. However, every change of "direction" causes an |
| 47 |
internal reordering of key data, which is quite slow, so if you want |
| 48 |
ECB mode and encryption/decryption at the same time you should |
| 49 |
create two seperate "Crypt::Twofish2" objects with the same key. |
| 50 |
|
| 51 |
In CBC mode you have to use seperate objects for |
| 52 |
encryption/decryption in any case. |
| 53 |
|
| 54 |
The "MODE_*"-constants are not exported by this module, so you must |
| 55 |
specify them as "Crypt::Twofish2::MODE_CBC" etc. (sorry for that). |
| 56 |
|
| 57 |
$cipher->encrypt($data) |
| 58 |
Encrypt data. The size of $data must be a multiple of "blocksize" |
| 59 |
(16 bytes), otherwise this function will croak. Apart from that, it |
| 60 |
can be of (almost) any length. |
| 61 |
|
| 62 |
$cipher->decrypt($data) |
| 63 |
The pendant to "encrypt" in that it *de*crypts data again. |
| 64 |
|
| 65 |
SEE ALSO |
| 66 |
Crypt::CBC, Crypt::Twofish. |
| 67 |
|
| 68 |
BUGS |
| 69 |
Should EXPORT or EXPORT_OK the MODE constants. |
| 70 |
|
| 71 |
There should be a way to access initial IV contents :( |
| 72 |
|
| 73 |
Although I tried to make the original twofish code portable, I can't say |
| 74 |
how much I did succeed. The code tries to be portable itself, and I hope |
| 75 |
I got the endianness issues right. The code is also copyright |
| 76 |
Counterpane Systems, no license accompanied it, so using it might |
| 77 |
actually be illegal ;) |
| 78 |
|
| 79 |
I also cannot guarantee for security, but the module is used quite a |
| 80 |
bit, so there are no obvious bugs left. |
| 81 |
|
| 82 |
AUTHOR |
| 83 |
Marc Lehmann <schmorp@schmorp.de> |
| 84 |
http://home.schmorp.de/ |
| 85 |
|
| 86 |
The actual twofish encryption is written in horribly microsoft'ish looking |
| 87 |
almost ansi-c by Doug Whiting. |
| 88 |
|
