1 |
NAME |
2 |
Crypt::Twofish2 - Crypt::CBC compliant Twofish encryption module |
3 |
|
4 |
SYNOPSIS |
5 |
use Crypt::Twofish2; |
6 |
|
7 |
# keysize() is 32, but 24 and 16 are also possible |
8 |
# blocksize() is 16 |
9 |
|
10 |
$cipher = new Crypt::Twofish2 "a" x 32, Crypt::Twofish2::MODE_CBC; |
11 |
|
12 |
$crypted = $cipher->encrypt($plaintext); |
13 |
# - OR - |
14 |
$plaintext = $cipher->decrypt($crypted); |
15 |
|
16 |
DESCRIPTION |
17 |
This module implements the twofish cipher in a less braindamaged (read: |
18 |
slow and ugly) way than the existing "Crypt::Twofish" module. |
19 |
|
20 |
Although it is "Crypt::CBC" compliant you usually gain nothing by using |
21 |
that module (except generality, which is often a good thing), since |
22 |
"Crypt::Twofish2" can work in either ECB or CBC mode itself. |
23 |
|
24 |
keysize |
25 |
Returns the keysize, which is 32 (bytes). The Twofish2 cipher |
26 |
actually supports keylengths of 16, 24 or 32 bytes, but there is no |
27 |
way to communicate this to "Crypt::CBC". |
28 |
|
29 |
blocksize |
30 |
The blocksize for Twofish2 is 16 bytes (128 bits), which is somewhat |
31 |
unique. It is also the reason I need this module myself ;) |
32 |
|
33 |
$cipher = new $key [, $mode] |
34 |
Create a new "Crypt::Twofish2" cipher object with the given key |
35 |
(which must be 128, 192 or 256 bits long). The additional $mode |
36 |
argument is the encryption mode, either "MODE_ECB" (electronic |
37 |
cookbook mode, the default), "MODE_CBC" (cipher block chaining, the |
38 |
same that "Crypt::CBC" does) or "MODE_CFB1" (1-bit cipher feedback |
39 |
mode). |
40 |
|
41 |
ECB mode is very insecure (read a book on cryptography if you don't |
42 |
know why!), so you should probably use CBC mode. CFB1 mode is not |
43 |
tested and is most probably broken, so do not try to use it. |
44 |
|
45 |
In ECB mode you can use the same cipher object to encrypt and |
46 |
decrypt data. However, every change of "direction" causes an |
47 |
internal reordering of key data, which is quite slow, so if you want |
48 |
ECB mode and encryption/decryption at the same time you should |
49 |
create two seperate "Crypt::Twofish2" objects with the same key. |
50 |
|
51 |
In CBC mode you have to use seperate objects for |
52 |
encryption/decryption in any case. |
53 |
|
54 |
The "MODE_*"-constants are not exported by this module, so you must |
55 |
specify them as "Crypt::Twofish2::MODE_CBC" etc. (sorry for that). |
56 |
|
57 |
$cipher->encrypt($data) |
58 |
Encrypt data. The size of $data must be a multiple of "blocksize" |
59 |
(16 bytes), otherwise this function will croak. Apart from that, it |
60 |
can be of (almost) any length. |
61 |
|
62 |
$cipher->decrypt($data) |
63 |
The pendant to "encrypt" in that it *de*crypts data again. |
64 |
|
65 |
SEE ALSO |
66 |
Crypt::CBC, Crypt::Twofish. |
67 |
|
68 |
BUGS |
69 |
Should EXPORT or EXPORT_OK the MODE constants. |
70 |
|
71 |
There should be a way to access initial IV contents :( |
72 |
|
73 |
Although I tried to make the original twofish code portable, I can't say |
74 |
how much I did succeed. The code tries to be portable itself, and I hope |
75 |
I got the endianness issues right. The code is also copyright |
76 |
Counterpane Systems, no license accompanied it, so using it might |
77 |
actually be illegal ;) |
78 |
|
79 |
I also cannot guarantee for security, but the module is used quite a |
80 |
bit, so there are no obvious bugs left. |
81 |
|
82 |
AUTHOR |
83 |
Marc Lehmann <schmorp@schmorp.de> |
84 |
http://home.schmorp.de/ |
85 |
|
86 |
The actual twofish encryption is written in horribly microsoft'ish looking |
87 |
almost ansi-c by Doug Whiting. |
88 |
|