Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
pike
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
pikelang
pike
Commits
45dc9d23
Commit
45dc9d23
authored
26 years ago
by
Niels Möller
Browse files
Options
Downloads
Patches
Plain Diff
*** empty log message ***
Rev: tutorial/crypto.wmml:1.2
parent
f3ece850
No related branches found
No related tags found
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
tutorial/crypto.wmml
+143
-16
143 additions, 16 deletions
tutorial/crypto.wmml
with
143 additions
and
16 deletions
tutorial/crypto.wmml
+
143
−
16
View file @
45dc9d23
<--
!
-*-html-*-
--
>
<--
!
-*-html-*-
--
>
<
section
title=
"The Pike Crypto Toolkit"
>
<
chapter
title=
"The Pike Crypto Toolkit"
name=
crypto
>
<section
title=
"Introduction"
>
<section
title=
"Introduction"
>
...
@@ -122,7 +122,7 @@ To encrypt the block "Pike des" using the DES-key '0123456789abcdef'
...
@@ -122,7 +122,7 @@ To encrypt the block "Pike des" using the DES-key '0123456789abcdef'
(in hex), use
(in hex), use
<example
language=
pike
>
<example
language=
pike
>
Crypto.des()->set_encrypt_key(Crypto.hex_to_string("0123456789abcdef"))
Crypto.des()->set_encrypt_key(Crypto.hex_to_string("0123456789abcdef"))
->crypt_block("Pike DES")
;
->crypt_block("Pike DES")
</example>
</example>
although most applications will not use the Crypto.des class directly.
although most applications will not use the Crypto.des class directly.
...
@@ -207,20 +207,147 @@ int o->query_digest_size();
...
@@ -207,20 +207,147 @@ int o->query_digest_size();
Returns the size, in octets, of the digests produced by this hash function.
Returns the size, in octets, of the digests produced by this hash function.
</man_description>
</man_description>
<method
name=
"create"
>
To get the md5 hash of a string s, you would use
<example
language=
pike
>
Crypto.md5()->update(s)->digest()
</example>
</section>
<section
title=
"Public key algorithms"
>
The only public key algorithm currently in the toolkit is RSA. As the
algorithm uses arithmetic on huge numbers, you must also have the GMP
library and the corresponding Pike module installed in order to use
RSA.
<class
name=
"Crypto.rsa"
>
<method
name=
set_public_key
>
<man_syntax>
object rsa->set_public_key(object(Gmp.mpz) modulo, object(Gmp.mpz) e)
</man_syntax>
<man_description>
Sets the modulo and the public exponent. For convenience, returns the
object itself.
</man_description>
<method
name=
set_private_key
>
<man_syntax>
object rsa->set_public_key(object(Gmp.mpz) d)
</man_syntax>
<man_description>
Sets the private exponent. For convenience, returns the object itself.
</man_description>
</method>
<method
name=
generate_key
>
<man_syntax>
object rsa->generate_key(int bits, function|void random)
</man_syntax>
<man_description>
Generates a new rsa key pair, with a modulo of the given bitsize.
<i>
random
</i>
should be a function that takes one integer argument
<i>
n
</i>
and returns a string of
</i>
n
</i>
random octets. The default
function is
<i>
Crypto.randomness.really_random()->read
</i>
. For
convenience, this method returns the object itself.
</man_description>
</method>
<method
name=
query_blocksize
>
<man_syntax>
int rsa->query_block_size()
</man_syntax>
<man_description>
Returns the length of the largest string that can be encrypted in one
RSA-operation using the current key.
</man_description>
</method>
<method
name=
encrypt
>
<man_syntax>
string rsa->encrypt(string message, function|void random)
</man_syntax>
<man_description>
Encrypts
<i>
message
</i>
using PKCS#1-style RSA encryption. The
function
<i>
random
</i>
is used to generate random message padding.
Padding does not require a strong random number generator. The default
<i>
random
</i>
function is derived from Pike's builting pseudorandom
generator
<i>
predef::random
</i>
.
</man_description>
</method>
<method
name=
decrypt
>
<man_syntax>
<man_syntax>
void o->create(void|object
)
string rsa->decrypt(string gibberish
)
All block ciphers have a common set of methods
</man_syntax>
<example
type=
pike
>
<man_description>
<caption>
Creating an object encrypting using IDEA in CBC-mode
</caption>
Decrypts a PKCS#1-style RSA-encrypted message. This operation requires
Crypto(CBC(IDEA)-
>
set_iv(iv)-
>
set_encrypt_key(key)
knowledge of the private key. Decryption may fail if the input is not
a properly encrypted message for this key. In this case, the method
returns zero. The PKCS#1 padding method used is vulnerable to a
chosen-ciphertext attack discovered by Daniel Bleichenbacher.
</man_description>
</method>
There are several methods for signature creation and verification. I
don't quite like the interface, so it may very well change in some
future version of the Toolkit.
<method
name=
sign
>
<man_syntax>
object(Gmp.mpz) rsa->sign(string message, program hash)
</man_syntax>
<man_description>
Creates a PKCS#1-style signature. This operation requires knowledge of
the private key.
<i>
hash
</i>
should be a hash algorithm with an
->identifier method which returns a DER-encoded ASN.1 Object
Identifier for the hash algorithm. Currently, this is supported only
by Crypto.md5. The function returns the signature as a bignum;
applications can use
<example
language=
pike
>
Standards.ASN1.Types.asn1_bit_string(rsa->sign(...))->get_der()
</example>
</example>
<p>
There is a pike implementation of
<link
to=
ssl
type=
used_by
>
SSL (Secure
to convert it a DER-encoded ASN.1 bitstring.
socket Layer)
</link>
built on top of the crypto toolkit.
</p>
</man_description>
</description>
</method>
<future>
<method
name=
verify
>
Compatibility with standards such as RSA Inc's PKCS (Public Key
<man_syntax>
Cryptography Standards) might be useful.
int verify(string message, program hash, object(Gmp.mpz) signature)
</future>
</man_syntax>
<man_description>
Verifies a PKCS#1-style RSA signature. Returns 1 if the signature is
valid, 0 if not.
</man_description>
<method
name=
sha_sign
>
<man_syntax>
string rsa->sha_sign(string message)
</man_syntax>
<man_description>
Creates an RSA signature using a simpler but non-standard convention.
</man_description>
</method>
<method>
<man_syntax>
int sha_verify(string message, string signature)
</man_syntax>
<man_description>
Verifies signatures created by sha_sign. Returns 1 if the signature is
valid, 0 if not.
</man_description>
</method>
</class>
</section>
<section
title=
"Combining block cryptos"
>
</section>
</chapter>
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment