NAME

Crypt::ECDH_ES - A fast and small hybrid crypto system

VERSION

version 0.006

SYNOPSIS

my $ciphertext = ecdhes_encrypt($public_key, $data);
my $plaintext = ecdhes_decrypt($private_key, $ciphertext);

DESCRIPTION

This module uses elliptic curve cryptography in an ephemerical-static configuration combined with the AES cipher to achieve a hybrid cryptographical system. Both the public and the private key are simply 32 byte blobs.

Use-cases

You may want to use this module when storing sensive data in such a way that the encoding side can't read it afterwards, for example a website storing credit card data in a database that will be used by a separate back-end financial processor. When used in this way, a leak of the database and keys given to the website will not leak those credit card numbers.

Technical details

This modules uses Daniel J. Bernstein's curve25519 (also used by OpenSSH) to perform a Diffie-Hellman key agreement between an encoder and a decoder. The keys of the decoder should be known in advance (as this system works as a one-way communication mechanism), for the encoder a new keypair is generated for every encryption using the system's cryptographically secure pseudo-random number generator. The shared key resulting from the key agreement is hashed and used to encrypt the plaintext using AES in CBC mode (with the IV deterministically derived from the public key). It also adds a HMAC, with the key derived from the same shared secret as the encryption key.

All cryptographic components are believed to provide at least 128-bits of security.

Variants

There are two variants of this system; both will encrypt the payload, but only one will authenticate the sender.

FUNCTIONS

ecdhes_encrypt

my $ciphertext = ecdhes_encrypt($public_key, $plaintext)

This will encrypt $plaintext using $public_key. This is a non-deterministic encryption: the result will be different for every invocation.

ecdhes_decrypt

my $plaintext = ecdhes_decrypt($private_key, $ciphertext)

This will decrypt $ciphertext (as encrypted using ecdhes_encrypt) using $private_key and return the plaintext.

ecdhes_encrypt_authenticated

my $ciphertext = ecdhes_encrypt_authenticated($receiver_public_key, $sender_private_key, $plaintext)

This will encrypt $plaintext using $receiver_public_key and $sender_private_key. This is a non-deterministic encryption: the result will be different for every invocation.

ecdhes_decrypt_authenticated

my ($plaintext, $sender_public_key) = ecdhes_decrypt_authenticated($receiver_private_key, $ciphertext)

This will decrypt $ciphertext (as encrypted using ecdhes_encrypt_authenticated) using $receiver_private_key and return the plaintext and the public key of the sender.

ecdhes_generate_key

my ($public_key, $private_key) = ecdhes_generate_key()

This function generates a new random curve25519 keypair.

AUTHOR

Leon Timmermans <fawaka@gmail.com>

COPYRIGHT AND LICENSE

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install Crypt::ECDH_ES, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::ECDH_ES

CPAN shell

perl -MCPAN -e shell
install Crypt::ECDH_ES

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)