NAME
Crypt::RFC8188 - Implement RFC 8188 HTTP Encrypted Content Encoding
SYNOPSIS
use Crypt::RFC8188 qw(ece_encrypt_aes128gcm ece_decrypt_aes128gcm);
my $ciphertext = ece_encrypt_aes128gcm(
$plaintext, $salt, $key, $private_key, $dh, $auth_secret, $keyid, $rs,
);
my $plaintext = ece_decrypt_aes128gcm(
# no salt, keyid, rs as encoded in header
$ciphertext, $key, $private_key, $dh, $auth_secret,
);DESCRIPTION
This module implements RFC 8188, the HTTP Encrypted Content Encoding standard. Among other things, this is used by Web Push (RFC 8291).
It implements only the aes128gcm (Advanced Encryption Standard 128-bit Galois/Counter Mode) encryption, not the previous draft standards envisaged for Web Push. It implements neither aesgcm nor aesgcm128.
FUNCTIONS
Exportable (not by default) functions:
ece_encrypt_aes128gcm
Arguments:
$plaintext
The plain text.
$salt
A randomly-generated 16-octet sequence. If not provided, one will be generated. This is still useful as the salt is included in the ciphertext.
$key
A secret key to be exchanged by other means.
$private_key
The private key of a Crypt::PK::ECC Prime 256 ECDSA key.
$dh
If the private key above is provided, this is the recipient's public key of an Prime 256 ECDSA key.
$auth_secret
An authentication secret.
$keyid
If provided, the ID of a key to be looked up by other means.
$rs
The record size for encrypted blocks. Must be at least 18, which would be very inefficient as the overhead is 17 bytes. Defaults to 4096.
ece_decrypt_aes128gcm
$ciphertext
The plain text.
$key
$private_key
$dh
$auth_secret
All as above. $salt, $keyid, $rs are not given since they are encoded in the ciphertext.
SEE ALSO
https://github.com/web-push-libs/encrypted-content-encoding
RFC 8188 - Encrypted Content-Encoding for HTTP (using aes128gcm).
AUTHOR
Ed J, <etj at cpan.org>
LICENSE
Copyright (C) Ed J
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.