NAME
Crypt::PK::DH - Public key cryptography based on Diffie-Hellman
SYNOPSIS
### OO interface
#Encryption: Alice
my $pub = Crypt::PK::DH->new('Bob_pub_dh1.key');
my $ct = $pub->encrypt("secret message");
#
#Encryption: Bob (received ciphertext $ct)
my $priv = Crypt::PK::DH->new('Bob_priv_dh1.key');
my $pt = $priv->decrypt($ct);
#Signature: Alice
my $priv = Crypt::PK::DH->new('Alice_priv_dh1.key');
my $sig = $priv->sign_message($message);
#
#Signature: Bob (received $message + $sig)
my $pub = Crypt::PK::DH->new('Alice_pub_dh1.key');
$pub->verify_message($sig, $message) or die "ERROR";
#Shared secret
my $priv = Crypt::PK::DH->new('Alice_priv_dh1.key');
my $pub = Crypt::PK::DH->new('Bob_pub_dh1.key');
my $shared_secret = $priv->shared_secret($pub);
#Key generation
my $pk = Crypt::PK::DH->new();
$pk->generate_key(128);
my $private = $pk->export_key('private');
my $public = $pk->export_key('public');
### Functional interface
#Encryption: Alice
my $ct = dh_encrypt('Bob_pub_dh1.key', "secret message");
#Encryption: Bob (received ciphertext $ct)
my $pt = dh_decrypt('Bob_priv_dh1.key', $ct);
#Signature: Alice
my $sig = dh_sign_message('Alice_priv_dh1.key', $message);
#Signature: Bob (received $message + $sig)
dh_verify_message('Alice_pub_dh1.key', $sig, $message) or die "ERROR";
#Shared secret
my $shared_secret = dh_shared_secret('Alice_priv_dh1.key', 'Bob_pub_dh1.key');METHODS
new
my $pk = Crypt::PK::DH->new();
#or
my $pk = Crypt::PK::DH->new($priv_or_pub_key_filename);
#or
my $pk = Crypt::PK::DH->new(\$buffer_containing_priv_or_pub_key);generate_key
Uses Yarrow-based cryptographically strong random number generator seeded with random data taken from /dev/random (UNIX) or CryptGenRandom (Win32).
$pk->generate_key($keysize);
### $keysize (in bytes) corresponds to DH params (p, g) predefined by libtomcrypt
# 96 => DH-768
# 128 => DH-1024
# 160 => DH-1280
# 192 => DH-1536
# 224 => DH-1792
# 256 => DH-2048
# 320 => DH-2560
# 384 => DH-3072
# 512 => DH-4096import_key
Loads private or public key (exported by "export_key").
$pk->import_key($filename);
#or
$pk->import_key(\$buffer_containing_key);export_key
my $private = $pk->export_key('private');
#or
my $public = $pk->export_key('public');encrypt
my $pk = Crypt::PK::DH->new($pub_key_filename);
my $ct = $pk->encrypt($message);
#or
my $ct = $pk->encrypt($message, $hash_name);
#NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digestdecrypt
my $pk = Crypt::PK::DH->new($priv_key_filename);
my $pt = $pk->decrypt($ciphertext);sign_message
my $pk = Crypt::PK::DH->new($priv_key_filename);
my $signature = $priv->sign_message($message);
#or
my $signature = $priv->sign_message($message, $hash_name);
#NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digestverify_message
my $pk = Crypt::PK::DH->new($pub_key_filename);
my $valid = $pub->verify_message($signature, $message)
#or
my $valid = $pub->verify_message($signature, $message, $hash_name);
#NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digestsign_hash
my $pk = Crypt::PK::DH->new($priv_key_filename);
my $signature = $priv->sign_hash($message_hash);verify_hash
my $pk = Crypt::PK::DH->new($pub_key_filename);
my $valid = $pub->verify_hash($signature, $message_hash);shared_secret
# Alice having her priv key $pk and Bob's public key $pkb
my $pk = Crypt::PK::DH->new($priv_key_filename);
my $pkb = Crypt::PK::DH->new($pub_key_filename);
my $shared_secret = $pk->shared_secret($pkb);
# Bob having his priv key $pk and Alice's public key $pka
my $pk = Crypt::PK::DH->new($priv_key_filename);
my $pka = Crypt::PK::DH->new($pub_key_filename);
my $shared_secret = $pk->shared_secret($pka); # same value as computed by Aliceis_private
my $rv = $pk->is_private;
# 1 .. private key loaded
# 0 .. public key loaded
# undef .. no key loadedsize
my $size = $pk->size;
# returns key size in bytes or undef if no key loadedkey2hash
my $hash = $pk->key2hash;
# returns hash like this (or undef if no key loaded):
{
type => 0, # integer: 1 .. private, 0 .. public
size => 256, # integer: key size in bytes
name => "DH-2048", # internal libtomcrypt name
x => "FBC1062F73B9A17BB8473A2F5A074911FA7F20D28FB...", #private key
y => "AB9AAA40774D3CD476B52F82E7EE2D8A8D40CD88BF4...", #public key
}FUNCTIONS
dh_encrypt
DH based encryption as implemented by libtomcrypt. See method "encrypt" below.
my $ct = dh_encrypt($pub_key_filename, $message);
#or
my $ct = dh_encrypt(\$buffer_containing_pub_key, $message);
#or
my $ct = dh_encrypt($pub_key_filename, $message, $hash_name);
#NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::DigestEncryption works similar to the Crypt::PK::ECC encryption whereas shared DH key is computed, and the hash of the shared key XOR'ed against the plaintext forms the ciphertext.
dh_decrypt
DH based decryption as implemented by libtomcrypt. See method "decrypt" below.
my $pt = dh_decrypt($priv_key_filename, $ciphertext);
#or
my $pt = dh_decrypt(\$buffer_containing_priv_key, $ciphertext);dh_sign_message
Generate DH signature as implemented by libtomcrypt. See method "sign_message" below.
my $sig = dh_sign_message($priv_key_filename, $message);
#or
my $sig = dh_sign_message(\$buffer_containing_priv_key, $message);
#or
my $sig = dh_sign_message($priv_key, $message, $hash_name);dh_verify_message
Verify DH signature as implemented by libtomcrypt. See method "verify_message" below.
dh_verify_message($pub_key_filename, $signature, $message) or die "ERROR";
#or
dh_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR";
#or
dh_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";dh_sign_hash
Generate DH signature as implemented by libtomcrypt. See method "sign_hash" below.
my $sig = dh_sign_hash($priv_key_filename, $message_hash);
#or
my $sig = dh_sign_hash(\$buffer_containing_priv_key, $message_hash);dh_verify_hash
Verify DH signature as implemented by libtomcrypt. See method "verify_hash" below.
dh_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR";
#or
dh_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";dh_shared_secret
DH based shared secret generation. See method "shared_secret" below.
#on Alice side
my $shared_secret = dh_shared_secret('Alice_priv_dh1.key', 'Bob_pub_dh1.key');
#on Bob side
my $shared_secret = dh_shared_secret('Bob_priv_dh1.key', 'Alice_pub_dh1.key');