Cipher block chaining mode implementation
use Convert::PEM::CBC; my $cbc = Convert::PEM::CBC->new( Cipher => 'Crypt::DES_EDE3', Passphrase => 'foo' ); my $plaintext = 'foo bar baz'; $cbc->encrypt($plaintext);
Convert::PEM::CBC implements the \s-1CBC\s0 (Cipher Block Chaining) mode for encryption/decryption ciphers; the \s-1CBC\s0 is designed for compatability with OpenSSL and may not be compatible with other implementations (such as \s-1SSH\s0).
Creates a new Convert::PEM::CBC object and initializes it. Returns the new object.
%args can contain:
Cipher Either the name of an encryption cipher class (eg. Crypt::DES), or an object already blessed into such a class. The class must support the keysize, blocksize, encrypt, and decrypt methods. If the value is a blessed object, it is assumed that the object has already been initialized with a key. This argument is mandatory.
Passphrase A passphrase to encrypt/decrypt the content. This is different in implementation from a key (Key), because it is assumed that a passphrase comes directly from a user, and must be munged into the correct form for a key. This \*(L"munging\*(R" is done by repeatedly computing an \s-1MD5\s0 hash of the passphrase, the \s-1IV\s0, and the existing hash, until the generated key is longer than the keysize for the cipher (Cipher). Because of this \*(L"munging\*(R", this argument can be any length (even an empty string). If you give the Cipher argument an object, this argument is ignored. If the Cipher argument is a cipher class, either this argument or Key must be provided.
Key A raw key, to be passed directly to the new cipher object. Because this is passed directly to the cipher itself, the length of the key must be equal to or greater than the keysize for the Cipher. As with the Passphrase argument, if you give the Cipher argument an already-constructed cipher object, this argument is ignored. If the Cipher argument is a cipher class, either this argument or Passphrase must be provided.
\s-1IV\s0 The initialization vector for \s-1CBC\s0 mode. This argument is optional; if not provided, a random \s-1IV\s0 will be generated. Obviously, if you're decrypting data, you should provide this argument, because your \s-1IV\s0 should match the \s-1IV\s0 used to encrypt the data. Encrypts the plaintext $plaintext using the underlying cipher implementation in \s-1CBC\s0 mode, and returns the ciphertext.
If any errors occur, returns undef, and you should check the errstr method to find out what went wrong. Decrypts the ciphertext $ciphertext using the underlying cipher implementation in \s-1CBC\s0 mode, and returns the plaintext.
If any errors occur, returns undef, and you should check the errstr method to find out what went wrong. Returns the current initialization vector. One use for this might be to grab the initial value of the \s-1IV\s0 if it's created randomly (ie. you haven't provided an \s-1IV\s0 argument to new):
my $cbc = Convert::PEM::CBC->new( Cipher => $cipher ); my $iv = $cbc->iv; ## Generated randomly in 'new'.
Convert::PEM uses this to write the \s-1IV\s0 to the \s-1PEM\s0 file when encrypting, so that it can be known when trying to decrypt the file. Returns the value of the last error that occurred. This should only be considered meaningful when you've received undef from one of the functions above; in all other cases its relevance is undefined.
Please see the Convert::PEM manpage for author, copyright, and license information.