Re: Workable encryption in Tcl??
From: Geoff Caplan (geoff_at_variosoft.com)
Date: 07/31/04
- Next message: Mark Roseman: "Re: Dynamic rich data client"
- Previous message: Geoff Caplan: "Re: Workable encryption in Tcl??"
- In reply to: Mac A. Cody: "Re: Workable encryption in Tcl??"
- Next in thread: Andreas Kupries: "Re: Workable encryption in Tcl??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 31 Jul 2004 11:13:29 +0100
Mac A. Cody <maccody@castcom.net> wrote:
Thanks for responding. Good to hear from the author!
>Have you even tried TclDES to determine if the speed is suitable
>for your needs?
Not yet, because I couldn't figure out how to use it! See comments
below...
My need is to encrypt/decrupt strings in real-time for interactive
data entry between a Tcl client on Windows and a remote
Linux/Apache/PHP server. The longest string would be about the length
of this post.
Do you think your package would be fast enough for this, using 3DES?
If it is, it would be my first choice as it seems to be the most
active Tcl cypher project. I have 3DES working on the PHP side,
assuming this would be compatible with TclDES. To prepare the output
blob for transmission I am using base_64 & then URL encoding.
>> The documentation is intimidating, to put it mildly,
>Intimidating? How so? It is pretty much standard manpage format.
>In fact, the manpage source was adapted from the Tcl distribution.
Mac, please don't take offence: it certainly wan't intended. You've
clearly devoted a lot of work to both the code and the export control
stuff are very much on top of your subject: I take my hat off to
anyone who makes a contribution like this.
But having made that investment, it would be good if your efforts were
widely accessible. With the manpage as it stands, IMHO, only those
with a crypto background will be able to use it.
My problem was not with the format but with the content. Please try
and re-read the page from the point of view of the crypto layperson
who simply wants to encrypt a string without understanding the
internals. I like to think I'm fairly bright but after a number of
readings I was still none the wiser.
An analogy: very few people understand how the internal combustion
engine works in any detail, but it doesn't prevent millions from
driving a car. With respect, your documentation is more on the level
of how the engine works rather than how to just get in and drive the
car.
Here's a possible outline of a HOW TO aimed more at the layperson:
1) Brief overview of the DES cypher
2) How to select a DES version and mode
3) How to create a key (with examples)
4) How to encrypt a string (with examples)
5) How to encrypt a binary (with examples)
6) How to decrypt (with examples).
I may not be a technical rocket-scientist, but I have a lot of
experience writing manuals for non-technical people. Here's an offer.
If you think that this package is suitable for my requirements, and
you are prepared to help me get it up and running, I will contribute a
HOW TO doc to help people like myself to use it in return. Is that of
any interest?
>> and there are no usage examples.
>I suppose I could include an example, but the manpage is pretty
>self-explanitory.
Not to this reader: or to anyone at my technical level, I suspect.
Without your help, I could never have figured out the example that
follows from the content of the manpage.
There is still a fair bit I don't understand.
- In the call to keyset create you use $key1 - is this a typo for $key
or am I misunderstanding something?
- How do I create a 192 bit key? I'm a humble web-hacker so know
nothing about binary formats. Does it require 12 subkeys? What is the
correct format for the subkeys and binary format for the key? Would
the key be portable between a Windows and a Linux machine?
- How do I convert my Unicode string to the binary string that
des::encrypt is expecting?
Of these are the wrong questions please forgive me, but they are as
far as I have got...
>Anyway, here is a quick example:
># Load the TclDES package
>package require tclDES
># Generate a 64-bit key, which is binary data
>set subKeyA [format %04x [expr int(65536 * rand())]]
>set subKeyB [format %04x [expr int(65536 * rand())]]
>set subKeyC [format %04x [expr int(65536 * rand())]]
>set subKeyD [format %04x [expr int(65536 * rand())]]
>set key [binary format H4H4H4H4 $subKeyA $subKeyB $subKeyC $subKeyD]
># Create a handle to a keyset for the generated key.
>set keyset [::des::keyset create $key1]
># Perform ECB mode encryption on a plaintext block of BINARY data.
>set ct [::des::encrypt $keyset $data ecb]
># Perform ECB mode decryption on the encrypted block of BINARY data.
>set pt [::des::decrypt $keyset $ct ecb]
># Destroy the keyset.
>::des::keyset destroy $keyset
>For 3DES, the key must be 192 bits in length. Supplying a 192-bit
>key to the "::des::keyset create" creates a keyset for 3DES. For
>additional examples go to the CVS tree on the TclDES SourceForge
>site and look at testTclDES.tcl in the TclDES/test directory.
Geoff Caplan
- Next message: Mark Roseman: "Re: Dynamic rich data client"
- Previous message: Geoff Caplan: "Re: Workable encryption in Tcl??"
- In reply to: Mac A. Cody: "Re: Workable encryption in Tcl??"
- Next in thread: Andreas Kupries: "Re: Workable encryption in Tcl??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
