Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

Decent crypto library?

by vsespb (Chaplain)
on Oct 28, 2013 at 14:09 UTC ( #1059987=perlquestion: print w/replies, xml ) Need Help??
vsespb has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to find library to encrypt/decrypt AES 128/192/256 CBC (with ability to provide custom IV)
So far I benchmarked Crypt::CBC with Crypt::OpenSSL::AES Crypt::Rijndael and Crypt::Cipher::AES. It's 30 times slower than command-line openssl call ( I tested 100Mb file)
encrypt OpenSSL::AES 6.974975 decrypt OpenSSL::AES 7.55751 encrypt Rijndael 6.38572 decrypt Rijndael 6.988235 encrypt Cipher::AES 5.818391 decrypt Cipher::AES 6.286144
decrypt OPENSSL 0.208716
Seems those modules were not pure perl, because when I tried Crypt::Rijndael_PP it did not finish withing minute or more and I terminated benchmark.
I think I tried another couple of Crypt::CBC compatible modules, but they did not work at all for my mode

I tried Crypt::GCrypt - it's 3 times slower than openssl cli
So, I am looking for list of modules which can compete with openssl command line tool.

Replies are listed 'Best First'.
Re: Decent crypto library?
by daxim (Chaplain) on Oct 28, 2013 at 14:28 UTC
      Thank you.

      Crypt::Cipher::AES - there was a typo in my post. I already tried this one. And it's as slow as others in Crypt::CBC mode

      Crypt::MCrypt - Cannot get it working with RIJNDAEL-256 (I tried also "aes", "aes256") - getting segfaults

Re: Decent crypto library?
by tobyink (Abbot) on Oct 28, 2013 at 15:54 UTC

    Dare I ask... why not just use the OpenSSL binary?

    I use a function called find_openssl to locate a copy of openssl from well-known locations, falling back to Alien::OpenSSL if it is installed.

    As well as using find_openssl in the application code, I also call the function from Makefile.PL, and if it can't find openssl, a dependency on Alien::OpenSSL will be added to the MYMETA.json file, which CPAN clients should automatically pick up and install.

    use Moops; class Cow :rw { has name => (default => 'Ermintrude') }; say Cow->new->name
      Dare I ask... why not just use the OpenSSL binary?
      That't my plan B. or C.

      cons (for me):
      1. that would be probably slow if you have a lot of small files (process creation overhead)
      2. I need to use custom key and IV (-K and -iv options for openssl "enc" command)
      That options are visible in command line, thus it's considered unsecure, I don't see the way it can be hidden (unlike, say, option "-k" can be hidden using --kfile)
      Seems that indeed there is no way to hide IV and Key in command line

      And someone in OpenSSL mailing list explains that openssl binary is not for production use (only dev/demo tool)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1059987]
Approved by hdb
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (4)
As of 2018-06-19 03:16 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (111 votes). Check out past polls.