None of the Digest:: modules will serve your purpose, as those are geared towards producing a Digest. What you're looking at is called Symmetric Crypt. You can probably use Crypt::DES_EDE3 or Crypt::Blowfish (those are the ones that I would consider).
Make sure you read the documentation for the modules thoroughly. I only have sueprficial training in cryptography...
Best regards
-lem, but some call me fokat
| [reply] |
What are you trying to do? Encrypt a cookie? If that's the case, then
you can use any of the Crypt modules, but you want to use Mime::Base64 on it, so it can pass thru the web. Here is an example for
Crypt::RC4. The nice thing about RC4 is that it has a pure perl module
which you can upload to your server, if they don't have it installed.
It's fast, although not the best security(but who are you trying to hide from anyways? It's probably not secure from the government)
#!/usr/bin/perl
use strict;
use warnings;
use Crypt::RC4;
use MIME::Base64;
my $key = "abcdefghijklm";
my $plaintext = "Hello, World!";
my $encrypted = RC4($key, $plaintext);
my $encoded = encode_base64($encrypted);
my $decoded = decode_base64($encoded);
print "$encoded\n";
print "$decoded\n";
my $decrypted = RC4($key, $decoded);
print "$decrypted\n";
| [reply]
[d/l] |
With a stream cipher like RC4, it's extremely important that you NEVER ENCRYPT TWO MESSAGES WITH THE SAME KEY. If you do, the security reduces to that of simple xor encryption -- in other words, no security at all. This problem is mentioned in the Crypt::RC4 docs. Using a string hardcoded into your script as the key is the wrong way to use this module.
If you want an out-of-the-box encryption solution, I would recommend Crypt::CBC. There are pure-perl encryption modules you can use with it, if compiling modules is a problem for you.
| [reply] |
