📄 manpage.txt
字号:
MCRYPT(3) MCRYPT(3)
NAME
libmcrypt - encryption/decryption library
SYNOPSIS
[see also mcrypt.h for more information]
DESCRIPTION
The libmcrypt is a data encryption library. The library
is thread safe and provides encryption and decryption
functions. This version of the library supports many
encryption algorithms and encryption modes. Some algo-
rithms which are supported: SERPENT, RIJNDAEL, 3DES, GOST,
SAFER+, CAST-256, RC2, XTEA, 3WAY, TWOFISH, BLOWFISH, ARC-
FOUR, WAKE and more.
OFB, CBC, ECB, nOFB, nCFB and CFB are the modes that all
algorithms may function. ECB, CBC, encrypt in blocks but
CTR, nCFB, nOFB, CFB and OFB in bytes (streams). Note
that CFB and OFB in the rest of the document represent the
"8bit CFB or OFB" mode. nOFB and nCFB modes represents a
n-bit OFB/CFB mode, n is used to represent the algorithm's
block size. The library supports an extra STREAM mode to
include some stream algorithms like WAKE or ARCFOUR.
In this version of the library all modes and algorithms
are modular, which means that the algorithm and the mode
is loaded at run-time. This way you can add algorithms
and modes faster, and much easier.
LibMcrypt includes the following symmetric (block) algo-
rithms:
DES: The traditional DES algorithm designed by IBM and US
NSA. Uses 56 bit key and 64 bit block. It is now consid-
ered a weak algorithm, due to its small key size (it was
never intended for use with classified data).
3DES or Triple DES: DES but with multiple (triple) encryp-
tion. It encrypts the plaintext once, then decrypts it
with the second key, and encrypts it again with the third
key (outer cbc mode used for cbc). Much better than tra-
ditional DES since the key is now 168 bits (actually the
effective key length is 112 bits due to the meet-in-the-
middle attack).
CAST-128: CAST was designed in Canada by Carlisle Adams
and Stafford Tavares. The original algorithm used a 64bit
key and block. The algorithm here is CAST-128 (also called
CAST5) which has a 128bit key and 64bit block size.
CAST-256: CAST-256 was designed by Carlisle Adams. It is a
symmetric cipher designed in accordance with the CAST
design procedure. It is an extention of the CAST-128, hav-
ing a 128 bit block size, and up to 256 bit key size.
xTEA: TEA stands for the Tiny Encryption Algorithm. It is
a feistel cipher designed by David Wheeler & Roger M.
Needham. The original TEA was intended for use in appli-
cations where code size is at a premium, or where it is
necessary for someone to remember the algorithm and code
it on an arbitrary machine at a later time. The algorithm
used here is extended TEA and has a 128bit key size and
64bit block size.
3-WAY: The 3way algorithm designed by Joan Daemen. It uses
key and block size of 96 bits.
SKIPJACK: SKIPJACK was designed by the US NSA. It was part
of the ill-fated "Clipper" Escrowed Encryption Standard
(EES) (FIPS 185) proposal. It operates on 64bit blocks and
uses a key of 80 bits. SKIPJACK is provided only as an
extra module to libmcrypt.
BLOWFISH: The Blowfish algorithm designed by Bruce
Schneier. It is better and faster than DES. It can use a
key up to 448 bits.
TWOFISH: Twofish was designed by Bruce Schneier, Doug
Whiting, John Kelsey, Chris Hall, David Wagner for Coun-
terpane systems. Intended to be highly secure and highly
flexible. It uses a 128bit block size and 128,192,256 bit
key size. (Twofish is the default algorithm)
LOKI97: LOKI97 was designed by Lawrie Brown and Josef
Pieprzyk. It has a 128-bit block length and a 256bit key
schedule, which can be initialized using 128, 192 or 256
bit keys. It has evolved from the earlier LOKI89 and
LOKI91 64-bit block ciphers, with a strenghtened key
schedule and a larger keyspace.
RC2: RC2 (RC stands for Rivest Cipher) was designed by Ron
Rivest. It uses block size of 64 bit and a key size from 8
to 1024 bits. It is optimized for 16bit microprocessors
(reflecting its age). It is described in the RFC2268.
ARCFOUR: RC4 was designed by Ron Rivest. For several years
this algorithm was considered a trade secret and details
were not available. In September 1994 someone posted the
source code in the cypherpunks mailing list. Although the
source code is now available RC4 is trademarked by RSADSI
so this algorithm is not included in the mcrypt distribu-
tion. A compatible cipher named ARCFOUR is included in the
mcrypt distribution. It is a stream cipher and has a maxi-
mum key of 2048 bits.
RC6: RC6 was designed by Ron Rivest for RSA labs. In
mcrypt it uses block size of 128 bit and a key size of
128/192/256 bits. Refer to RSA Labs and Ron Rivest for
any copyright, patent or license issues for the RC6 algo-
rithm. RC6 is provided only as an extra module to libm-
crypt.
RIJNDAEL: Rijndael is a block cipher, designed by Joan
Daemen and Vincent Rijmen as a candidate algorithm for the
AES. The cipher has a variable block length and key
length. Rijndael can be implemented very efficiently on a
wide range of processors and in hardware. The design of
Rijndael was strongly influenced by the design of the
block cipher Square. There exist three versions of this
algorithm, namely: RIJNDAEL-128 (the AES winner) , RIJN-
DAEL-192 , RIJNDAEL-256 The numerals 128, 192 and 256
stand for the length of the block size.
MARS: MARS is a 128-bit block cipher designed by IBM as a
candidate for the Advanced Encryption Standard. Refer to
IBM for any copyright, patent or license issues for the
MARS algorithm. MARS is provided only as an extra module
to libmcrypt.
PANAMA: PANAMA is a cryptographic module that can be used
both as a cryptographic hash function and as a stream
cipher. It designed by Joan Daemen and Craig Clapp. PANAMA
(the stream cipher) is included in libmcrypt.
WAKE: WAKE stands for Word Auto Key Encryption, and is an
encryption system for medium speed encryption of blocks
and of high security. WAKE was designed by David J.
Wheeler. It is intended to be fast on most computers and
relies on repeated table use and having a large state
spece.
SERPENT: Serpent is a 128-bit block cipher designed by
Ross Anderson, Eli Biham and Lars Knudsen as a candidate
for the Advanced Encryption Standard. Serpent's design
was limited to well understood mechanisms, so that could
rely on the wide experience of block cipher cryptanalysis,
and achieve the highest practical level of assurance that
no shortcut attack will be found. Serpent has twice as
many rounds as are necessary, to block all currently known
shortcut attacks. Despite these exacting design con-
straints, Serpent is faster than DES.
IDEA: IDEA stands for International Data Encryption Algo-
rithm and was designed by Xuejia Lai and James Massey. It
operates on 64bit blocks and uses a key of 128 bits.
Refer to Ascom-Tech AG for any copyright, patent or
license issues for the IDEA algorithm. IDEA is provided
only as an extra module to libmcrypt.
ENIGMA (UNIX crypt): A one-rotor machine designed along
the lines of Enigma but considerable trivialized. Very
easy to break for a skilled cryptanalist. I suggest
against using it. Added just for completeness.
GOST: A former soviet union's algorithm. An acronym for
"Gosudarstvennyi Standard" or Government Standard. It uses
a 256 bit key and a 64 bit block.
The S-boxes used here are described in the Applied Cryp-
tography book by Bruce Schneier. They were used in an
application for the Central Bank of the Russian Federa-
tion.
Some quotes from gost.c: The standard is written by A.
Zabotin (project leader), G.P. Glazkov, and V.B. Isaeva.
It was accepted and introduced into use by the action of
the State Standards Committee of the USSR on 2 June 1989
as No. 1409. It was to be reviewed in 1993, but whether
anyone wishes to take on this obligation from the USSR is
questionable.
This code is based on the 25 November 1993 draft transla-
tion by Aleksandr Malchik, with Whitfield Diffie, of the
Government Standard of the U.S.S.R. GOST 28149-89, "Cryp-
tographic Transformation Algorithm", effective 1 July
1990. (Whitfield.Diffie@eng.sun.com) Some details have
been cleared up by the paper "Soviet Encryption Algorithm"
by Josef Pieprzyk and Leonid Tombak of the University of
Wollongong, New South Wales. (josef/leo@cs.adfa.oz.au)
SAFER: SAFER (Secure And Fast Encryption Routine) is a
block cipher developed by Prof. J.L. Massey at the Swiss
Federal Institute of Technology. There exist four ver-
sions of this algorithm, namely: SAFER K-64 , SAFER K-128
, SAFER SK-64 and SAFER SK-128. The numerals 64 and 128
stand for the length of the user-selected key, 'K' stands
for the original key schedule and 'SK' stands for the
strengthened key schedule (in which some of the "weak-
nesses" of the original key schedule have been removed).
In mcrypt only SAFER SK-64 and SAFER SK-128 are used.
SAFER+: SAFER+ was designed by Prof. J.L. Massey, Prof.
Gurgen H. Khachatrian and Dr. Melsik K. Kuregian for
Cylink. SAFER+ is based on the existing SAFER family of
ciphers and provides for a block size of 128bits and 128,
192 and 256 bits key length.
A short description of the modes supported by libmcrypt:
STREAM: The mode used with stream ciphers. In this mode
the keystream from the cipher is XORed with the plaintext.
Thus you should NOT ever use the same key.
ECB: The Electronic CodeBook mode. It is the simplest mode
to use with a block cipher. Encrypts each block indepen-
dently. It is a block mode so plaintext length should be a
multiple of blocksize (n*blocksize).
CBC: The Cipher Block Chaining mode. It is better than ECB
since the plaintext is XOR'ed with the previous cipher-
text. A random block should be placed as the first block
(IV) so the same block or messages always encrypt to some-
thing different. It is a block mode so plaintext length
should be a multiple of blocksize (n*blocksize).
CFB: The Cipher-Feedback Mode (in 8bit). This is a self-
synchronizing stream cipher implemented from a block
cipher. This is the best mode to use for encrypting
strings or streams. This mode requires an IV.
OFB: The Output-Feedback Mode (in 8bit). This is a syn-
chronous stream cipher implemented from a block cipher. It
is intended for use in noisy lines, because corrupted
ciphertext blocks do not corrupt the plaintext blocks that
follow. Insecure (because used in 8bit mode) so it is rec-
ommended not to use it. Added just for completeness.
nOFB: The Output-Feedback Mode (in nbit). n Is the size of
the block of the algorithm. This is a synchronous stream
cipher implemented from a block cipher. It is intended for
use in noisy lines, because corrupted ciphertext blocks do
not corrupt the plaintext blocks that follow. This mode
operates in streams.
nCFB: The Cipher-Feedback Mode (in nbit). n Is the size of
the block of the algorithm. This is a self synchronizing
stream cipher implemented from a block cipher. This mode
operates in streams.
CTR: The Counter Mode. This is a stream cipher implemented
from a block cipher. This mode uses the cipher to encrypt
a set of input blocks, called counters, to produce blocks
that will be XORed with the plaintext. In libmcrypt the
counter is the given IV which is incremented at each step.
This mode operates in streams.
Error Recovery in these modes: If bytes are removed or
lost from the file or stream in ECB, CTR, CBC and OFB
modes, are impossible to recover, although CFB and nCFB
modes will recover. If some bytes are altered then a full
block of plaintext is affected in ECB, nOFB and CTR modes,
two blocks in CBC, nCFB and CFB modes, but only the corre-
sponding byte in OFB mode.
Encryption can be done as follows:
A call to function: MCRYPT mcrypt_module_open( char *algo-
rithm, char* algorithm_directory, char*
mode, char* mode_directory);
This function associates the algorithm and the mode speci-
fied. The name of the algorithm is specified in algo-
rithm, eg "twofish", and the algorithm_directory is the
directory where the algorithm is (it may be null if it is
the default). The same applies for the mode. The library
is closed by calling mcrypt_module_close(), but you should
not call that function if mcrypt_generic_end() is called
before. Normally it returns an encryption descriptor, or
MCRYPT_FAILED on error.
A call to function: int mcrypt_generic_init( MCRYPT td,
void *key, int lenofkey, void *IV);
This function initializes all buffers for the specified
thread The maximum value of lenofkey should be the one
obtained by calling mcrypt_get_key_size() and every value
smaller than this is legal. Note that Lenofkey should be
specified in bytes not bits. The IV should normally have
the size of the algorithms block size, but you must obtain
the size by calling mcrypt_get_iv_size(). IV is ignored
in ECB. IV MUST exist in CFB, CBC, STREAM, nOFB and OFB
modes. It needs to be random and unique (but not secret).
The same IV must be used for encryption/decryption. After
calling this function you can use the descriptor for
encryption or decryption (not both). Returns a negative
value on error.
To encrypt now call:
int mcrypt_generic( MCRYPT td, void *plaintext, int len);
This is the main encryption function. td is the encryption
descriptor returned by mcrypt_generic_init(). Plaintext is
the plaintext you wish to encrypt and len should be the
length (in bytes) of the plaintext and it should be
k*algorithms_block_size if used in a mode which operated
in blocks (cbc, ecb, nofb), or whatever when used in cfb
or ofb which operate in streams. The plaintext is replaced
by the ciphertext. Returns 0 on success.
To decrypt you can call:
int mdecrypt_generic( MCRYPT td, void *ciphertext, int
len);
The decryption function. It is almost the same with
mcrypt_generic. Returns 0 on success.
When you're finished you should call:
int mcrypt_generic_end( MCRYPT td);
This function terminates encryption specified by the
encryption descriptor (td). Actually it clears all
buffers, and closes all the modules used. Returns a nega-
tive value on error. This function is deprecated. Use
mcrypt_generic_deinit() and mcrypt_module_close() instead.
int mcrypt_generic_deinit( MCRYPT td);
This function terminates encryption specified by the
encryption descriptor (td). Actually it clears all
buffers. The difference with mcrypt_generic_end() is that
this function does not close the modules used. Thus you
should use mcrypt_module_close(). Using this function you
gain in speed if you use the same modules for several
encryptions. Returns a negative value on error.
int mcrypt_module_close( MCRYPT td);
This function closes the modules used by the descriptor
td.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -