Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
MCRYPT(3)		   Library Functions Manual		     MCRYPT(3)

NAME
       libmcrypt - encryption/decryption library

SYNOPSIS
       [see also mcrypt.h for more information]

DESCRIPTION
       The libmcrypt is	a data encryption library.  The	library	is thread safe
       and  provides encryption	and decryption functions.  This	version	of the
       library supports	many encryption	algorithms and encryption modes.  Some
       algorithms  which are supported:	SERPENT, RIJNDAEL, 3DES, GOST, SAFER+,
       CAST-256, RC2, XTEA, 3WAY, TWOFISH, BLOWFISH, ARCFOUR, WAKE and more.

       OFB, CBC, ECB, nOFB, nCFB and CFB are the modes that all	algorithms may
       function.  ECB, CBC, encrypt in blocks but CTR, nCFB, nOFB, CFB and OFB
       in bytes	(streams).  Note that CFB and OFB in the rest of the  document
       represent the "8bit CFB or OFB" mode.  nOFB and nCFB modes represents a
       n-bit  OFB/CFB mode, n is used to represent the algorithm's block size.
       The library supports an extra STREAM mode to include some stream	 algo-
       rithms like WAKE	or ARCFOUR.

       In  this	 version  of the library all modes and algorithms are modular,
       which means that	the algorithm and the  mode  is	 loaded	 at  run-time.
       This way	you can	add algorithms and modes faster, and much easier.

       LibMcrypt includes the following	symmetric (block) algorithms:

       DES: The	traditional DES	algorithm designed by IBM and US NSA.  Uses 56
       bit key and 64 bit block. It is now considered a	weak algorithm,	due to
       its  small  key	size  (it  was	never intended for use with classified
       data).

       3DES or Triple DES: DES but with	multiple (triple) encryption.  It  en-
       crypts  the  plaintext  once, then decrypts it with the second key, and
       encrypts	it again with the third	key (outer cbc	mode  used  for	 cbc).
       Much  better  than traditional DES since	the key	is now 168 bits	(actu-
       ally the	effective key length is	112 bits due to	the meet-in-the-middle
       attack).

       CAST-128: CAST was designed in Canada by	Carlisle  Adams	 and  Stafford
       Tavares.	  The original algorithm used a	64bit key and block. The algo-
       rithm here is CAST-128 (also called CAST5) which	has a 128bit  key  and
       64bit block size.

       CAST-256:  CAST-256  was	 designed by Carlisle Adams. It	is a symmetric
       cipher designed in accordance with the CAST design procedure. It	is  an
       extention  of  the CAST-128, having a 128 bit block size, and up	to 256
       bit key size.

       xTEA: TEA stands	for the	Tiny Encryption	Algorithm. It is a feistel ci-
       pher designed by	David Wheeler &	Roger M. Needham.   The	 original  TEA
       was  intended  for use in applications where code size is at a premium,
       or where	it is necessary	for someone to remember	the algorithm and code
       it on an	arbitrary machine at a later time.  The	algorithm used here is
       extended	TEA and	has a 128bit key size and 64bit	block size.

       3-WAY: The 3way algorithm designed by Joan  Daemen.  It	uses  key  and
       block size of 96	bits.

       SKIPJACK:  SKIPJACK was designed	by the US NSA. It was part of the ill-
       fated "Clipper" Escrowed	Encryption Standard (EES) (FIPS	185) proposal.
       It operates on 64bit blocks and uses a key of 80	bits. SKIPJACK is pro-
       vided only as an	extra module to	libmcrypt.

       BLOWFISH: The Blowfish algorithm	designed by Bruce Schneier. It is bet-
       ter and faster than DES.	It can use a key up to 448 bits.

       TWOFISH:	Twofish	was designed by	Bruce  Schneier,  Doug	Whiting,  John
       Kelsey,	Chris  Hall, David Wagner for Counterpane systems. Intended to
       be highly secure	and highly flexible. It	uses a 128bit block  size  and
       128,192,256 bit key size.  (Twofish is the default algorithm)

       LOKI97:	LOKI97 was designed by Lawrie Brown and	Josef Pieprzyk.	It has
       a 128-bit block length and a 256bit key schedule, which can be initial-
       ized using 128, 192 or 256 bit keys. It has evolved  from  the  earlier
       LOKI89  and LOKI91 64-bit block ciphers,	with a strengthened key	sched-
       ule and a larger	keyspace.

       RC2: RC2	(RC stands for Rivest Cipher) was designed by Ron  Rivest.  It
       uses block size of 64 bit and a key size	from 8 to 1024 bits. It	is op-
       timized for 16bit microprocessors (reflecting its age). It is described
       in the RFC2268.

       ARCFOUR:	 RC4  was designed by Ron Rivest. For several years this algo-
       rithm was considered a trade secret and details were not	available.  In
       September  1994 someone posted the source code in the cypherpunks mail-
       ing list. Although the source code is now available RC4 is  trademarked
       by  RSADSI  so  a  compatible  cipher  named ARCFOUR is included	in the
       mcrypt distribution. It is a stream cipher and has  a  maximum  key  of
       2048 bits.

       RC6:  RC6  was  designed	 by Ron	Rivest for RSA labs. In	mcrypt it uses
       block size of 128 bit and a key size of 128/192/256 bits.  Refer	to RSA
       Labs and	Ron Rivest for any copyright, patent or	license	issues for the
       RC6 algorithm. RC6 is provided only as an extra module to libmcrypt.

       RIJNDAEL: Rijndael is a block cipher, designed by Joan Daemen and  Vin-
       cent  Rijmen,  and  was approved	for the	USA's NIST Advanced Encryption
       Standard, FIPS-197.  The	cipher has a variable  block  length  and  key
       length. Rijndael	can be implemented very	efficiently on a wide range of
       processors  and in hardware. The	design of Rijndael was strongly	influ-
       enced by	the design of the block	cipher Square.	There exist three ver-
       sions of	this algorithm,	namely:	RIJNDAEL-128 (the AES winner) ,	 RIJN-
       DAEL-192	 ,  RIJNDAEL-256  The  numerals	128, 192 and 256 stand for the
       length of the block size.

       MARS: MARS is a 128-bit block cipher designed by	IBM as a candidate for
       the Advanced Encryption Standard.  Refer	 to  IBM  for  any  copyright,
       patent  or license issues for the MARS algorithm. MARS is provided only
       as an extra module to libmcrypt.

       PANAMA: PANAMA is a cryptographic module	that can be  used  both	 as  a
       cryptographic hash function and as a stream cipher. It designed by Joan
       Daemen and Craig	Clapp. PANAMA (the stream cipher) is included in libm-
       crypt.

       WAKE:  WAKE  stands  for	Word Auto Key Encryption, and is an encryption
       system for medium speed encryption of  blocks  and  of  high  security.
       WAKE  was  designed  by	David J. Wheeler. It is	intended to be fast on
       most computers and relies on repeated table  use	 and  having  a	 large
       state space.

       SERPENT:	 Serpent  is a 128-bit block cipher designed by	Ross Anderson,
       Eli Biham and Lars Knudsen as a candidate for the  Advanced  Encryption
       Standard.   Serpent's design was	limited	to well	understood mechanisms,
       so that could rely on the wide experience of block  cipher  cryptanaly-
       sis,  and  achieve  the	highest	 practical  level of assurance that no
       shortcut	attack will be found. Serpent has twice	as many	rounds as  are
       necessary, to block all currently known shortcut	attacks. Despite these
       exacting	design constraints, Serpent is faster than DES.

       IDEA:  IDEA  stands for International Data Encryption Algorithm and was
       designed	by Xuejia Lai and James	Massey.	It operates  on	 64bit	blocks
       and  uses a key of 128 bits.  Refer to Ascom-Tech AG for	any copyright,
       patent or license issues	for the	IDEA algorithm.	IDEA is	provided  only
       as an extra module to libmcrypt.

       ENIGMA  (UNIX  crypt):  A one-rotor machine designed along the lines of
       Enigma but considerable trivialized. Very easy to break for  a  skilled
       cryptanalyst.  I	suggest	against	using it. Added	just for completeness.

       GOST:  A	former soviet union's algorithm. An acronym for	"Gosudarstven-
       nyi Standard" or	Government Standard. It	uses a 256 bit key  and	 a  64
       bit block.
	The  S-boxes  used here	are described in the Applied Cryptography book
       by Bruce	Schneier. They were used in an	application  for  the  Central
       Bank of the Russian Federation.
	Some  quotes  from  gost.c:  The  standard  is	written	 by A. Zabotin
       (project	leader), G.P. Glazkov, and V.B.	Isaeva.	 It was	 accepted  and
       introduced  into	 use by	the action of the State	Standards Committee of
       the USSR	on 2 June 1989 as No. 1409.  It	was to be  reviewed  in	 1993,
       but  whether  anyone wishes to take on this obligation from the USSR is
       questionable.
	This code is based on the 25 November 1993 draft translation by	 Alek-
       sandr Malchik, with Whitfield Diffie, of	the Government Standard	of the
       U.S.S.R.	 GOST  28149-89, "Cryptographic	Transformation Algorithm", ef-
       fective 1 July 1990.  (Whitfield.Diffie@eng.sun.com) Some details  have
       been  cleared  up  by  the paper	"Soviet	Encryption Algorithm" by Josef
       Pieprzyk	and Leonid Tombak of the University of Wollongong,  New	 South
       Wales.  (josef/leo@cs.adfa.oz.au)

       SAFER: SAFER (Secure And	Fast Encryption	Routine) is a block cipher de-
       veloped by Prof.	J.L. Massey at the Swiss Federal Institute of Technol-
       ogy.  There exist four versions of this algorithm, namely: SAFER	K-64 ,
       SAFER  K-128  ,	SAFER SK-64 and	SAFER SK-128.  The numerals 64 and 128
       stand for the length of the user-selected key, 'K' stands for the orig-
       inal key	schedule and 'SK' stands for the strengthened key schedule (in
       which some of the "weaknesses" of the original key schedule  have  been
       removed). In mcrypt only	SAFER SK-64 and	SAFER SK-128 are used.

       SAFER+:	SAFER+	was  designed  by  Prof.  J.L. Massey, Prof. Gurgen H.
       Khachatrian and Dr. Melsik K. Kuregian for Cylink. SAFER+ is  based  on
       the  existing  SAFER family of ciphers and provides for a block size of
       128bits and 128,	192 and	256 bits key length.

       A short description of the modes	supported by libmcrypt:

       STREAM: The mode	used with stream ciphers. In this mode	the  keystream
       from  the  cipher is XORed with the plaintext. Thus you should NOT ever
       use the same key.

       ECB: The	Electronic CodeBook mode. It is	the simplest mode to use  with
       a  block	 cipher. Encrypts each block independently. It is a block mode
       so plaintext length should be a multiple	of blocksize (n*blocksize).

       CBC: The	Cipher Block Chaining mode. It is better than  ECB  since  the
       plaintext is XOR'ed with	the previous ciphertext. A random block	should
       be  placed as the first block (IV) so the same block or messages	always
       encrypt to something different. It is a block mode so plaintext	length
       should be a multiple of blocksize (n*blocksize).

       CFB:  The  Cipher-Feedback Mode (in 8bit). This is a self-synchronizing
       stream cipher implemented from a	block cipher. This is the best mode to
       use for encrypting strings or streams. This mode	requires an IV.

       OFB: The	Output-Feedback	Mode (in 8bit).	This is	a  synchronous	stream
       cipher implemented from a block cipher. It is intended for use in noisy
       lines, because corrupted	ciphertext blocks do not corrupt the plaintext
       blocks  that follow. Insecure (because used in 8bit mode) so it is rec-
       ommended	not to use it. Added just for completeness.

       nOFB: The Output-Feedback Mode (in nbit). n Is the size of the block of
       the algorithm. This is a	synchronous stream cipher implemented  from  a
       block  cipher. It is intended for use in	noisy lines, because corrupted
       ciphertext blocks do not	corrupt	the plaintext blocks that follow. This
       mode operates in	streams.

       nCFB: The Cipher-Feedback Mode (in nbit). n Is the size of the block of
       the algorithm. This is a	self synchronizing stream  cipher  implemented
       from a block cipher. This mode operates in streams.

       CTR: The	Counter	Mode. This is a	stream cipher implemented from a block
       cipher.	This  mode  uses  the cipher to	encrypt	a set of input blocks,
       called counters,	to produce blocks that will be XORed with  the	plain-
       text.  In libmcrypt the counter is the given IV which is	incremented at
       each step.  This	mode operates in streams.

       Error  Recovery	in  these modes: If bytes are removed or lost from the
       file or stream in ECB, CTR, CBC and OFB modes, are  impossible  to  re-
       cover,  although	CFB and	nCFB modes will	recover. If some bytes are al-
       tered then a full block of plaintext is affected	in ECB,	nOFB  and  CTR
       modes,  two blocks in CBC, nCFB and CFB modes, but only the correspond-
       ing byte	in OFB mode.

       Encryption can be done as follows:

       A call to function: MCRYPT mcrypt_module_open( char  *algorithm,	 char*
       algorithm_directory,		   char* mode, char* mode_directory);

       This  function  associates  the	algorithm and the mode specified.  The
       name of the algorithm is	specified in algorithm,	eg "twofish", and  the
       algorithm_directory  is the directory where the algorithm is (it	may be
       null if it is the default). The same applies for	the mode.  The library
       is closed by calling mcrypt_module_close(), but	you  should  not  call
       that  function  if  mcrypt_generic_end()	is called before.  Normally it
       returns an encryption descriptor, or MCRYPT_FAILED on error.

       A call to function: int mcrypt_generic_init( MCRYPT td, void *key,  int
       lenofkey, void *IV);

       This function initializes all buffers for the specified thread The max-
       imum   value  of	 lenofkey  should  be  the  one	 obtained  by  calling
       mcrypt_get_key_size() and every value smaller than this is legal.  Note
       that Lenofkey should be specified in bytes not  bits.   The  IV	should
       normally	 have  the size	of the algorithms block	size, but you must ob-
       tain the	size by	calling	mcrypt_get_iv_size().  IV is ignored  in  ECB.
       IV  MUST	 exist in CFB, CBC, STREAM, nOFB and OFB modes.	It needs to be
       random and unique (but not secret). The same IV must be	used  for  en-
       cryption/decryption.   After  calling this function you can use the de-
       scriptor	for encryption or decryption (not both).  Returns  a  negative
       value on	error.

       To encrypt now call:

       int mcrypt_generic( MCRYPT td, void *plaintext, int len);

       This  is	 the main encryption function. td is the encryption descriptor
       returned	by mcrypt_generic_init(). Plaintext is the plaintext you  wish
       to encrypt and len should be the	length (in bytes) of the plaintext and
       it  should  be k*algorithms_block_size if used in a mode	which operated
       in blocks (cbc, ecb, nofb), or whatever when used in cfb	or  ofb	 which
       operate	in  streams.  The plaintext is replaced	by the ciphertext. Re-
       turns 0 on success.

       To decrypt you can call:

       int mdecrypt_generic( MCRYPT td,	void *ciphertext, int len);

       The decryption function.	It is almost  the  same	 with  mcrypt_generic.
       Returns 0 on success.

       When you're finished you	should call:

       int mcrypt_generic_end( MCRYPT td);

       This  function  terminates  encryption  specified by the	encryption de-
       scriptor	(td).  Actually	it clears all buffers, and closes all the mod-
       ules used.  Returns a negative value on error.  This function is	depre-
       cated.  Use mcrypt_generic_deinit() and mcrypt_module_close() instead.

       int mcrypt_generic_deinit( MCRYPT td);

       This function terminates	encryption specified  by  the  encryption  de-
       scriptor	 (td).	 Actually  it  clears all buffers. The difference with
       mcrypt_generic_end() is that this function does not close  the  modules
       used.  Thus  you	should use mcrypt_module_close().  Using this function
       you gain	in speed if you	use the	same modules for several  encryptions.
       Returns a negative value	on error.

       int mcrypt_module_close(	MCRYPT td);

       This function closes the	modules	used by	the descriptor td.

       These  are  some	extra functions	that operate on	modules	that have been
       opened: These functions have the	prefix mcrypt_enc_*.

       int mcrypt_enc_set_state(MCRYPT td, void	*state,	int size); This	 func-
       tion sets the state of the algorithm. Can be used only with block algo-
       rithms and certain modes	like CBC, CFB etc.  It is usefully if you want
       to  restart  or	start a	different encryption quickly.  Returns zero on
       success.	The state is the output	of mcrypt_enc_get_state().

       int mcrypt_enc_get_state(MCRYPT td, void	*state,	int *size); This func-
       tion returns the	state of the algorithm.	Can be used only certain modes
       and algorithms. The size	will hold the size of the state	and the	 state
       must have enough	bytes to hold it.  Returns zero	on success.

       int mcrypt_enc_self_test( MCRYPT	td);

       This  function runs the self test on the	algorithm specified by the de-
       scriptor	td. If the self	test succeeds it returns zero.

       int mcrypt_enc_is_block_algorithm_mode( MCRYPT td);

       Returns 1 if the	mode is	for use	with block  algorithms,	 otherwise  it
       returns 0. (eg. 0 for stream, and 1 for cbc, cfb, ofb)

       int mcrypt_enc_is_block_algorithm( MCRYPT td);

       Returns	1 if the algorithm is a	block algorithm	or 0 if	it is a	stream
       algorithm.

       int mcrypt_enc_is_block_mode( MCRYPT td);

       Returns 1 if the	mode outputs blocks of bytes or	0 if it	outputs	bytes.
       (eg. 1 for cbc and ecb, and 0 for cfb and stream)

       int mcrypt_enc_get_block_size( MCRYPT td);

       Returns the block size of the algorithm specified by the	encryption de-
       scriptor	in bytes. The  algorithm  MUST	be  opened  using  mcrypt_mod-
       ule_open().

       int mcrypt_enc_get_key_size( MCRYPT td);

       Returns	the  maximum  supported	key size of the	algorithm specified by
       the encryption descriptor in bytes. The algorithm MUST be opened	 using
       mcrypt_module_open().

       int* mcrypt_enc_get_supported_key_sizes(	MCRYPT td, int*	sizes)

       Returns	the  key sizes supported by the	algorithm specified by the en-
       cryption	descriptor.  If	sizes is zero and returns NULL	then  all  key
       sizes  between  1  and mcrypt_get_key_size() are	supported by the algo-
       rithm. If it is 1 then only the mcrypt_get_key_size() size is supported
       and sizes[0] is equal to	it. If it is greater than 1 then  that	number
       specifies  the number of	elements in sizes which	are the	key sizes that
       the algorithm supports. The returned value is allocated with malloc, so
       you should not forget to	free it.

       int mcrypt_enc_get_iv_size( MCRYPT td);

       Returns size of the IV of the algorithm specified by the	encryption de-
       scriptor	in bytes. The  algorithm  MUST	be  opened  using  mcrypt_mod-
       ule_open().   If	it is '0' then the IV is ignored in that algorithm. IV
       is used in CBC, CFB, OFB	modes, and in some algorithms in STREAM	mode.

       int mcrypt_enc_mode_has_iv( MCRYPT td);

       Returns 1 if the	mode needs an IV, 0  otherwise.	 Some  'stream'	 algo-
       rithms may need an IV even if the mode itself does not need an IV.

       char* mcrypt_enc_get_algorithms_name( MCRYPT td);

       Returns	a  character  array containing the name	of the algorithm.  The
       returned	value is allocated with	malloc,	so you should  not  forget  to
       free it.

       char* mcrypt_enc_get_modes_name(	MCRYPT td);

       Returns	a  character  array  containing	the name of the	mode.  The re-
       turned value is allocated with malloc, so you should not	forget to free
       it.

       These are some extra functions that operate on modules: These functions
       have the	prefix mcrypt_module_*.

       int mcrypt_module_self_test (char* algorithm, char* directory);

       This function runs the self test	on the	specified  algorithm.  If  the
       self test succeeds it returns zero.

       int  mcrypt_module_is_block_algorithm_mode(  char* algorithm, char* di-
       rectory);

       Returns 1 if the	mode is	for use	with block  algorithms,	 otherwise  it
       returns 0. (eg. 0 for stream, and 1 for cbc, cfb, ofb)

       int mcrypt_module_is_block_algorithm( char* mode, char* directory);

       Returns	1 if the algorithm is a	block algorithm	or 0 if	it is a	stream
       algorithm.

       int mcrypt_module_is_block_mode(	char* mode, char* directory);

       Returns 1 if the	mode outputs blocks of bytes or	0 if it	outputs	bytes.
       (eg. 1 for cbc and ecb, and 0 for cfb and stream)

       int mcrypt_module_get_algo_block_size( char*  algorithm,	 char*	direc-
       tory);

       Returns the block size of the algorithm.

       int mcrypt_module_get_algo_key_size( char* algorithm, char* directory);

       Returns the maximum supported key size of the algorithm.

       int* mcrypt_module_get_algo_supported_key_sizes(	char* algorithm, char*
       directory, int* sizes);

       Returns	the key	sizes supported	by the algorithm. If sizes is zero and
       returns NULL then all key sizes between 1 and mcrypt_get_key_size() are
       supported  by   the   algorithm.	  If   it   is	 1   then   only   the
       mcrypt_get_key_size() size is supported and sizes[0] is equal to	it. If
       it  is greater than 1 then that number specifies	the number of elements
       in sizes	which are the key sizes	 that  the  algorithm  supports.  This
       function	 differs  to mcrypt_enc_get_supported_key_sizes(), because the
       return value here is allocated (not static), thus it should be freed.

       char** mcrypt_list_algorithms ( char* libdir, int* size);

       Returns a pointer to a character	array containing all the mcrypt	 algo-
       rithms  located	in the libdir, or if it	is NULL, in the	default	direc-
       tory. The size is the number of the character arrays.  The  arrays  are
       allocated internally and	should be freed	by using mcrypt_free_p().

       char** mcrypt_list_modes	( char*	libdir,	int *size);

       Returns	a pointer to a character array containing all the mcrypt modes
       located in the libdir, or if it is NULL,	in the default directory.  The
       size is the number of the character arrays.  The	arrays should be freed
       by using	mcrypt_free_p().

       void mcrypt_free_p (char	**p, int size);

       Frees the pointer to array returned by previous functions.

       void mcrypt_free	(void *ptr);

       Frees the memory	used by	the pointer.

       void mcrypt_perror(int err);

       This function prints a human readable description of the	error 'err' in
       the    stderr.	  The	 err   should	be   a	 value	 returned   by
       mcrypt_generic_init().

       const char* mcrypt_strerror(int err);

       This function returns a human readable description of the error	'err'.
       The err should be a value returned by mcrypt_generic_init().

       int mcrypt_mutex_register ( void	(*mutex_lock)(void) , void (*mutex_un-
       lock)(void) );

       This  function  is  only	 used in multithreaded application and only if
       compiled	with dynamic module loading support. This is actually used in-
       ternally	in libltdl. Except for the dynamic module loading libmcrypt is
       thread safe.

       Some example programs follow here. Compile as "cc prog.c	-lmcrypt",  or
       "cc prog.c -lmcrypt -lltdl" depending on	your installation.  Libltdl is
       used for	opening	dynamic	libraries (modules).

       /* First	example: Encrypts stdin	to stdout using	TWOFISH	with 128 bit key and CFB */

       #include	<mcrypt.h>
       #include	<stdio.h>
       #include	<stdlib.h>
       /* #include <mhash.h> */

       main() {

	 MCRYPT	td;
	 int i;
	 char *key;
	 char password[20];
	 char block_buffer;
	 char *IV;
	 int keysize=16; /* 128	bits */

	 key=calloc(1, keysize);
	 strcpy(password, "A_large_key");

       /* Generate the key using the password */
       /*  mhash_keygen( KEYGEN_MCRYPT,	MHASH_MD5, key,	keysize, NULL, 0, password, strlen(password));
	*/
	 memmove( key, password, strlen(password));

	 td = mcrypt_module_open("twofish", NULL, "cfb", NULL);
	 if (td==MCRYPT_FAILED)	{
	    return 1;
	 }
	 IV = malloc(mcrypt_enc_get_iv_size(td));

       /* Put random data in IV. Note these are	not real random	data,
	* consider using /dev/random or	/dev/urandom.
	*/

	 /*  srand(time(0)); */
	 for (i=0; i< mcrypt_enc_get_iv_size( td); i++)	{
	   IV[i]=rand();
	 }

	 i=mcrypt_generic_init(	td, key, keysize, IV);
	 if (i<0) {
	    mcrypt_perror(i);
	    return 1;
	 }

	 /* Encryption in CFB is performed in bytes */
	 while ( fread (&block_buffer, 1, 1, stdin) == 1 ) {
	     mcrypt_generic (td, &block_buffer,	1);

       /* Comment above	and uncomment this to decrypt */
       /*    mdecrypt_generic (td, &block_buffer, 1);  */

	     fwrite ( &block_buffer, 1,	1, stdout);
	 }

       /* Deinit the encryption	thread,	and unload the module */
	 mcrypt_generic_end(td);

	 return	0;

       }

       /* Second Example: encrypts using CBC and SAFER+	with 192 bits key */

       #include	<mcrypt.h>
       #include	<stdio.h>
       #include	<stdlib.h>

       main() {

	 MCRYPT	td;
	 int i;
	 char *key; /* created using mcrypt_gen_key */
	 char *block_buffer;
	 char *IV;
	 int blocksize;
	 int keysize = 24; /* 192 bits == 24 bytes */

	 key = calloc(1, keysize);
	 strcpy(key, "A_large_and_random_key");

	 td = mcrypt_module_open("saferplus", NULL, "cbc", NULL);

	 blocksize = mcrypt_enc_get_block_size(td);
	 block_buffer =	malloc(blocksize);
       /* but unfortunately this does not fill all the key so the rest bytes are
	* padded with zeros. Try to use	large keys or convert them with	mcrypt_gen_key().
	*/

	 IV=malloc(mcrypt_enc_get_iv_size(td));

       /* Put random data in IV. Note these are	not real random	data,
	* consider using /dev/random or	/dev/urandom.
	*/

       /* srand(time(0)); */
	 for (i=0; i < mcrypt_enc_get_iv_size(td); i++)	{
	   IV[i]=rand();
	 }

	 mcrypt_generic_init( td, key, keysize,	IV);

	 /* Encryption in CBC is performed in blocks */
	 while ( fread (block_buffer, 1, blocksize, stdin) == blocksize	) {
	     mcrypt_generic (td, block_buffer, blocksize);
       /*      mdecrypt_generic	(td, block_buffer, blocksize); */
	     fwrite ( block_buffer, 1, blocksize, stdout);
	 }

       /* deinitialize the encryption thread */
	 mcrypt_generic_deinit (td);

       /* Unload the loaded module */
	 mcrypt_module_close(td);
	 return	0;

       }

       The library does	not install any	signal handler.

       Questions about libmcrypt should	be sent	to:

	      mcrypt-dev@lists.hellug.gr  or, if this fails, to	the author ad-
	      dresses given below.  The	mcrypt home page is:

	      http://mcrypt.hellug.gr

AUTHORS
       Version 2.4 Copyright (C) 1998-1999  Nikos  Mavroyanopoulos  (nmav@hel-
       lug.gr).

       Thanks  to  all	the people who reported	problems and suggested various
       improvements for	mcrypt;	who are	too numerous to	cite here.

				 10 March 2002			     MCRYPT(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=mcrypt&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help