[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Let us see how to encrypt with Emacs?
|
From: |
Jean Louis |
|
Subject: |
Let us see how to encrypt with Emacs? |
|
Date: |
Fri, 09 Jul 2021 10:38:41 +0300 |
I would like to make a simple function where I can encrypt strings
with Emacs. I did not find enough examples in Emacs Lisp manual:
-- Function: gnutls-ciphers
This function returns the alist of the GnuTLS ciphers.
Each entry has a key which represents the cipher, followed by a
plist with internal details about the algorithm. The plist will
have ‘:type gnutls-symmetric-cipher’ and also will have the keys
‘:cipher-aead-capable’ set to ‘nil’ or ‘t’ to indicate AEAD
capability; and ‘:cipher-tagsize’ ‘:cipher-blocksize’
‘:cipher-keysize’ ‘:cipher-ivsize’ to indicate the size, in bytes,
of the tag, block size of the resulting data, the key, and the IV
respectively.
(gnutls-ciphers) gives among other cipers this example:
(CHACHA20-64 :cipher-id 35 :type gnutls-symmetric-cipher
:cipher-aead-capable nil :cipher-tagsize 0 :cipher-blocksize 64
:cipher-keysize 32 :cipher-ivsize 16)
So let us say I wish to use CHACHA20-64 cipher.
-- Function: gnutls-symmetric-encrypt cipher key iv input &optional
aead_auth
The CIPHER can be the whole plist from ‘gnutls-ciphers’, or just
the symbol key, or a string with the name of that symbol.
The KEY can be specified as a buffer or string or in other ways
(*note Format of GnuTLS Cryptography Inputs::). The KEY will be
wiped after use if it’s a string.
The IV and INPUT and the optional AEAD_AUTH can be specified as a
buffer or string or in other ways (*note Format of GnuTLS
Cryptography Inputs::).
AEAD_AUTH is only checked with AEAD ciphers, that is, ciphers whose
plist has ‘:cipher-aead-capable t’. Otherwise it’s ignored.
This function returns ‘nil’ on error, and signals a Lisp error if
the CIPHER or KEY, IV, or INPUT are invalid, or if AEAD_AUTH was
specified with an AEAD cipher and was invalid.
On success, it returns a list of a binary string (the output) and
the IV used.
As from:
(info "(elisp) Format of GnuTLS Cryptography Inputs") I am not
getting how to invoke function (iv-auto 16), does anybody knows
how to do that?
I was thinking something like this:
(gnutls-symmetric-encrypt "CHACHA20-64" "MyPassword987" (make-string 16 (random
100)) "Text to encrypt")
but error is:
(error "GnuTLS cipher CHACHA20-64/encrypt key length 13 is not equal to the
required 32")
which is somehow clear, so maybe I could use the function `string-pad':
(gnutls-symmetric-encrypt "CHACHA20-64" (string-pad "MyPassword987" 32)
(make-string 16 (random 100)) "Text to encrypt")
then I get error:
(error "GnuTLS cipher CHACHA20-64/encrypt input block length 15 is not a
multiple of the required 64")
and try to remedy it with some result, that is vague, as text
longer than 64 I would not know how to chunk and what is expected
from me:
(gnutls-symmetric-encrypt "CHACHA20-64" (string-pad "MyPassword987" 32)
(make-string 16 (random 100)) (string-pad "Text to encrypt" 64)) ⇒
("woEB\351�Q�e\262�6Hn\360\211\332g\336\331@\357\327\246n\326XL\344\334=\305�\307\232\360\277�\301\253\215\3108�\202�'�\232\301\234\373\234\364\344\276ws\355��YJQ"
"****************")
(setq encrypted (gnutls-symmetric-encrypt "CHACHA20-64" (string-pad
"MyPassword987" 32) (make-string 16 (random 100)) (string-pad "Text to encrypt"
64)))
And I can decrypt it:
(car (gnutls-symmetric-decrypt "CHACHA20-64" (string-pad "MyPassword987" 32)
(cadr encrypted) (car encrypted))) ⇒ "Text to encrypt
"
but that is not well integrated for practical encryption as I
have to employ padding even for string to be encrypted, and
chunking of string to 64 bytes.
So I would like to use this input, but I do not understand and
cannot get example how to usei t, and I did review md5 and
secure-hash functions and still... I need help.
33.27.1 Format of GnuTLS Cryptography Inputs
--------------------------------------------
The inputs to GnuTLS cryptographic functions can be specified in several
ways, both as primitive Emacs Lisp types or as lists.
The list form is currently similar to how ‘md5’ and ‘secure-hash’
operate.
‘BUFFER’
Simply passing a buffer as input means the whole buffer should be
used.
‘STRING’
A string as input will be used directly. It may be modified by the
function (unlike most other Emacs Lisp functions) to reduce the
chance of exposing sensitive data after the function does its work.
I am trying to use list with STRING as following and that does not work:
(gnutls-symmetric-encrypt "CHACHA20-64" (string-pad "MyPassword987" 32)
(make-string 16 (random 100)) '(STRING "Text to encrypt"))
I am just guessing that as explained in (info "(elisp) Format of
GnuTLS Cryptography Inputs") that such input with STRING in the
list would automaticall chunk the string how it is necessary.
I need confirmation on that as to construct more practical
function for my neeeds.
Jean
Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns
In support of Richard M. Stallman
https://stallmansupport.org/
- Let us see how to encrypt with Emacs?,
Jean Louis <=
Re: Let us see how to encrypt with Emacs?, Jean Louis, 2021/07/09