This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
To: sfpug@sf.pm.org From: Vicki Brown <vlb@cfcl.com> Subject: [sf-perl] Recommended good, simple encryption Date: Mon, 1 Apr 2002 18:02:21 -0800 I want a simple key-based encryption system. Very simple. I want to say "encrypt with this key; decrypt with that key". Frankly, since the key will be stored in a CGI script, I'd be perfectly happy if it was the same key. The idea is to encrypt some of the elements that will be placed in a URL (HREF) on a Web page so that the user can't trivially save the page source, modify the data, and issue a different URL. Yes, I looked in CPAN. There are myriad choices in CPAN. I'm looking for a recommendation from someone who has used one of these... I want something that is simple to install and easy to use. The more pieces it requires, the more difficult it will be to "sell" to the people who maintain the site. === To: sfpug@sf.pm.org From: David Fetter <david@fetter.org> Subject: Re: [sf-perl] Recommended good, simple encryption Date: Mon, 1 Apr 2002 18:40:56 -0800 On Mon, Apr 01, 2002 at 06:02:21PM -0800, Vicki Brown wrote: > I want a simple key-based encryption system. Very simple. > > I want to say "encrypt with this key; decrypt with that key". > Frankly, since the key will be stored in a CGI script, I'd be > perfectly happy if it was the same key. Use two rounds of rot13 ;) === To: sfpug@sf.pm.org From: Chris Palmer <chris@nodewarrior.org> Subject: Re: [sf-perl] Recommended good, simple encryption Date: Mon, 1 Apr 2002 19:25:19 -0800 On Monday, April 1, 2002, at 06:02 , Vicki Brown wrote: > I want a simple key-based encryption system. Very simple. > > I want to say "encrypt with this key; decrypt with that key". Frankly, > since > the key will be stored in a CGI script, I'd be perfectly happy if it was > the > same key. > > The idea is to encrypt some of the elements that will be placed in a URL > (HREF) on a Web page so that the user can't trivially save the page > source, > modify the data, and issue a different URL. > > Yes, I looked in CPAN. There are myriad choices in CPAN. I'm looking for > a > recommendation from someone who has used one of these... I want something > that is simple to install and easy to use. The more pieces it requires, > the > more difficult it will be to "sell" to the people who maintain the site. I have used HCE (http://search.cpan.org/search?mode=module&query=hce) for a similar purpose, to good effect. Good luck! === To: sfpug@sf.pm.org From: Gavin Jefferies <gj262@yahoo.com> Subject: Re: [sf-perl] Recommended good, simple encryption Date: 01 Apr 2002 21:23:28 -0800 Chris Palmer <chris@nodewarrior.org> writes: > On Monday, April 1, 2002, at 06:02 , Vicki Brown wrote: > > > I want a simple key-based encryption system. Very simple. > > > > I want to say "encrypt with this key; decrypt with that key". > > Frankly, since > > the key will be stored in a CGI script, I'd be perfectly happy if it > > was the > > same key. > > > > The idea is to encrypt some of the elements that will be placed in a URL > > (HREF) on a Web page so that the user can't trivially save the page > > source, > > modify the data, and issue a different URL. > > > > Yes, I looked in CPAN. There are myriad choices in CPAN. I'm > > looking for a > > recommendation from someone who has used one of these... I want something > > that is simple to install and easy to use. The more pieces it > > requires, the > > more difficult it will be to "sell" to the people who maintain the site. > > I have used HCE (http://search.cpan.org/search?mode=module&query=hce) > for a similar purpose, to good effect. Good luck! And _I_ have used Crypt::Blowfish also to good affect. One handy thing is the pure perl version if you have customers adverse to a bit of compilation. http://search.cpan.org/search?mode=module&query=blowfish >From the Manpage: encrypt my $cipher = new Crypt::Blowfish $key; my $ciphertext = $cipher->encrypt($plaintext); This function encrypts $plaintext and returns the $ciphertext where $plaintext and $ciphertext should be of `blocksize()' bytes. decrypt my $cipher = new Crypt::Blowfish $key; my $plaintext = $cipher->decrypt($ciphertext); This function decrypts $ciphertext and returns the $plaintext where $plaintext and $ciphertext should be of `blocksize()' bytes. === To: sfpug@sf.pm.org From: Benjamin Trott <ben@rhumba.pair.com> Subject: Re: [sf-perl] Recommended good, simple encryption Date: Mon, 1 Apr 2002 22:02:29 -0800 > Yes, I looked in CPAN. There are myriad choices in CPAN. I'm looking > for a > recommendation from someone who has used one of these... I want > something > that is simple to install and easy to use. The more pieces it requires, > the > more difficult it will be to "sell" to the people who maintain the site. I rather like Crypt::CAST5_PP, or Crypt::Blowfish_PP. Both CAST5 and Blowfish are solid encryption algorithms, and the benefit of the _PP modules is that they are pure Perl, which simplifies installation and maintenance. You'd probably want to use either of these along with Crypt::CBC, which is also pure Perl. CAST5 and Blowfish are both symmetric crypto algorithms, so they use the same key for encryption and decryption. ===