A GcryptCipher object represents gcypt symmetric cipher in Lua.
The cipher functions are used for symmetrical cryptography, i.e. cryptography using a shared key. The programming model follows an open/process/close paradigm and is in that similar to other building blocks provided by Libgcrypt.
There is an example after the GcryptCipher.authenticate function.
Creates a new GcryptCipher object.
This object uses the symmetric cipher functions to encrypt or decrypt data.
local cipher = GcryptCipher.open(GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0)
The new GcryptCipher object.
local cipher = GcryptCipher.open(GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0)
-- CFB mode syncronization
cipher:ctl(GCRYCTL_CFB_SYNC, ByteArray.new())
-- enabling CBC-MAC mode
cipher:ctl(GCRYCTL_SET_CBC_MAC, ByteArray.new())
ByteArray as buffer and buffer length.
Retrieve various information about the cipher object H.
local cipher = GcryptCipher.open(GCRY_CIPHER_AES, GCRY_CIPHER_MODE_GCM, 0)
-- Get the tag length of GCM.
local userdata, nbytes = cipher:info(GCRYCTL_GET_TAGLEN, NULL, 1)
print("Tag length: " .. tostring(nbytes))
Encrypt the plaintext of size INLEN in IN using the cipher handle H
into the buffer OUT which has an allocated length of OUTSIZE. For
most algorithms it is possible to pass NULL for in and do a in-place
encryption of the data returned in a ByteArray.
local cipher = GcryptCipher.open(GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0)
cipher:setkey(ByteArray.new("abcdefabcdef1234abcdefabcdef1234"))
local encrypted = cipher:encrypt(NULL, ByteArray.new("000102030405060708090a0b0c0d0e0f"))
print("Encrypted: " .. encrypted:tohex())
-- in place encryption
cipher:ctl(GCRYCTL_RESET, ByteArray.new())
local data = ByteArray.new("000102030405060708090a0b0c0d0e0f")
cipher:encrypt(data)
print("In-place encrypted: " .. data:tohex())
ByteArray with data for in-place encryption or NULL
ByteArray with data or NULL
local cipher = GcryptCipher.open(GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0)
cipher:setkey(ByteArray.new("abcdefabcdef1234abcdefabcdef1234"))
local decrypted = cipher:decrypt(NULL, ByteArray.new("E27FC30A38E17B6BB7E67AFF2800792F"))
print("Decrypted: " .. decrypted:tohex())
-- in place decryption
cipher:ctl(GCRYCTL_RESET, ByteArray.new())
local data = ByteArray.new("E27FC30A38E17B6BB7E67AFF2800792F")
cipher:decrypt(data)
print("In-place decrypted: " .. data:tohex())
ByteArray with data for in-place decryption or NULL
ByteArray with data or NULL
local cipher = GcryptCipher.open(GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0)
cipher:setkey(ByteArray.new("abcdefabcdef1234abcdefabcdef1234"))
ByteArray as buffer and buffer length.
Set initialization vector IV of length IVLEN for the cipher handle HD.
local cipher = GcryptCipher.open(GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0)
cipher:setiv(ByteArray.new("abcdefabcdef1234abcdefabcdef1234"))
ByteArray as buffer and buffer length.
Provide additional authentication data for AEAD modes/ciphers.
local cipher_encrypt = GcryptCipher.open(GCRY_CIPHER_AES, GCRY_CIPHER_MODE_GCM, 0)
cipher_encrypt:setkey(ByteArray.new("abcdefabcdef1234abcdefabcdef1234"))
cipher_encrypt:setiv(ByteArray.new("01020304050607080102030405060708"))
local cipher_decrypt = GcryptCipher.open(GCRY_CIPHER_AES, GCRY_CIPHER_MODE_GCM, 0)
cipher_decrypt:setkey(ByteArray.new("abcdefabcdef1234abcdefabcdef1234"))
cipher_decrypt:setiv(ByteArray.new("01020304050607080102030405060708"))
print("Plain data: " .. ByteArray.new("000102030405060708090a0b0c0d0e0f"):tohex())
cipher_encrypt:authenticate(ByteArray.new("55667788"))
local encrypted = cipher_encrypt:encrypt(NULL,
ByteArray.new("000102030405060708090a0b0c0d0e0f"))
local tag = cipher_encrypt:gettag()
print("Encrypted data: " .. encrypted:tohex())
print("Tag: " .. tag:tohex())
cipher_decrypt:authenticate(ByteArray.new("55667788"))
local decrypted = cipher_decrypt:decrypt(NULL, encrypted)
local result, errstring = cipher_decrypt:checktag(tag)
if (result == 0) then
print("Message ok!")
print("Decrypted data: " .. decrypted:tohex())
else
print("Manipulated message: " .. errstring)
end
ByteArray as authentication data.
Check authentication tag for AEAD modes/ciphers.
ByteArray as authentication tag to check.
Set counter for CTR mode. (CTR,CTRLEN) must denote a buffer of block size length, or (NULL,0) to set the CTR to the all-zero block.
local cipher = GcryptCipher.open(GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0)
cipher:setctr(ByteArray.new("000102030405060708090A0B0C0D0E0F"), 16)
ByteArray with ctr or NULL
Retrieve various information about the cipher algorithm ALGO.
local userdata, nbytes = gcry_cipher_algo_info(GCRY_CIPHER_AES, GCRYCTL_GET_KEYLEN, NULL, 0)
print("Key length: " .. nbytes)
local userdata, nbytes = gcry_cipher_algo_info(GCRY_CIPHER_AES, GCRYCTL_GET_BLKLEN, NULL, 0)
print("Block length: " .. nbytes)
local status = gcry_cipher_algo_info(GCRY_CIPHER_AES, GCRYCTL_TEST_ALGO)
if (status == 0) then
print("GCRY_CIPHER_AES - Supported.")
else
print("GCRY_CIPHER_AES - Not supported.")
end
Map the cipher algorithm whose ID is contained in ALGORITHM to a string representation of the algorithm name. For unknown algorithm IDs this function returns "?".
local name = gcry_cipher_algo_name(GCRY_CIPHER_AES)
print(name)
Map the algorithm name NAME to an cipher algorithm ID. Return 0 if the algorithm name is not known.
local id = gcry_cipher_map_name("AES")
print(id)
Given an ASN.1 object identifier in standard IETF dotted decimal format in STRING, return the encryption mode associated with that OID or 0 if not known or applicable.
local mode = gcry_cipher_mode_from_oid("2.16.840.1.101.3.4.1.2")
-- reurned value 3 means GCRY_CIPHER_MODE_CBC
print(mode)
Retrieve the key length in bytes used with algorithm A.
local length = gcry_cipher_get_algo_keylen(GCRY_CIPHER_AES)
print(length)
Retrieve the block length in bytes used with algorithm A.