|
The ciphers implemented here are
- DES (the dinosaur)
- IDEA (used by PGP)
- Blowfish
- RC2
- RC4
- Rot (cesar cipher, rot13)
- SAFER (Secure And Fast
Encryption Routine)
The commands to invoke them are identical to the names, converted to
all lowercase. Options common to them all:
| -direction |
Allowed values are ``encrypt'', ``decrypt'' and all
unique abbreviations. Specifies the operation
to be executed in immediate mode or the
operation executed upon write if
attached to a channel.
|
| -key |
The argument to this options specifies the key
to be used by the cipher. The exact
interpretation depends on the value of option
-key-type. Possibilities are:
| data |
The argument immediately contains the
key. This might yield incorrect data under
tcl 7.6, due to embedded \0's.
|
| channel |
The handle of a readable channel.
|
The minimum and maximum number of bytes to be
used/read are cipher dependent and will be
described later.
|
| -key-type |
Possible values are data,
channel and all unique abbreviations
of these. If this option is not given,
data will be used as default.
|
The first 4 ciphers are blockciphers, i.e. they do not encrypt single
characters, but blocks of 2 or more. Such ciphers can be operated in 4
different modes and therefore have additional options defined:
| -mode |
The 4 possible argument values (and modes) are:
| ecb |
electronic codebook
|
| cbc |
cipher block chaining
|
| cfb |
cipher feedback
|
| ofb |
output feedback.
|
Only ``ecb'' neither requires a shift value nor an
initialization vector (see options below). All other
(``stream'') modes require the initialization vector,
the feedback modes additionally need a shift value.
The number of characters buffered internally depends
both on cipher and operation mode. In ``ebc''- and
``cbc''-modes blocksize-1 characters are buffered. The
feedback modes buffer shift-1 characters.
|
| -iv |
The argument to this options specifies the
initialization vector required by the stream modes of
the blockcipher. The exact interpretation depends
on the value of option -iv-type. See option
-key above for an explanation of possibilities
and their meaning. A complete block must be specified.
|
| -iv-type |
See option -key-type above for an
explananation.
|
| -shift |
Only integer numbers are allowed as values to this
option. It defines the number of bytes the feedback
register is shifted to the left after every
encryption. Only positive values not larger than the
blocksize are allowed. They must be a divisor of the
blocksize too!
|
Cipher characteristics:
| Name |
Blocksize (in byte) |
Keysize (in byte) |
| DES |
8 |
8 (without MSB!) |
| IDEA |
8 |
16 |
| Blowfish |
8 |
1-56 |
| Safer |
8 |
8, 16 |
| RC2 |
8 |
1-infinity |
| RC4 |
- |
1-256 |
| Rot |
- |
1 |
The SAFER blockcipher understands 2 additional options:
| -strong-schedule |
The argument is a boolean value. It determines wether a
stronger keyschedule is used or not. Defaults to
no.
|
| -rounds |
The integer argument specifies the number of rounds used
during operation. Must be greater than 0 and smaller than to
14. The default value depends on the chosen keyschedule and
the length of the key:
| Strong schedule |
Keylength |
Default |
|
| 0 |
8 |
6 |
| 0 |
16 |
10 |
| 1 |
8 |
8 |
| 1 |
16 |
10 |
|
|
Seekability. This is a new section required because of the changes
to that part of Trf in the move to 2.0.
- Stream ciphers and blockciphers using the feedback or chaining
modes are unseekable.
- Block ciphers in ECB mode are seekable with ratio n:n, where
n is the size of a single block.
|
