Diff

Differences From Artifact [b0e27f9e6f]:

To Artifact [c88e8b2743]:


120
121
122
123
124
125
126
127
128


129
130
131
132
133
134
135
136
137



138
139
140
141
142
143
144
120
121
122
123
124
125
126


127
128
129
130
131
132
133
134



135
136
137
138
139
140
141
142
143
144







-
-
+
+






-
-
-
+
+
+








<dl>
    <dt><a name="-iv"><strong>-iv</strong> <em>string</em></a></dt>
    <dd>Initialization vector (IV) to use. Required for some ciphers and GMAC.
    Cipher modes CBC, CFB, OFB and CTR all need an IV while ECB mode does not.
    A new, random IV should be created for each use. Think of the IV as a nonce
    (number used once), it's public but random and unpredictable. See the
   <a href="#tls::cipher"><b>tls::cipher</b></a> command for iv size and
    when required.</dd>
   <a href="#tls::cipher"><b>tls::cipher</b></a> for iv_length and
    when required (length > 0). If not set, it will default to \x00 fill data.</dd>
</dl>

<dl>
    <dt><a name="-key"><strong>-key</strong> <em>string</em></a></dt>
    <dd>Encryption key to use for cryptography function. Can be a binary or
    text string. Longer keys provide better protection. Used by ciphers, HMAC,
    some CMAC, and some KDF implementations. Key lengths less than <b>key_length</b>
    size may be padded or rejected. See the
    <a href="#tls::cipher"><b>tls::cipher</b></a> command for key size.</dd>
    some CMAC, and some KDF implementations. If the length of the key is &lt;
    <b>key_length</b> it will be padded. If &gt; key_length, it will be rejected.
    See the <a href="#tls::cipher"><b>tls::cipher</b></a> for key_length.</dd>
</dl>

<dl>
    <dt><a name="-mac"><strong>-mac</strong> <em>name</em></a></dt>
    <dd>Name of Message Authentication Code (MAC) to use.
    See <a href="#tls::mac"><b>tls::macs</b></a> for the valid values.</dd>
</dl>
285
286
287
288
289
290
291
292


293
294
295
296
297
298
299
285
286
287
288
289
290
291

292
293
294
295
296
297
298
299
300







-
+
+







<dl>

<h4>Info Commands</h4>

    <dt><a name="tls::cipher"><strong>tls::cipher</strong> <em>name</em></a></dt>
    <dd>Return a list of property names and values describing cipher
	<i>name</i>. Properties include name, description, block_size,
	key_length, iv_length, type, and mode list.</dd>
	key_length, iv_length, type, and mode list. If block-size is 1,
	then it's a stream cipher, otherwise it's a block cipher.</dd>

    <dt><a name="tls::ciphers"><strong>tls::ciphers</strong>
    <em>?protocol? ?verbose? ?supported?</em></a></dt>
    <dd>Without any args, returns a list of all symmetric ciphers for use with
	the <a href="#-cipher"><b>-cipher</b></a> option. With <em>protocol</em>,
	only the ciphers supported for that protocol are returned. See
	<b>tls::protocols</b> command for the supported protocols. If
392
393
394
395
396
397
398
399

400
401
402
403
404
405
406
407
408
409
410
411

412
413
414
415
416
417
418
393
394
395
396
397
398
399

400
401
402
403
404
405
406
407
408
409
410
411

412
413
414
415
416
417
418
419







-
+











-
+







    <dd>Removes the top level cryptographic transform from channel <em>channelId</em>.</dd>

<br>

<h4>Encryption and Decryption Commands</h4>

    <dt><a name="tls::encrypt"><strong>tls::encrypt</strong>
	<b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?</em><b>-iv</b> <em>string?
	<em>?</em><b>-cipher</b><em>? name</em> <b>-key</b> <em>key ?</em><b>-iv</b> <em>string?
	[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
	<b>-infile</b> <em>filename</em> <b>-outfile</b> <em>filename |</em>
	<b>-data</b><em> data]</em></a></dt>
    <dd>Encrypt the data using cipher <em>cipher</em> and output the result per
	the I/O options. Ciphers are used to create the cipher text from the
	input data. See <a href="#OPTIONS"><b>options</b></a> for usage
	info. Option <b>-iv</b> is only used for some ciphers. See the
	&quot;<b>tls::cipher</b> <em>cipher</em>&quot; command for key and iv
	sizes and when the iv is used (iv_length &gt; 0).</dd>

    <dt><a name="tls::decrypt"><strong>tls::decrypt</strong>
	<b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?</em><b>-iv</b> <em>string?
	<em>?</em><b>-cipher</b><em>? name</em> <b>-key</b> <em>key ?</em><b>-iv</b> <em>string?
	[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
	<b>-infile</b> <em>filename</em> <b>-outfile</b> <em>filename |</em>
	<b>-data</b><em> data]</em></a></dt>
    <dd>Decrypt the data using cipher <em>cipher</em> and output the result per
	the I/O options. This command is the opposite of the <b>tls::encrypt</b>
	command. See <a href="#OPTIONS"><b>options</b></a> for usage
	info. Option <b>-iv</b> is only used for some ciphers. See the