1 Introduction to the Crypto Library (2024)

1Introduction to the Crypto Library

Cryptography is not security. It is a tool that may be used in somecases to achieve security goals.

This library is not a turn-key solution to security. It is a libraryof low-level cryptographic operations—or, in other words, justenough rope for the unwary to hang themselves.

This manual assumes that you already know to use the cryptographicoperations properly. Every operation has conditions that must besatisfied for the operation’s security properties to hold; they arenot always well-advertised in documentation or literature, and theyare sometimes revised as new weaknesses or attacks arediscovered. Aside from the occasional off-hand comment, this manualdoes not discuss them at all. You are on your own.

1.1Cryptography Examples

In order to use a cryptographic operation, you need an implementationof it from a crypto provider. Implementations are managed throughcrypto factories. This introduction will use the factory for libcrypto(OpenSSL), since it is widely available and supports many usefulcryptographic operations. See Cryptography Factories for other cryptoproviders.

> (requirecrypto)
> (requirecrypto/libcrypto)

You can configure this library with a “search path” of cryptofactories:

> (crypto-factories(listlibcrypto-factory))

That allows you to perform an operation by providing a cryptoalgorithm specifier, which is automatically resolved to animplementation using the factories in (crypto-factories). Forexample, to compute a message digest, call the digestfunction with the name of the digest algorithm:

> (digest'sha1"Hello world!")
#"\323Hj\351\23nxV\274B!#\205\352yp\224GX\2"

Or, if you prefer, you can obtain an algorithm implementationexplicitly:

> (definesha1-impl(get-digest'sha1libcrypto-factory))
> (digestsha1-impl"Hello world!")
#"\323Hj\351\23nxV\274B!#\205\352yp\224GX\2"

To encrypt using a symmetric cipher, call the encryptfunction with a cipher specifier consisting of the name of the cipherand the cipher mode (see cipher-spec? for details).

> (defineskey#"VeryVerySecr3t!!")
> (defineiv(make-bytes(cipher-iv-size'(aesctr))0))
> (encrypt'(aesctr)skeyiv"Hello world!")
#"wu\345\215\e\16\256\355.\242\30x"

Of course, using an all-zero IV is usually a very bad idea. You cangenerate a random IV of the right size (if a random IV isappropriate), or you can get the IV size and construct one yourself:

> (defineiv(generate-cipher-iv'(aesctr)))
> iv
#"\351\256\17\\f\3505l\227\235\17\0007\376\vu"
> (cipher-iv-size'(aesctr))
16

There are also functions to generate session keys, HMAC keys,etc. These functions use crypto-random-bytes, acryptographically strong source of randomness.

When an authenticated encryption (AEAD) cipher, such asAES-GCM, is used with encrypt or decrypt, theauthentication tag is automatically appended to (or taken from) theend of the cipher text, respectively. AEAD ciphers also supportadditionally authenticated data, passed with the #:aadkeyword.

> (definekey(generate-cipher-key'(aesgcm)))
> (defineiv(generate-cipher-iv'(aesgcm)))
> (definect(encrypt'(aesgcm)keyiv#"Nevermore!"#:aad#"quoth the raven"))
> (decrypt'(aesgcm)keyivct#:aad#"quoth the raven")
#"Nevermore!"

If authentication fails at the end of decryption, an exception israised:

> (decrypt'(aesgcm)keyivct#:aad#"said the bird")
decrypt: authenticated decryption failed

In addition to “all-at-once” operations like digest andencrypt, this library also supports algorithm contexts forincremental computation.

> (definesha1-ctx(make-digest-ctx'sha1))
> (digest-updatesha1-ctx#"Hello ")
> (digest-updatesha1-ctx#"world!")
> (digest-finalsha1-ctx)
#"\323Hj\351\23nxV\274B!#\205\352yp\224GX\2"

1.2Public-Key Cryptography Examples

Public-key (PK) cryptography uses keypairs consisting of public andprivate keys. A keypair can be generated by callinggenerate-private-key with the desired PK cryptosystem and anassociation list of key-generation options. The private key consistsof the whole keypair—both private and public components. A keycontaining only the public components can be obtained with thepk-key->public-only-key function.

> (definersa-impl(get-pk'rsalibcrypto-factory))
> (defineprivkey(generate-private-keyrsa-impl'((nbits512))))
> (definepubkey(pk-key->public-only-keyprivkey))

RSA keys support both signing and encryption. Other PK cryptosystemsmay support different operations; for example, DSA supports signingbut not encryption, and DH only supports key agreement.

PK signature algorithms are limited in the amount of data they cansign directly, so the message is first processed with a digestfunction, then the digest is signed. The digest/sign anddigest/verify functions compute the digest automatically. Theprivate key signs, and the public key verifies.

> (definesig(digest/signprivkey'sha1"Hello world!"))
> (digest/verifypubkey'sha1"Hello world!"sig)
#t
> (digest/verifypubkey'sha1"Transfer $100"sig)
#f

It is also possible to sign a precomputed digest. The digest algorithmis still required as an argument, because some signature schemes include adigest algorithm identifier.

> (definedgst(digest'sha1"Hello world!"))
> (definesig(pk-sign-digestprivkey'sha1dgst))
> (pk-verify-digestpubkey'sha1(digest'sha1"Hello world!")sig)
#t
> (pk-verify-digestpubkey'sha1(digest'sha1"Transfer $100")sig)
#f

Encryption is similar, except that the public key encrypts, and theprivate key decrypts.

> (defineskey#"VeryVerySecr3t!!")
> (definee-skey(pk-encryptpubkeyskey))
> (pk-decryptprivkeye-skey)
#"VeryVerySecr3t!!"

The other PK operation is key agreement, or shared secretderivation. Two parties exchange public keys, and each party usestheir own private key together with their peer’s public key to derivea shared secret.

For additional examples, see the crypto/examples directory(online here).

topcontents← prev up next →

1 Introduction to the Crypto Library (2024)

FAQs

What was the result of the attempt to make DES more secure so that it could be used for longer THM? ›

#2 What was the result of the attempt to make DES more secure so that it could be used for longer? The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks.

Read On ›

What is the use of cryptography library? ›

It is a tool that may be used in some cases to achieve security goals. This library is not a turn-key solution to security. It is a library of low-level cryptographic operations—or, in other words, just enough rope for the unwary to hang themselves.

Discover More Details ›

What was the attempt to make DES more secure? ›

3DES was developed as a more secure alternative because of DES's small key length. In 3DES, the DES algorithm is run through three times with three keys; however, it is only considered secure if three separate keys are used.

Which encryption algorithm is used in ethereum? ›

Ethereum uses the Keccak-256 cryptographic hash function in many places.

See Details ›

Why is DES not secure today? ›

DES is insecure due to the relatively short 56-bit key size. In January 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see § Chronology).

Find Out More ›

Why is DES encryption no longer used? ›

As deprecated standards, both the DES and 3DES algorithms and key lengths could still be used. However, users must accept that there is a security risk in using the deprecated algorithm and key length and that the risk will increase over time. DES is no longer trusted for encrypting sensitive data.

Tell Me More ›

Where is cryptography used in daily life? ›

'Cryptography in everyday life' contains a range of situations where the use of cryptography facilitates the provision of a secure service: cash withdrawal from an ATM, Pay TV, email and file storage using Pretty Good Privacy (PGP) freeware, secure web browsing, and use of a GSM mobile phone.

Show Me More ›

What are the four purposes of cryptography? ›

Cryptography has four major goals: confidentiality, integrity, authentication, and non-repudiation.

Explore More ›

What is cryptography and how we benefit from it? ›

Cryptography is the use of coding to secure computer networks, online systems, and digital data. It is a concept whose endgame is to keep vital information that is subject to potential data breaches safe and confidential.

Who cracked the DES algorithm? ›

In 1998, the EFF built Deep Crack (named in reference to IBM's Deep Blue chess computer) for less than $250,000. In response to DES Challenge II-2, on July 15, 1998, Deep Crack decrypted a DES-encrypted message after only 56 hours of work, winning $10,000.

Show Me More ›

Can quantum computers break AES 256? ›

AES 256 is Quantum-Resistant, Capable of Withstanding Brute-Force Attack By QuSecure, Inc. The National Institute of Standards and Technology (NIST) has yet to announce its final list of post-quantum security algorithms and encryption schemes designed to resist quantum computer attacks.

Read The Full Story ›

What blocks does DES encrypt? ›

DES is a block cipher and encrypts data in blocks of size of 64 bits each, which means 64 bits of plain text go as the input to DES, which produces 64 bits of ciphertext. The same algorithm and key are used for encryption and decryption, with minor differences. The key length is 56 bits.

See Details ›

What is the secret key in Ethereum? ›

Your private key is what you use to sign transactions, so it grants you custody over the funds associated with your account. You never really hold cryptocurrency, you hold private keys – the funds are always on Ethereum's ledger.

Get More Info Here ›

What is the math behind Ethereum? ›

An Ethereum public key is a set of x and y coordinates on an elliptic curve that satisfy the elliptic curve equation. It is derived from two numbers that are generated from the private key using elliptic curve multiplication.

What is the private key of Ethereum wallet? ›

Ethereum private key is a 32 bytes/256 bits data often represented as a 64 hexadecimal character string. Theoretically, any string can be used as a private key. Most wallets and blockchains support generating private keys from seed/mnemonic phrases, which are first defined in BIP-32, BIP-39, and BIP-44.

How does Triple DES improve the security of DES? ›

Triple DES provides a relatively simple method of increasing the key size of DES to protect against such attacks, without the need to design a completely new block cipher algorithm. bits of key. Each triple encryption encrypts one block of 64 bits of data.

View Details ›

What is the principle reason DES 56-bit is no longer considered secure? ›

DES by itself is a fairly quick algorithm, but its standard 56-bit key is too small to be practical anymore (a 56-bit key can be broken using brute force methods over a distributed network in very little time). Triple-DES, or 3DES, uses 3 56-bit keys to achieve a higher level of security, and is more standard today.

What are the advantages of DES in network security? ›

Advantage of DES

DES has been around a long time (since 1977), even no actual weaknesses have been discovered and the most effective attack is still brute force.
DES is an official United States Government standard. ...
DES is also an ANSI and ISO standard.

More items...

Mar 15, 2022

Learn More ›

What is the primary advantage of the DES encryption algorithm? ›

What is the primary advantage of the DES encryption algorithm? It is relatively fast. What size key does the DES algorithm use? What type of encryption uses a different key to encrypt the message than it uses to decrypt the message?

Discover More Details ›