Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
MCRYPT(3)		   Library Functions Manual		     MCRYPT(3)

NAME
       libmcrypt - encryption/decryption library

SYNOPSIS
       [see also mcrypt.h for more information]

DESCRIPTION
       The libmcrypt is	a data encryption library.  The	library	is thread safe
       and provides encryption and decryption functions.  This version of  the
       library	supports many encryption algorithms and	encryption modes. Some
       algorithms which	are supported: SERPENT,	RIJNDAEL, 3DES,	GOST,  SAFER+,
       CAST-256, RC2, XTEA, 3WAY, TWOFISH, BLOWFISH, ARCFOUR, WAKE and more.

       OFB, CBC, ECB, nOFB, nCFB and CFB are the modes that all	algorithms may
       function.  ECB, CBC, encrypt in blocks but CTR, nCFB, nOFB, CFB and OFB
       in  bytes (streams).  Note that CFB and OFB in the rest of the document
       represent the "8bit CFB or OFB" mode.  nOFB and nCFB modes represents a
       n-bit  OFB/CFB mode, n is used to represent the algorithm's block size.
       The library supports an extra STREAM mode to include some stream	 algo-
       rithms like WAKE	or ARCFOUR.

       In  this	 version  of the library all modes and algorithms are modular,
       which means that	the algorithm and the  mode  is	 loaded	 at  run-time.
       This way	you can	add algorithms and modes faster, and much easier.

       LibMcrypt includes the following	symmetric (block) algorithms:

       DES: The	traditional DES	algorithm designed by IBM and US NSA.  Uses 56
       bit key and 64 bit block. It is now considered a	weak algorithm,	due to
       its  small  key	size  (it  was	never intended for use with classified
       data).

       3DES or Triple DES: DES but with	multiple (triple) encryption.  It  en-
       crypts  the  plaintext  once, then decrypts it with the second key, and
       encrypts	it again with the third	key (outer cbc	mode  used  for	 cbc).
       Much  better  than traditional DES since	the key	is now 168 bits	(actu-
       ally the	effective key length is	112 bits due to	the meet-in-the-middle
       attack).

       CAST-128:  CAST	was  designed in Canada	by Carlisle Adams and Stafford
       Tavares.	 The original algorithm	used a 64bit key and block. The	 algo-
       rithm  here  is CAST-128	(also called CAST5) which has a	128bit key and
       64bit block size.

       CAST-256: CAST-256 was designed by Carlisle Adams. It  is  a  symmetric
       cipher  designed	in accordance with the CAST design procedure. It is an
       extention of the	CAST-128, having a 128 bit block size, and up  to  256
       bit key size.

       xTEA: TEA stands	for the	Tiny Encryption	Algorithm. It is a feistel ci-
       pher designed by	David Wheeler &	Roger M. Needham.   The	 original  TEA
       was  intended  for use in applications where code size is at a premium,
       or where	it is necessary	for someone to remember	the algorithm and code
       it on an	arbitrary machine at a later time.  The	algorithm used here is
       extended	TEA and	has a 128bit key size and 64bit	block size.

       3-WAY: The 3way algorithm designed by Joan  Daemen.  It	uses  key  and
       block size of 96	bits.

       SKIPJACK:  SKIPJACK was designed	by the US NSA. It was part of the ill-
       fated "Clipper" Escrowed	Encryption Standard (EES) (FIPS	185) proposal.
       It operates on 64bit blocks and uses a key of 80	bits. SKIPJACK is pro-
       vided only as an	extra module to	libmcrypt.

       BLOWFISH: The Blowfish algorithm	designed by Bruce Schneier. It is bet-
       ter and faster than DES.	It can use a key up to 448 bits.

       TWOFISH:	 Twofish  was  designed	 by Bruce Schneier, Doug Whiting, John
       Kelsey, Chris Hall, David Wagner	for Counterpane	systems.  Intended  to
       be  highly  secure and highly flexible. It uses a 128bit	block size and
       128,192,256 bit key size.  (Twofish is the default algorithm)

       LOKI97: LOKI97 was designed by Lawrie Brown and Josef Pieprzyk. It  has
       a 128-bit block length and a 256bit key schedule, which can be initial-
       ized using 128, 192 or 256 bit keys. It has evolved  from  the  earlier
       LOKI89  and LOKI91 64-bit block ciphers,	with a strengthened key	sched-
       ule and a larger	keyspace.

       RC2: RC2	(RC stands for Rivest Cipher) was designed by Ron  Rivest.  It
       uses block size of 64 bit and a key size	from 8 to 1024 bits. It	is op-
       timized for 16bit microprocessors (reflecting its age). It is described
       in the RFC2268.

       ARCFOUR:	 RC4  was designed by Ron Rivest. For several years this algo-
       rithm was considered a trade secret and details were not	available.  In
       September  1994 someone posted the source code in the cypherpunks mail-
       ing list. Although the source code is now available RC4 is  trademarked
       by  RSADSI  so  a  compatible  cipher  named ARCFOUR is included	in the
       mcrypt distribution. It is a stream cipher and has  a  maximum  key  of
       2048 bits.

       RC6:  RC6  was  designed	 by Ron	Rivest for RSA labs. In	mcrypt it uses
       block size of 128 bit and a key size of 128/192/256 bits.  Refer	to RSA
       Labs and	Ron Rivest for any copyright, patent or	license	issues for the
       RC6 algorithm. RC6 is provided only as an extra module to libmcrypt.

       RIJNDAEL: Rijndael is a block cipher, designed by Joan Daemen and  Vin-
       cent  Rijmen,  and  was approved	for the	USA's NIST Advanced Encryption
       Standard, FIPS-197.  The	cipher has a variable  block  length  and  key
       length. Rijndael	can be implemented very	efficiently on a wide range of
       processors and in hardware. The design of Rijndael was strongly	influ-
       enced by	the design of the block	cipher Square.	There exist three ver-
       sions of	this algorithm,	namely:	RIJNDAEL-128 (the AES winner) ,	 RIJN-
       DAEL-192	 ,  RIJNDAEL-256  The  numerals	128, 192 and 256 stand for the
       length of the block size.

       MARS: MARS is a 128-bit block cipher designed by	IBM as a candidate for
       the  Advanced  Encryption  Standard.  Refer  to	IBM for	any copyright,
       patent or license issues	for the	MARS algorithm.	MARS is	provided  only
       as an extra module to libmcrypt.

       PANAMA:	PANAMA	is  a  cryptographic module that can be	used both as a
       cryptographic hash function and as a stream cipher. It designed by Joan
       Daemen and Craig	Clapp. PANAMA (the stream cipher) is included in libm-
       crypt.

       WAKE: WAKE stands for Word Auto Key Encryption, and  is	an  encryption
       system  for  medium  speed  encryption  of blocks and of	high security.
       WAKE was	designed by David J. Wheeler. It is intended  to  be  fast  on
       most  computers	and  relies  on	 repeated table	use and	having a large
       state space.

       SERPENT:	Serpent	is a 128-bit block cipher designed by  Ross  Anderson,
       Eli  Biham  and Lars Knudsen as a candidate for the Advanced Encryption
       Standard.  Serpent's design was limited to well understood  mechanisms,
       so  that	 could rely on the wide	experience of block cipher cryptanaly-
       sis, and	achieve	the highest  practical	level  of  assurance  that  no
       shortcut	 attack	will be	found. Serpent has twice as many rounds	as are
       necessary, to block all currently known shortcut	attacks. Despite these
       exacting	design constraints, Serpent is faster than DES.

       IDEA:  IDEA  stands for International Data Encryption Algorithm and was
       designed	by Xuejia Lai and James	Massey.	It operates  on	 64bit	blocks
       and  uses a key of 128 bits.  Refer to Ascom-Tech AG for	any copyright,
       patent or license issues	for the	IDEA algorithm.	IDEA is	provided  only
       as an extra module to libmcrypt.

       ENIGMA  (UNIX  crypt):  A one-rotor machine designed along the lines of
       Enigma but considerable trivialized. Very easy to break for  a  skilled
       cryptanalyst.  I	suggest	against	using it. Added	just for completeness.

       GOST:  A	former soviet union's algorithm. An acronym for	"Gosudarstven-
       nyi Standard" or	Government Standard. It	uses a 256 bit key  and	 a  64
       bit block.
	The  S-boxes  used here	are described in the Applied Cryptography book
       by Bruce	Schneier. They were used in an	application  for  the  Central
       Bank of the Russian Federation.
	Some  quotes  from  gost.c:  The  standard  is	written	 by A. Zabotin
       (project	leader), G.P. Glazkov, and V.B.	Isaeva.	 It was	 accepted  and
       introduced  into	 use by	the action of the State	Standards Committee of
       the USSR	on 2 June 1989 as No. 1409.  It	was to be  reviewed  in	 1993,
       but  whether  anyone wishes to take on this obligation from the USSR is
       questionable.
	This code is based on the 25 November 1993 draft translation by	 Alek-
       sandr Malchik, with Whitfield Diffie, of	the Government Standard	of the
       U.S.S.R.	GOST 28149-89, "Cryptographic Transformation  Algorithm",  ef-
       fective	1 July 1990.  (Whitfield.Diffie@eng.sun.com) Some details have
       been cleared up by the paper "Soviet  Encryption	 Algorithm"  by	 Josef
       Pieprzyk	 and  Leonid Tombak of the University of Wollongong, New South
       Wales.  (josef/leo@cs.adfa.oz.au)

       SAFER: SAFER (Secure And	Fast Encryption	Routine) is a block cipher de-
       veloped by Prof.	J.L. Massey at the Swiss Federal Institute of Technol-
       ogy.  There exist four versions of this algorithm, namely: SAFER	K-64 ,
       SAFER  K-128  ,	SAFER SK-64 and	SAFER SK-128.  The numerals 64 and 128
       stand for the length of the user-selected key, 'K' stands for the orig-
       inal key	schedule and 'SK' stands for the strengthened key schedule (in
       which some of the "weaknesses" of the original key schedule  have  been
       removed). In mcrypt only	SAFER SK-64 and	SAFER SK-128 are used.

       SAFER+:	SAFER+	was  designed  by  Prof.  J.L. Massey, Prof. Gurgen H.
       Khachatrian and Dr. Melsik K. Kuregian for Cylink. SAFER+ is  based  on
       the  existing  SAFER family of ciphers and provides for a block size of
       128bits and 128,	192 and	256 bits key length.

       A short description of the modes	supported by libmcrypt:

       STREAM: The mode	used with stream ciphers. In this mode	the  keystream
       from  the  cipher is XORed with the plaintext. Thus you should NOT ever
       use the same key.

       ECB: The	Electronic CodeBook mode. It is	the simplest mode to use  with
       a  block	 cipher. Encrypts each block independently. It is a block mode
       so plaintext length should be a multiple	of blocksize (n*blocksize).

       CBC: The	Cipher Block Chaining mode. It is better than  ECB  since  the
       plaintext is XOR'ed with	the previous ciphertext. A random block	should
       be placed as the	first block (IV) so the	same block or messages	always
       encrypt	to something different.	It is a	block mode so plaintext	length
       should be a multiple of blocksize (n*blocksize).

       CFB: The	Cipher-Feedback	Mode (in 8bit).	This is	 a  self-synchronizing
       stream cipher implemented from a	block cipher. This is the best mode to
       use for encrypting strings or streams. This mode	requires an IV.

       OFB: The	Output-Feedback	Mode (in 8bit).	This is	a  synchronous	stream
       cipher implemented from a block cipher. It is intended for use in noisy
       lines, because corrupted	ciphertext blocks do not corrupt the plaintext
       blocks  that follow. Insecure (because used in 8bit mode) so it is rec-
       ommended	not to use it. Added just for completeness.

       nOFB: The Output-Feedback Mode (in nbit). n Is the size of the block of
       the  algorithm.	This is	a synchronous stream cipher implemented	from a
       block cipher. It	is intended for	use in noisy lines, because  corrupted
       ciphertext blocks do not	corrupt	the plaintext blocks that follow. This
       mode operates in	streams.

       nCFB: The Cipher-Feedback Mode (in nbit). n Is the size of the block of
       the  algorithm.	This is	a self synchronizing stream cipher implemented
       from a block cipher. This mode operates in streams.

       CTR: The	Counter	Mode. This is a	stream cipher implemented from a block
       cipher.	This  mode  uses  the cipher to	encrypt	a set of input blocks,
       called counters,	to produce blocks that will be XORed with  the	plain-
       text.  In libmcrypt the counter is the given IV which is	incremented at
       each step.  This	mode operates in streams.

       Error Recovery in these modes: If bytes are removed or  lost  from  the
       file  or	 stream	 in ECB, CTR, CBC and OFB modes, are impossible	to re-
       cover, although CFB and nCFB modes will recover.	If some	bytes are  al-
       tered  then  a full block of plaintext is affected in ECB, nOFB and CTR
       modes, two blocks in CBC, nCFB and CFB modes, but only the  correspond-
       ing byte	in OFB mode.

       Encryption can be done as follows:

       A  call	to function: MCRYPT mcrypt_module_open(	char *algorithm, char*
       algorithm_directory,		   char* mode, char* mode_directory);

       This function associates	the algorithm and  the	mode  specified.   The
       name  of	the algorithm is specified in algorithm, eg "twofish", and the
       algorithm_directory is the directory where the algorithm	is (it may  be
       null if it is the default). The same applies for	the mode.  The library
       is closed by calling mcrypt_module_close(), but	you  should  not  call
       that  function  if  mcrypt_generic_end()	is called before.  Normally it
       returns an encryption descriptor, or MCRYPT_FAILED on error.

       A call to function: int mcrypt_generic_init( MCRYPT td, void *key,  int
       lenofkey, void *IV);

       This function initializes all buffers for the specified thread The max-
       imum  value  of	lenofkey  should  be  the  one	obtained  by   calling
       mcrypt_get_key_size() and every value smaller than this is legal.  Note
       that Lenofkey should be specified in bytes not  bits.   The  IV	should
       normally	 have  the size	of the algorithms block	size, but you must ob-
       tain the	size by	calling	mcrypt_get_iv_size().  IV is ignored  in  ECB.
       IV  MUST	 exist in CFB, CBC, STREAM, nOFB and OFB modes.	It needs to be
       random and unique (but not secret). The same IV must be	used  for  en-
       cryption/decryption.   After  calling this function you can use the de-
       scriptor	for encryption or decryption (not both).  Returns  a  negative
       value on	error.

       To encrypt now call:

       int mcrypt_generic( MCRYPT td, void *plaintext, int len);

       This  is	 the main encryption function. td is the encryption descriptor
       returned	by mcrypt_generic_init(). Plaintext is the plaintext you  wish
       to encrypt and len should be the	length (in bytes) of the plaintext and
       it should be k*algorithms_block_size if used in a mode  which  operated
       in  blocks  (cbc, ecb, nofb), or	whatever when used in cfb or ofb which
       operate in streams. The plaintext is replaced by	 the  ciphertext.  Re-
       turns 0 on success.

       To decrypt you can call:

       int mdecrypt_generic( MCRYPT td,	void *ciphertext, int len);

       The  decryption	function.  It  is almost the same with mcrypt_generic.
       Returns 0 on success.

       When you're finished you	should call:

       int mcrypt_generic_end( MCRYPT td);

       This function terminates	encryption specified  by  the  encryption  de-
       scriptor	(td).  Actually	it clears all buffers, and closes all the mod-
       ules used.  Returns a negative value on error.  This function is	depre-
       cated.  Use mcrypt_generic_deinit() and mcrypt_module_close() instead.

       int mcrypt_generic_deinit( MCRYPT td);

       This  function  terminates  encryption  specified by the	encryption de-
       scriptor	(td).  Actually	it clears all  buffers.	 The  difference  with
       mcrypt_generic_end()  is	 that this function does not close the modules
       used. Thus you should use mcrypt_module_close().	 Using	this  function
       you  gain in speed if you use the same modules for several encryptions.
       Returns a negative value	on error.

       int mcrypt_module_close(	MCRYPT td);

       This function closes the	modules	used by	the descriptor td.

       These are some extra functions that operate on modules that  have  been
       opened: These functions have the	prefix mcrypt_enc_*.

       int  mcrypt_enc_set_state(MCRYPT	td, void *state, int size); This func-
       tion sets the state of the algorithm. Can be used only with block algo-
       rithms and certain modes	like CBC, CFB etc.  It is usefully if you want
       to restart or start a different encryption quickly.   Returns  zero  on
       success.	The state is the output	of mcrypt_enc_get_state().

       int mcrypt_enc_get_state(MCRYPT td, void	*state,	int *size); This func-
       tion returns the	state of the algorithm.	Can be used only certain modes
       and  algorithms.	The size will hold the size of the state and the state
       must have enough	bytes to hold it.  Returns zero	on success.

       int mcrypt_enc_self_test( MCRYPT	td);

       This function runs the self test	on the algorithm specified by the  de-
       scriptor	td. If the self	test succeeds it returns zero.

       int mcrypt_enc_is_block_algorithm_mode( MCRYPT td);

       Returns	1  if  the mode	is for use with	block algorithms, otherwise it
       returns 0. (eg. 0 for stream, and 1 for cbc, cfb, ofb)

       int mcrypt_enc_is_block_algorithm( MCRYPT td);

       Returns 1 if the	algorithm is a block algorithm or 0 if it is a	stream
       algorithm.

       int mcrypt_enc_is_block_mode( MCRYPT td);

       Returns 1 if the	mode outputs blocks of bytes or	0 if it	outputs	bytes.
       (eg. 1 for cbc and ecb, and 0 for cfb and stream)

       int mcrypt_enc_get_block_size( MCRYPT td);

       Returns the block size of the algorithm specified by the	encryption de-
       scriptor	 in  bytes.  The  algorithm  MUST  be opened using mcrypt_mod-
       ule_open().

       int mcrypt_enc_get_key_size( MCRYPT td);

       Returns the maximum supported key size of the  algorithm	 specified  by
       the  encryption descriptor in bytes. The	algorithm MUST be opened using
       mcrypt_module_open().

       int* mcrypt_enc_get_supported_key_sizes(	MCRYPT td, int*	sizes)

       Returns the key sizes supported by the algorithm	specified by  the  en-
       cryption	 descriptor.   If  sizes is zero and returns NULL then all key
       sizes between 1 and mcrypt_get_key_size() are supported	by  the	 algo-
       rithm. If it is 1 then only the mcrypt_get_key_size() size is supported
       and sizes[0] is equal to	it. If it is greater than 1 then  that	number
       specifies  the number of	elements in sizes which	are the	key sizes that
       the algorithm supports. The returned value is allocated with malloc, so
       you should not forget to	free it.

       int mcrypt_enc_get_iv_size( MCRYPT td);

       Returns size of the IV of the algorithm specified by the	encryption de-
       scriptor	in bytes. The  algorithm  MUST	be  opened  using  mcrypt_mod-
       ule_open().   If	it is '0' then the IV is ignored in that algorithm. IV
       is used in CBC, CFB, OFB	modes, and in some algorithms in STREAM	mode.

       int mcrypt_enc_mode_has_iv( MCRYPT td);

       Returns 1 if the	mode needs an IV, 0  otherwise.	 Some  'stream'	 algo-
       rithms may need an IV even if the mode itself does not need an IV.

       char* mcrypt_enc_get_algorithms_name( MCRYPT td);

       Returns	a  character  array containing the name	of the algorithm.  The
       returned	value is allocated with	malloc,	so you should  not  forget  to
       free it.

       char* mcrypt_enc_get_modes_name(	MCRYPT td);

       Returns	a  character  array  containing	the name of the	mode.  The re-
       turned value is allocated with malloc, so you should not	forget to free
       it.

       These are some extra functions that operate on modules: These functions
       have the	prefix mcrypt_module_*.

       int mcrypt_module_self_test (char* algorithm, char* directory);

       This function runs the self test	on the	specified  algorithm.  If  the
       self test succeeds it returns zero.

       int  mcrypt_module_is_block_algorithm_mode(  char* algorithm, char* di-
       rectory);

       Returns 1 if the	mode is	for use	with block  algorithms,	 otherwise  it
       returns 0. (eg. 0 for stream, and 1 for cbc, cfb, ofb)

       int mcrypt_module_is_block_algorithm( char* mode, char* directory);

       Returns	1 if the algorithm is a	block algorithm	or 0 if	it is a	stream
       algorithm.

       int mcrypt_module_is_block_mode(	char* mode, char* directory);

       Returns 1 if the	mode outputs blocks of bytes or	0 if it	outputs	bytes.
       (eg. 1 for cbc and ecb, and 0 for cfb and stream)

       int  mcrypt_module_get_algo_block_size(	char*  algorithm, char*	direc-
       tory);

       Returns the block size of the algorithm.

       int mcrypt_module_get_algo_key_size( char* algorithm, char* directory);

       Returns the maximum supported key size of the algorithm.

       int* mcrypt_module_get_algo_supported_key_sizes(	char* algorithm, char*
       directory, int* sizes);

       Returns	the key	sizes supported	by the algorithm. If sizes is zero and
       returns NULL then all key sizes between 1 and mcrypt_get_key_size() are
       supported   by	the   algorithm.   If	it   is	  1   then   only  the
       mcrypt_get_key_size() size is supported and sizes[0] is equal to	it. If
       it  is greater than 1 then that number specifies	the number of elements
       in sizes	which are the key sizes	 that  the  algorithm  supports.  This
       function	 differs  to mcrypt_enc_get_supported_key_sizes(), because the
       return value here is allocated (not static), thus it should be freed.

       char** mcrypt_list_algorithms ( char* libdir, int* size);

       Returns a pointer to a character	array containing all the mcrypt	 algo-
       rithms  located	in the libdir, or if it	is NULL, in the	default	direc-
       tory. The size is the number of the character arrays.  The  arrays  are
       allocated internally and	should be freed	by using mcrypt_free_p().

       char** mcrypt_list_modes	( char*	libdir,	int *size);

       Returns	a pointer to a character array containing all the mcrypt modes
       located in the libdir, or if it is NULL,	in the default directory.  The
       size is the number of the character arrays.  The	arrays should be freed
       by using	mcrypt_free_p().

       void mcrypt_free_p (char	**p, int size);

       Frees the pointer to array returned by previous functions.

       void mcrypt_free	(void *ptr);

       Frees the memory	used by	the pointer.

       void mcrypt_perror(int err);

       This function prints a human readable description of the	error 'err' in
       the    stderr.	  The	 err   should	be   a	 value	 returned   by
       mcrypt_generic_init().

       const char* mcrypt_strerror(int err);

       This function returns a human readable description of the error	'err'.
       The err should be a value returned by mcrypt_generic_init().

       int mcrypt_mutex_register ( void	(*mutex_lock)(void) , void (*mutex_un-
       lock)(void) );

       This function is	only used in multithreaded  application	 and  only  if
       compiled	with dynamic module loading support. This is actually used in-
       ternally	in libltdl. Except for the dynamic module loading libmcrypt is
       thread safe.

       Some  example programs follow here. Compile as "cc prog.c -lmcrypt", or
       "cc prog.c -lmcrypt -lltdl" depending on	your installation.  Libltdl is
       used for	opening	dynamic	libraries (modules).

       /* First	example: Encrypts stdin	to stdout using	TWOFISH	with 128 bit key and CFB */

       #include	<mcrypt.h>
       #include	<stdio.h>
       #include	<stdlib.h>
       /* #include <mhash.h> */

       main() {

	 MCRYPT	td;
	 int i;
	 char *key;
	 char password[20];
	 char block_buffer;
	 char *IV;
	 int keysize=16; /* 128	bits */

	 key=calloc(1, keysize);
	 strcpy(password, "A_large_key");

       /* Generate the key using the password */
       /*  mhash_keygen( KEYGEN_MCRYPT,	MHASH_MD5, key,	keysize, NULL, 0, password, strlen(password));
	*/
	 memmove( key, password, strlen(password));

	 td = mcrypt_module_open("twofish", NULL, "cfb", NULL);
	 if (td==MCRYPT_FAILED)	{
	    return 1;
	 }
	 IV = malloc(mcrypt_enc_get_iv_size(td));

       /* Put random data in IV. Note these are	not real random	data,
	* consider using /dev/random or	/dev/urandom.
	*/

	 /*  srand(time(0)); */
	 for (i=0; i< mcrypt_enc_get_iv_size( td); i++)	{
	   IV[i]=rand();
	 }

	 i=mcrypt_generic_init(	td, key, keysize, IV);
	 if (i<0) {
	    mcrypt_perror(i);
	    return 1;
	 }

	 /* Encryption in CFB is performed in bytes */
	 while ( fread (&block_buffer, 1, 1, stdin) == 1 ) {
	     mcrypt_generic (td, &block_buffer,	1);

       /* Comment above	and uncomment this to decrypt */
       /*    mdecrypt_generic (td, &block_buffer, 1);  */

	     fwrite ( &block_buffer, 1,	1, stdout);
	 }

       /* Deinit the encryption	thread,	and unload the module */
	 mcrypt_generic_end(td);

	 return	0;

       }

       /* Second Example: encrypts using CBC and SAFER+	with 192 bits key */

       #include	<mcrypt.h>
       #include	<stdio.h>
       #include	<stdlib.h>

       main() {

	 MCRYPT	td;
	 int i;
	 char *key; /* created using mcrypt_gen_key */
	 char *block_buffer;
	 char *IV;
	 int blocksize;
	 int keysize = 24; /* 192 bits == 24 bytes */

	 key = calloc(1, keysize);
	 strcpy(key, "A_large_and_random_key");

	 td = mcrypt_module_open("saferplus", NULL, "cbc", NULL);

	 blocksize = mcrypt_enc_get_block_size(td);
	 block_buffer =	malloc(blocksize);
       /* but unfortunately this does not fill all the key so the rest bytes are
	* padded with zeros. Try to use	large keys or convert them with	mcrypt_gen_key().
	*/

	 IV=malloc(mcrypt_enc_get_iv_size(td));

       /* Put random data in IV. Note these are	not real random	data,
	* consider using /dev/random or	/dev/urandom.
	*/

       /* srand(time(0)); */
	 for (i=0; i < mcrypt_enc_get_iv_size(td); i++)	{
	   IV[i]=rand();
	 }

	 mcrypt_generic_init( td, key, keysize,	IV);

	 /* Encryption in CBC is performed in blocks */
	 while ( fread (block_buffer, 1, blocksize, stdin) == blocksize	) {
	     mcrypt_generic (td, block_buffer, blocksize);
       /*      mdecrypt_generic	(td, block_buffer, blocksize); */
	     fwrite ( block_buffer, 1, blocksize, stdout);
	 }

       /* deinitialize the encryption thread */
	 mcrypt_generic_deinit (td);

       /* Unload the loaded module */
	 mcrypt_module_close(td);
	 return	0;

       }

       The library does	not install any	signal handler.

       Questions about libmcrypt should	be sent	to:

	      mcrypt-dev@lists.hellug.gr  or, if this fails, to	the author ad-
	      dresses given below.  The	mcrypt home page is:

	      http://mcrypt.hellug.gr

AUTHORS
       Version 2.4 Copyright (C) 1998-1999  Nikos  Mavroyanopoulos  (nmav@hel-
       lug.gr).

       Thanks  to  all	the people who reported	problems and suggested various
       improvements for	mcrypt;	who are	too numerous to	cite here.

				 10 March 2002			     MCRYPT(3)

NAME | SYNOPSIS | DESCRIPTION | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=mcrypt&sektion=3&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help