ExSite::Crypt - ExSite crypto driver

The Crypt class encrypts/decrypts arbitrary data and represents the ciphertext using URL-safe characters [A-Z][a-z][0-9][-_]. This allows the ciphertext to easily be placed in URLs, forms, or SQL statements.

The default encryption scheme is TEA (Tiny Encryption Algorithm) as defined at http://www.ftp.cl.cam.ac.uk/ftp/papers/djw-rmn/djw-rmn-tea.html . TEA provides strong 128-bit encryption with a very concise algorithm, and concise output. ExSite's implementation has the following features not found in other TEA implementations:

Although ExSite alters your key in strong mode, it is still good practice to use a different passphrase for strong and fast encryption tasks.

To make the ciphertext URL-safe, we MIME-encode it, then we replace '+' characters with '-', and '/' with '_'. We also strip MIME's '=' pad characters, which are superfluous for our purposes.

To override the default crypto algorithms, simply install your own 'encrypt' and 'decrypt' handlers, and have them do whatever you like. They receive 1 argument each, the plaintext and ciphertext, respectively. There is an expectation by some parts of ExSite that the ciphertext is URL-safe ASCII. You can always pass your text through ExSite::Misc::safetext and ExSite::Misc::unsafetext if not URL-safe.

Note that fast mode is only 2-3 times as fast as strong mode.

Usage:

my $c = new ExSite::Crypt(%options); # eg.

my $c = new ExSite::Crypt(); # or

my $c = new ExSite::Crypt(key=``a reasonably lengthly passphrase'', mode=>``fast'');>

my $c = new ExSite::Crypt(level=32,mode=>``fast'');> # use full number of rounds, but other fast shortcuts

my $ciphertext = $c->encrypt($plaintext);

my $plaintext = $c->decrypt($ciphertext);

Automatic Encrpytion

Database columns that are defined (by ExSite) to be of the ``crypt'' datatype will have their contents automatically encrypted/decrypted when written to or read from the database. These columns otherwise behave like ``text'' datatypes.

User passwords will be automatically encrypted/decrypted if $config{auth}{password_storage_method} eq "crypt".

The Crypt class is also invoked automatically for construction and parsing of authtokens for automatic logins (see ExSite::Auth).