Re: encryption related question ..

From reading RFC 2898 it seems to me that PKCS5 is a standard for file formats, padding schemes and the like, not an encryption algorithm.

I'd guess that it uses AES as encryption method, but in case of doubt you need to find the documentation and/or the source code of the encryption library to find out.

Crypt::CBC supports PKCS#5 padding, so that's what you should try to use.

Perl 6 - links to (nearly) everything that is Perl 6.

Comment on Re: encryption related question ..

Replies are listed 'Best First'.
Re^2: encryption related question .. by dHarry (Abbot) on Jun 22, 2010 at 14:23 UTC
Hmm, I'm not sure, see PKCS #5: Password-Based Cryptography Standard. It's not clear to me what the Java implementation uses though. For key derivation MD2, MD5, SHA-1 or some pseudo random function is used. As an encryption scheme, DES or RC2 is used, or again a key derivation function, e.g. a HMAC-SHA variant (from appendix B, draft PKCS #5 v2.1 ). By combining some perl modules from Gisle Aas it should be possible to duplicate the `StandardPBEStringEncryptor` class behavior. But it starts by finding out what exactly this class implements, so far I have not been able to find it. Then I found does-it-implement-or-include-cryptographic-algorithms?. So it seems to use whatever the Java Cryptographic Extension (JCE) provides. And at a first glance it looks like "it depends", like on the java version used? Cheers Harry	[reply] [d/l]
Re^3: encryption related question .. by gmpdy76 (Initiate) on Jun 23, 2010 at 07:30 UTC
I went through the jasypt source code. Apparently, StandardPBEStringEncryptor inherits from StandardPBEByteEncryptor .. and that class has the defaults set. String DEFAULT_ALGORITHM = "PBEWithMD5AndDES"; int DEFAULT_KEY_OBTENTION_ITERATIONS = 1000; int DEFAULT_SALT_SIZE_BYTES = 8; Here's the source for StandardPBEByteEncryptor: http://jasypt.cvs.sourceforge.net/viewvc/jasypt/jasypt/src/main/java/org/jasypt/encryption/pbe/StandardPBEByteEncryptor.java?revision=1.23&view=markup Now to find Perl's equivalent for this algorithm :)	[reply]
Re^4: encryption related question .. by dHarry (Abbot) on Jun 23, 2010 at 10:20 UTC
So it's password based encryption which uses MD5 as hash function and DES as underlying block cipher. The pdf file which can be found at the link I provided, describes in detail how it works. The defaults from the Java class imply the PBKDF1 key derivation function with MD5 as hash function, and the PBES1 encryption, using DES. I may hope it's not necessary to implement all steps yourself. I would start with Digest::MD5 and Crypt::Des. I don't think there is an off-the-shelf perl solution to your problem. Maybe you should look for an openSSL perl module? Hope this helps, Harry NB Keep in mind that for some applications the chosen parameters will not be safe enough. I think the 1000 iterations is really a minimum and DES was cracked long ago.	[reply]