unofficial mirror of help-gnu-emacs@gnu.org
 help / color / mirror / Atom feed
* Let us see how to encrypt with Emacs?
@ 2021-07-09  7:38 Jean Louis
  2021-07-09 10:39 ` Eli Zaretskii
  0 siblings, 1 reply; 10+ messages in thread
From: Jean Louis @ 2021-07-09  7:38 UTC (permalink / raw)
  To: Help GNU Emacs

I would like to make a simple function where I can encrypt strings
with Emacs. I did not find enough examples in Emacs Lisp manual:

 -- Function: gnutls-ciphers
     This function returns the alist of the GnuTLS ciphers.

     Each entry has a key which represents the cipher, followed by a
     plist with internal details about the algorithm.  The plist will
     have ‘:type gnutls-symmetric-cipher’ and also will have the keys
     ‘:cipher-aead-capable’ set to ‘nil’ or ‘t’ to indicate AEAD
     capability; and ‘:cipher-tagsize’ ‘:cipher-blocksize’
     ‘:cipher-keysize’ ‘:cipher-ivsize’ to indicate the size, in bytes,
     of the tag, block size of the resulting data, the key, and the IV
respectively.

(gnutls-ciphers) gives among other cipers this example:

(CHACHA20-64 :cipher-id 35 :type gnutls-symmetric-cipher
:cipher-aead-capable nil :cipher-tagsize 0 :cipher-blocksize 64
:cipher-keysize 32 :cipher-ivsize 16)

So let us say I wish to use CHACHA20-64 cipher.

 -- Function: gnutls-symmetric-encrypt cipher key iv input &optional
          aead_auth
     The CIPHER can be the whole plist from ‘gnutls-ciphers’, or just
     the symbol key, or a string with the name of that symbol.

     The KEY can be specified as a buffer or string or in other ways
     (*note Format of GnuTLS Cryptography Inputs::).  The KEY will be
     wiped after use if it’s a string.

     The IV and INPUT and the optional AEAD_AUTH can be specified as a
     buffer or string or in other ways (*note Format of GnuTLS
     Cryptography Inputs::).

     AEAD_AUTH is only checked with AEAD ciphers, that is, ciphers whose
     plist has ‘:cipher-aead-capable t’.  Otherwise it’s ignored.

     This function returns ‘nil’ on error, and signals a Lisp error if
     the CIPHER or KEY, IV, or INPUT are invalid, or if AEAD_AUTH was
     specified with an AEAD cipher and was invalid.

     On success, it returns a list of a binary string (the output) and
     the IV used.

As from:
(info "(elisp) Format of GnuTLS Cryptography Inputs") I am not
getting how to invoke function (iv-auto 16), does anybody knows
how to do that?

I was thinking something like this:

(gnutls-symmetric-encrypt "CHACHA20-64" "MyPassword987" (make-string 16 (random 100)) "Text to encrypt")

but error is:

(error "GnuTLS cipher CHACHA20-64/encrypt key length 13 is not equal to the required 32")

which is somehow clear, so maybe I could use the function `string-pad':

(gnutls-symmetric-encrypt "CHACHA20-64" (string-pad "MyPassword987" 32) (make-string 16 (random 100)) "Text to encrypt")

then I get error:

(error "GnuTLS cipher CHACHA20-64/encrypt input block length 15 is not a multiple of the required 64")

and try to remedy it with some result, that is vague, as text
longer than 64 I would not know how to chunk and what is expected
from me:

(gnutls-symmetric-encrypt "CHACHA20-64" (string-pad "MyPassword987" 32) (make-string 16 (random 100)) (string-pad "Text to encrypt" 64)) ⇒ ("woEB\351^[Q^[e\262\x026Hn\360\211\332g\336\331@\357\327\246n\326XL\344\334=\305\x1c\307\232\360\277\x01\301\253\215\3108\x15\202^['\a\232\301\234\373\234\364\344\276ws\355\x1d\x06YJQ" "****************")

(setq encrypted (gnutls-symmetric-encrypt "CHACHA20-64" (string-pad "MyPassword987" 32) (make-string 16 (random 100)) (string-pad "Text to encrypt" 64)))

And I can decrypt it:

(car (gnutls-symmetric-decrypt "CHACHA20-64" (string-pad "MyPassword987" 32) (cadr encrypted) (car encrypted))) ⇒ "Text to encrypt                                                 "

but that is not well integrated for practical encryption as I
have to employ padding even for string to be encrypted, and
chunking of string to 64 bytes.

So I would like to use this input, but I do not understand and
cannot get example how to usei t, and I did review md5 and
secure-hash functions and still... I need help.

33.27.1 Format of GnuTLS Cryptography Inputs
--------------------------------------------

The inputs to GnuTLS cryptographic functions can be specified in several
ways, both as primitive Emacs Lisp types or as lists.

   The list form is currently similar to how ‘md5’ and ‘secure-hash’
operate.

‘BUFFER’
     Simply passing a buffer as input means the whole buffer should be
     used.

‘STRING’
     A string as input will be used directly.  It may be modified by the
     function (unlike most other Emacs Lisp functions) to reduce the
chance of exposing sensitive data after the function does its work.

I am trying to use list with STRING as following and that does not work:

(gnutls-symmetric-encrypt "CHACHA20-64" (string-pad "MyPassword987" 32) (make-string 16 (random 100)) '(STRING "Text to encrypt"))

I am just guessing that as explained in (info "(elisp) Format of
GnuTLS Cryptography Inputs") that such input with STRING in the
list would automaticall chunk the string how it is necessary.

I need confirmation on that as to construct more practical
function for my neeeds.


Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/



^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2021-07-09 12:53 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-07-09  7:38 Let us see how to encrypt with Emacs? Jean Louis
2021-07-09 10:39 ` Eli Zaretskii
2021-07-09 11:32   ` Jean Louis
2021-07-09 11:52     ` tomas
2021-07-09 12:35       ` Jean Louis
2021-07-09 12:43         ` tomas
2021-07-09 11:55     ` Eli Zaretskii
2021-07-09 12:28       ` Jean Louis
2021-07-09 12:53         ` Eli Zaretskii
2021-07-09 12:27   ` Jean Louis

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).