Cryptkit is a Tcl binding to the Cryptlib security toolkit. From the Cryptlib web site - "The Cryptlib security toolkit is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. The high-level interface provides anyone with the ability to add strong security capabilities to an application in as little as half an hour, without needing to know any of the low-level details that make the encryption or authentication work. Because of this, cryptlib dramatically reduces the cost involved in adding security to new or existing applications." [http://www.cs.auckland.ac.nz/~pgut001/cryptlib] Cryptkit brings these benefits to Tcl. This first release provides an API that closely matches the Cryptlib C API (to remain consistent with the existing documentation). The next release will have a more "Tclish" API. Downloads * the Cryptkit README [http://www.digitalsmarties.com/cryptkit/README] * a [Starkit] containing a pre-built Cryptkit package for Linux-x86, Mac OSX, Windows-x86 and Sharp Zaurus (Linux-ARM) [http://tcl.tk/starkits/cryptkit.kit] * the Cryptkit source [http://www.digitalsmarties.com/cryptkit/cryptkit.tar.gz] * some test scripts at [http://www.digitalsmarties.com/cryptkit/tests] also demonstrate the use of Cryptkit from Tcl Cryptkit was written by [Steve Landers] and was made possible through the financial support of [Eolas] Technologies Inc. Cryptkit is distributed under a Tcl BSD style license, as documented in the license.terms file in the distribution. ---- [MDD]: Great job Steve! ---- Example - test cipher proc testCipher {cryptAlgo keySize algoName} { # Create context with random IV (if it needs one) and a key derived # from a password using a salt and iteration count to hinder guessing # attacks cryptCreateContext encContext CRYPT_UNUSED $cryptAlgo cryptSetAttribute $encContext CRYPT_CTXINFO_KEYSIZE $keySize cryptSetAttribute $encContext CRYPT_CTXINFO_KEYING_ITERATIONS 10000 cryptSetAttributeString $encContext CRYPT_CTXINFO_KEYING_SALT "salt1234" cryptSetAttributeString $encContext CRYPT_CTXINFO_KEYING_VALUE "password123" # Encrypt 10 MB of text set text [binary format a[expr {10 * 1024 * 1024}] \0] set startTime [clock seconds] cryptEncrypt $encContext $text set endTime [clock seconds] puts "$cryptAlgo 10 Mb in [expr {$endTime - $startTime}] seconds" cryptDestroyContext $encContext } cryptInit cryptAddRandom NULL CRYPT_RANDOM_SLOWPOLL testCipher CRYPT_ALGO_HMAC_SHA 32 "HMAC-SHA1 Processed" testCipher CRYPT_ALGO_RC4 16 "RC4 Encrypted" testCipher CRYPT_ALGO_AES 16 "AES-128 CBC Encrypted" testCipher CRYPT_ALGO_AES 32 "AES-256 CBC Encrypted" testCipher CRYPT_ALGO_3DES 24 "3DES CBC Encrypted" cryptEnd ---- '''Implementation''' Cryptkit is implemented using [Critcl] and uses the new '''critcl::cdefines''' feature that maps C #defines and enums into a Tcl namespace. For example, cryptkit.tcl uses the following to map Cryptlib symbols (i.e. #defines and enums) into the cryptkit namespace # map Cryptlib #defines and enums into the current namespace critcl::cdefines CRYPT_* [namespace current] # other defines critcl::cdefines { NULL TRUE FALSE TCL_OK TCL_ERROR } cryptkit ---- '''SHA-1 Example''' source cryptkit.kit package require cryptkit namespace import cryptkit::* cryptkit::cryptInit proc sha1 {data} { cryptCreateContext hashContext CRYPT_UNUSED CRYPT_ALGO_SHA cryptEncrypt $hashContext $data # Finalize: if you want to stream, wait until the last block to do this. cryptEncrypt $hashContext "" cryptGetAttributeString $hashContext CRYPT_CTXINFO_HASHVALUE hash 20 cryptDestroyContext $hashContext binary scan $hash H* hexhash return $hexhash } ---- [RLH] - Is there a way to put the 'source cryptkit.kit' in a pkgIndex file? I like to keep all my stuff in the lib directory (I am on Windows). ''02feb05 - The way to do that is to unwrap the starkit, and copy all its lib/* directories to yours. The above "source" is a way to avoid the need for unwrapping when things live in a starkit - it does nothing but mount and add (all packages in) the starkit's lib area to auto_path -[jcw]'' [LV] There was/is a TIP that [aku] I think proposed that described tcl modules, right? In that TIP, I was thinking that there was something about being able to distribute Tcl extensions in other forms, such as a starkit. I know I think that being able to drop a starkit somewhere in $exec_prefix/lib and having a package require find and load it - without having to unwrap the starkit - would make distribution for me a lot easier. ''[jcw] - Do:'' foreach x [glob -nocomplain /path/to/my/starkit/collection/*] { source $x } ''After that, all packages inside them can be used via package require.'' [RLH] - That is cool... [Lars H]: How about this for putting the [source] command in a pkgIndex file? package ifneeded cryptkit.kit 0.0 [format { source [file join %s cryptkit.kit] package require cryptkit } [list $dir]] Whether it will do any good in this particular case I cannot say, but perhaps it can serve as inspiration. [RLH] - I tried the above on Windows XP and it does not work. But it would be cool if it did. [stevel] - one technique mentioned to me by [Steve Redler IV] is to put the Starkit somewhere on your PATH, and use auto_execok thus source [auto_execok cryptkit.kit] package require cryptkit [PT]: The following pkgIndex.tcl will work with cryptkit.kit if it is installed in the same directory. package ifneeded cryptkit 1.0 \ "source [file join $dir cryptkit.kit];\ source [file join $dir cryptkit.kit lib cryptkit critcl.tcl];\ critcl::loadlib [file join $dir cryptkit.kit lib cryptkit] cryptkit 1.0;\ eval \[package ifneeded cryptkit 1.0\]" ---- I have problems with importing certs witch cryptkit and accessing attributes. I loop on att and I dont't know how to see if an attribute will be in binary form (conversion needeed with binary scan) or in string form. ::cryptkit::cryptGetAttributeString $cert $att attributeNeeded ::cryptkit::NULL Any idea ? ---- [RLH] - Does cryptlib/Cryptkit support SHA-256/512? [PT] 23-Feb-2005: Not at this time. See the FAQ at [http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html#Q5] [stevel] 23-Feb-2005: See also this post where the Cryptlib author puts concerns re SHA-1 into perspective [http://article.gmane.org/gmane.comp.encryption.cryptlib/1080] [RLH] - I happen to think it is not a real big deal myself but thought I would ask about the others. ---- [Hermann Boeken] 13-Aug-2009: Is cryptkit from http://www.digitalsmarties.com/cryptkit/cryptkit.tar.gz compatible with cryptlib 3.3.3 from http://www.cs.auckland.ac.nz/~pgut001/cryptlib/? After building the static cryptlib library, copying the cryptlib.h and libcl.a (renaming it to libcl-linux-ix86.a) to the cryptkit directory and building the cryptkit with critcl2 I get an error when trying to load the package into my tclsh 8.5.4: % package req cryptkit couldn't load file "/home/hermann/Tcl/cryptkit/lib/cryptkit/linux-ix86/cryptkit.so": /home/hermann/Tcl/cryptkit/lib/cryptkit/linux-ix86/cryptkit.so: undefined symbol: __res_query Sorry for posting this here, but I couldn't find a better place. [stevel] 13-Aug-2009 - That cryptkit version was built against Cryptlib 3.2, and I haven't yet tried building against the latest cryptlib. Re the res_query, depending on the Linux version you might need to add -lresolv to the link arguments. ---- '''Acknowledgements''' * [Michael Doyle] for the idea of a Cryptlib binding for Tcl * [Jeff Hobbs] for his help in reviewing the generated C code * [Steve Redler IV] for providing access to his Sharp Zaurus and helping with the Cryptkit port * [Pat Thoyts] for helping to get the Windows port working * [Jean-Claude Wippler] for also helping with the Windows port ---- Pierre Coueffin July 20, 2007: All the Digital Smarties links for cryptkit appear to be down. The Starkit is still available, but there is no source tarball anymore. Any idea what happened? [stevel] Yes, I changed servers and forgot to copy it. Fixed now. ---- [Category Tclkit] - [Category Package] - [Category Cryptography] ----