> Howdy list, > > I made a script that use Crypt::OpenPGP to > encrypt/decrypt some data. > > I was thinking about testing out some other Encryption > modules to see if any worked faster/ were more portable. > Since I'm not an encyption master I thoguht I'd ask for > input from any experienced in the matter. > > What I need is to accomplish this: > > use Crypt::OpenPGP; > my $pgp = Crypt::OpenPGP->new; > > my $ciphertext = $pgp->encrypt( > Data => $string, > Passphrase => $pass, > Armour => 1 > ); > > my $plaintext = $pgp->decrypt( > Data => $ciphertext, > Passphrase => $pass > ); > > I am looking to accomplish the above: > - running as quickly as possible > - as portably as possible > > I'd like to get a few ideas so I can install any needed modules > and benchmark them but there are so many to choose from! > > Any thoughts anyone? > > TIA >
Well my thoughts haven't changed much since March when I last responded to your similar questions... what I wrote then was.... "Crypt::OpenPGP - Written in Perl using numerous other Perl modules to simulate OpenPGP (with a gnupg compatibility setting) GnuPG::Interface - An elegant implementation of calling gnupg from the command line, requires gnupg to be installed on the local system. Two other modules exist, one of which uses a deprecated feature of gnupg that we had to avoid (and should probably be avoided and is replaced by the module mentioned above), the other failed to install because of a dependency problem, one we specifically wanted to avoid." On with today's rants.... Not sure if you are looking for specifically OpenPGP or not (I would be). As for your more specific questions this go around. The GnuPG::Interface is faster because it shells out to gnupg (which I normally argue against, except in this case), and the compiled C version of gnupg is much faster than the same standards implemented in Perl (at least so far). However I suspect that the Crypt::OpenPGP is "more portable" from the standpoint that you don't have to worry about gnupg being installed, version incompatibilities, etc. (just Perl and the module's dependencies which can get up there) however from a platform support standpoint GnuPG is about as good as any other OSS project, so excellent. However, if your strings are sufficiently small and it is a long running program then memory resident Crypt::OpenPGP might win out over the shelling out involved in the other, but not likely with larger files 100 kb+ or for scripts that have to be re-interpreted often (CGI for instance). If you are not as concerned about security (which would be odd since you are bothering with encryption at all, but ok) and speed and portability really are your concerns then I would look to using the Crypt based modules but picking a cipher and digest algorithm that take less time than the ones chosen for the OpenPGP standards, for instance using 3DES over RSA/DSA, etc.. To my knowledge, the only real way to speed up the encrypt/decrypt process (besides getting better hardware or a crypto device) is to use smaller keys in bits (though you appear to be using passwords instead of keys?) and weaker (faster) algorithms, you may also cut out the signature portion and the digest hashing, etc. Each of these suggestions has penalties wrt security, verifiability (word?), and the general purposes of cryptography. I am not an encryption expert, but the application I have been working on for the last year and a half is based on OpenPGP and written in Perl, so I have audited the above modules for our use (which we ended up not using them, I can explain why if needed but it relates to the bundle of mess that is POE). You may want to post your questions to the perl-crypto list (though it is very low traffic so I don't know how many lurk there). General encryption questions might be best asked to something like gnupg-users as it is fairly high traffic, the people are pretty nice, and certainly there are encryption experts there. Let me know (on or off list) if you have specific questions, I might be able to answer them... http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
