You are here

Cryptkit 1.0

admin의 아바타

홈페이지 : http://www.digitalsmarties.com/cryptkit/

        Cryptkit - A Tcl binding to the Cryptlib security toolkit

        Copyright (c) 2004 Steve Landers <<a href="mailto:steve@digitalsmarties.com">steve@digitalsmarties.com</a>>

                            Release 1.0

This Open Source project was made possible through the financial
support of Eolas Technologies Inc.

Cryptkit is distributed under a Tcl BSD style license, as documented in
the license.terms file.

The underlying Cryptlib security toolkit is distributed under a
difference license - please make sure you adhere to that and you
will be consistent with the Cryptkit license. Cryptlib is available
from <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib

Introduction
------------

This">http://www.cs.auckland.ac.nz/~pgut001/cryptlib

Introduction
----------...</a> version of Cryptkit provides an API that closely matches the
Cryptlib C API, with the exceptions mention in the Documentation
section below.

The next release of Cryptkit will have a more "Tclish" API.

Obtaining Cryptkit
------------------

A Starkit containing Cryptkit compiled for a number of platforms is available
from the Starkit Archive - <a href="http://mini.net/sdarchive/cryptkit.kit

If">http://mini.net/sdarchive/cryptkit.kit

If</a> Cryptkit hasn't yet been ported to your favourite platform,
follow the build instructions below. Please consider mailing the
Cryptkit author a copy of the resulting package so that it can be
included in the Cryptkit Starkit for the benefits of others.

Building Cryptkit
-----------------

Cryptkit is implemented using Critcl - the Tcl extension that allows
C code to be embedded in Tcl scripts.

To build Cryptkit you will need to download the Critcl Starkit from
<a href="http://mini.net/sdarchive/critcl.kit">http://mini.net/sdarchive/critcl.kit</a>. You'll need a copy of Tcl
that can interpret Starkits - either Tclkit (the single file Tcl/Tk
executable available from <a href="http://www.equi4.com/pub/tk">http://www.equi4.com/pub/tk</a>) or ActiveTcl
from <a href="http://www.activestate.com.

You'll">http://www.activestate.com.

You'll</a> also need a copy of the Cryptlib library version 3.11.

Before building Cryptkit ensure that there is a copy (or link) of
the static Cryptlib library for the current platform. This should
be called libcl_$platfom.a, where $platform is the current platform
name as provided by the Critcl "platform" command.

For example,
    Mac OSX     libcl_Darwin-ppc.a  
    Linux x86   libcl_Linux-x86.a

The Cryptkit source is distributed as a single file - cryptkit.tcl.
You'll also need a copy of (or link to) the cryptlib.h header file
from the Cryptkit library in the same directory as cryptkit.tcl

    $ ls
    cryptkit.tcl
    cryptlib.h
    libcl_Darwin-ppc.a
    libcl_Linux-x86.a

Once you have these, you can build the cryptkit package  using the
following critcl command

    $ critcl -pkg cryptkit

This will leave you with a lib directory containing the cryptkit
package ready for use in any Tcl application

Porting Notes
-------------

Mandrake Linux needs the optional glibc-static-devel package installed
so that Cryptkit can statically link libresolv.a.

Building Cryptlib
-----------------

If you need to build Cryptlib, obtain the source from
<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">http://www.cs.auckland.ac.nz/~pgut001/cryptlib/</a> - Cryptkit was built
against Cryptlib 3.11 and won't work with earlier versions because
of API differences.

Firstly, decide if you want a threaded or non-threaded build.
Cryptkit works with both, but if you use threaded you'll need to
be careful you use a threaded Tcl interpreter when using the resulting
Cryptkit package.

As per the Cryptlib build instructions, to disable threads add
"-DNO_THREADS" to the CFLAGS definition. Also check the other
platform specific settings.

Then build the static library and copy it or link it to the Cryptkit directory.

Testing Cryptkit
----------------

There is a single tcltest script that should be used to first test Cryptkit.

    $ tclkit cryptkit.test
    ++++ 0 PASSED
    ++++ num-1 PASSED
    ++++ num-2 PASSED
    ++++ num-3 PASSED
    ++++ num-4 PASSED
    ++++ num-5 PASSED
    ++++ num-6 PASSED
    ++++ num-7 PASSED
    ++++ num-8 PASSED
    ++++ num-9 PASSED
    ++++ num-10 PASSED
    ++++ num-11 PASSED
    ++++ num-12 PASSED
    ++++ num-13 PASSED
    ++++ num-14 PASSED
    ++++ num-15 PASSED
    ++++ num-16 PASSED
    ++++ num-17 PASSED
    ++++ text-1 PASSED
    ++++ text-2 PASSED
    ++++ text-3 PASSED
    ++++ text-4 PASSED
    ++++ text-5 PASSED
    ++++ text-6 PASSED
    ++++ text-7 PASSED
    ++++ text-8 PASSED
    ++++ text-9 PASSED
    ++++ text-10 PASSED
    ++++ text-11 PASSED
    ++++ text-12 PASSED
    ++++ text-13 PASSED
    ++++ text-14 PASSED
    ++++ text-15 PASSED
    ++++ text-16 PASSED
    ++++ text-17 PASSED
    cryptkit.test:    Total    35    Passed    35    Skipped    0    Failed    0

If this succeeds, there are some other tests that have been
transliterated from the Python tests in CryptlibConverter
(<a href="http://trevp.net/cryptlibConverter">http://trevp.net/cryptlibConverter</a>)

    test1   create key pair and certificate
    test2   test TLS server and client
    test3   test signing and encrypting a message
    test4   test various ciphers
    test5   test Cryptlib introspection

The drivers for each of these are stored in test1.tcl through
test5.tcl. They each source test.tcl, where the body of the test
code resides.

You might want to peruse each of these to familiarise yourself with
how Cryptkit works.

Test1 is straightforward to run

    $ tclkit test1.tcl
    Generating key pair and cert for ca
    Generating key pair and cert for webServer
    Generating key pair and cert for codeSigner

Test2 needs two processes to run.

First, start the TLS server process. For the purposes of this test
program, it listens on port 2000 rather than the default SSL port
(which is privileged).

    $ tclkit test2.tcl
    Generating temporary key pairs and certs
    Waiting for client...

Then, from another window start the client process

    $ tclkit test2.tcl client
    Generating temporary key pairs and certs
    Sent 10 MB over TLS 1.0 with 3DES in 3 seconds
    Session closed...

The server process will also terminate when the client exits. By
default the client will connect to the local host - if you want to
test between two machines you'll need to edit the test2.tcl script.

Test3 doesn't yet work correctly - it was originally written for
Cryptlib 3.1 and hasn't yet been correctly converted

    $ tclkit test3.tcl
    Generating temporary key pairs and certs
    Signing message
    Encrypting message
    Decrypting message
    CRYPT_ENVELOPE_RESOURCE
        while executing
    "cryptPopData $e buffer $bufsize bytesCopied"
        (procedure "testCMS" line 68)
        invoked from within
    "testCMS"
        (file "test3.tcl" line 13)

Test4 is straight forward

    $ tclkit test4.tcl
    CRYPT_ALGO_HMAC_SHA 10 Mb in 1 seconds
    CRYPT_ALGO_RC4 10 Mb in 1 seconds
    CRYPT_ALGO_AES 10 Mb in 2 seconds
    CRYPT_ALGO_AES 10 Mb in 2 seconds
    CRYPT_ALGO_3DES 10 Mb in 5 seconds

Likewise test5

    $ tclkit test5.tcl
    AES capabilities:
    algoName = AES
    blockSize = 16
    minKeySize = 16
    keySize = 16
    maxKeySize = 32
    Signature Properties:
    objectType = CRYPT_MODE_OFB
    cryptAlgo = CRYPT_ALGO_DSA
    cryptMode = CRYPT_MODE_NONE
    hashAlgo = CRYPT_ALGO_SHA
    salt =
    The signature validates correctly!
    Exported Key Properties:
    objectType = CRYPT_MODE_ECB
    cryptAlgo = CRYPT_MODE_CBC
    cryptMode = CRYPT_MODE_CBC
    hashAlgo = CRYPT_MODE_NONE
    salt = this is salt sdfsdf

Documentation
-------------

At this stage the best documentation is the Cryptlib manual available
from the Cryptlib web site.

Cryptkit follows the C API, with one significant exception - any
"length" argument to the C API should be omitted, since the length
of string arguments (both char* and void*) to the C API will be
obtained from the corresponding Tcl objects.

This applies to the following procedures and arguments in the C API

      AddCertExtension    extensionLength
      CheckSignature      signatureLength
      CheckSignatureEx    signatureLength
      CreateSignature     signatureMaxlength
      CreateSignatureEx   signatureMaxlength
      Decrypt             length
      Encrypt             length
      ExportCert          certObjectMaxlength
      ExportKey           encryptedKeyMaxlength
      ExportKeyEx         encryptedKeyMaxlength
      GetCertExtension    extensionMaxlength
      ImportKey           encryptedKeyLength
      PushData            length
      SetAttributeString  valueLength

}

# $Id: README,v 1.2 2004/12/17 05:15:56 steve Exp $

첨부 파일파일 크기
Binary Data cryptkit.tar.gz33.8 KB