marcmo | 24 Aug 14:47 2012
Picon

haskell cryptogaphic libraries


In my day job I currently need to deal with a lot of cryptographic processing. For the tests I need to perform various cryptographic functions in haskell.
these include:

* AES Encryption/Decryption (CBC-Mode)
* RSA Public Key Encryption/Decryption
* Certificate Handling

I'm having some difficulties finding the libraries to use and using them correctly.
Performance is not my primary concern...rather correctness and ease of use.

Haskell has some great cryptographic libs but for me it seems hard to judge what to use. The ones that seem appropriate are:

* The AES package (for symmetric encryption)
* The RSA package (for public key cryptography)

certificate handling is s.th. I haven't found out about

* how to deal with Certificates (e.g. extract the public key from X.509 certificates)


is there a recommended package (packages) that suite my purpose?

thnx



_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Nils Schweinsberg | 24 Aug 15:00 2012
Picon

Re: haskell cryptogaphic libraries

Am 24.08.2012 14:47, schrieb marcmo:
> * AES Encryption/Decryption (CBC-Mode)

For AES there is the "SimpleAES" package[1] which is super easy to use:

> import qualified Data.ByteString      as BS
> import           Data.ByteString.Lazy as BL
> 
> import Codec.Crypto.SimpleAES
> 
> key :: IO Key
> key = BS.readFile "key"
> 
> encrypt :: ByteString -> IO ByteString
> encrypt bs = do
>   k <- key
>   encryptMsg CBC k bs
> 
> decrypt :: ByteString -> IO ByteString
> decrypt bs = do
>   k <- key
>   return $ decryptMsg CBC k bs

(note that the key is a strict ByteString while the encrypted/decrypted
data is lazy)

[1]: http://hackage.haskell.org/package/SimpleAES
marcmo | 24 Aug 17:22 2012
Picon

Re: haskell cryptogaphic libraries

indeed a very simple solution for AES!

On Friday, August 24, 2012 3:00:06 PM UTC+2, Nils Schweinsberg wrote:

Am 24.08.2012 14:47, schrieb marcmo:
> * AES Encryption/Decryption (CBC-Mode)

For AES there is the "SimpleAES" package[1] which is super easy to use:

> import qualified Data.ByteString      as BS
> import           Data.ByteString.Lazy as BL
>
> import Codec.Crypto.SimpleAES
>
> key :: IO Key
> key = BS.readFile "key"
>
> encrypt :: ByteString -> IO ByteString
> encrypt bs = do
>   k <- key
>   encryptMsg CBC k bs
>
> decrypt :: ByteString -> IO ByteString
> decrypt bs = do
>   k <- key
>   return $ decryptMsg CBC k bs

(note that the key is a strict ByteString while the encrypted/decrypted
data is lazy)

[1]: http://hackage.haskell.org/package/SimpleAES

_______________________________________________
Haskell-Cafe mailing list
Haskel... <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Vincent Hanquez | 24 Aug 15:31 2012

Re: haskell cryptogaphic libraries

On 08/24/2012 01:47 PM, marcmo wrote:
>
> In my day job I currently need to deal with a lot of cryptographic processing. 
> For the tests I need to perform various cryptographic functions in haskell.
> these include:
>
> * AES Encryption/Decryption (CBC-Mode)
> * RSA Public Key Encryption/Decryption
> * Certificate Handling
>
> I'm having some difficulties finding the libraries to use and using them 
> correctly.
> Performance is /not/ my primary concern...rather *correctness* and*ease of use*.
>
> Haskell has some great cryptographic libs but for me it seems hard to judge 
> what to use. The ones that seem appropriate are:
>
> * The AES package (for symmetric encryption)
> * The RSA package (for public key cryptography)
>
> certificate handling is s.th. I haven't found out about
>
> * how to deal with Certificates (e.g. extract the public key from X.509 
> certificates)
>
>
> is there a recommended package (packages) that suite my purpose?
>
Hi,

[this is going to a be shameless self advertising reply :) ...]

for AES, i'ld recommend you to read a recent post of mine "building a better 
haskell aes" [1].
for RSA, to have something compatible my next suggestion for x509, you got 
either RSA or cryptocipher [2].
for X509, everything you need is available in the certificate package [3]

While you mentioned performance is not your primary concern, I found that even 
with medium use of crypto it becomes a significant bottleneck when using some 
well established implementations.

[1] http://tab.snarc.org/posts/haskell/2012-07-07-building-a-better-haskell-aes.html
[2] http://hackage.haskell.org/package/cryptocipher
[3] http://hackage.haskell.org/package/certificate

--

-- 
Vincent
marcmo | 24 Aug 17:20 2012
Picon

Re: haskell cryptogaphic libraries

You have done quite some work on the crypto front...cool!

since you are the owner of cryptocipher and your new package cipher-aes:
is cryptocipher now deprecated?

the certificate library fits my needs perfectly!

so my current setup includes:
cipher-aes (AES), by Vincent Hanquez
certificate (for X509 certificates), by Vincent Hanquez
The RSA package (RSA public key crypto), by Adam Wick, depends on The crypto-pubkey-types package by Vincent Hanquez

so let's just hope you stick around for some time Vince, my code now fully depends on you ;)



On Friday, August 24, 2012 3:31:45 PM UTC+2, Vincent Hanquez wrote:On 08/24/2012 01:47 PM, marcmo wrote:
>
> In my day job I currently need to deal with a lot of cryptographic processing.
> For the tests I need to perform various cryptographic functions in haskell.
> these include:
>
> * AES Encryption/Decryption (CBC-Mode)
> * RSA Public Key Encryption/Decryption
> * Certificate Handling
>
> I'm having some difficulties finding the libraries to use and using them
> correctly.
> Performance is /not/ my primary concern...rather *correctness* and*ease of use*.
>
> Haskell has some great cryptographic libs but for me it seems hard to judge
> what to use. The ones that seem appropriate are:
>
> * The AES package (for symmetric encryption)
> * The RSA package (for public key cryptography)
>
> certificate handling is s.th. I haven't found out about
>
> * how to deal with Certificates (e.g. extract the public key from X.509
> certificates)
>
>
> is there a recommended package (packages) that suite my purpose?
>
Hi,

[this is going to a be shameless self advertising reply :) ...]

for AES, i'ld recommend you to read a recent post of mine "building a better
haskell aes" [1].
for RSA, to have something compatible my next suggestion for x509, you got
either RSA or cryptocipher [2].
for X509, everything you need is available in the certificate package [3]

While you mentioned performance is not your primary concern, I found that even
with medium use of crypto it becomes a significant bottleneck when using some
well established implementations.

[1] http://tab.snarc.org/posts/haskell/2012-07-07-building-a-better-haskell-aes.html
[2] http://hackage.haskell.org/package/cryptocipher
[3] http://hackage.haskell.org/package/certificate

--
Vincent

_______________________________________________
Haskell-Cafe mailing list
Haskel... <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe <at> haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
Vincent Hanquez | 25 Aug 09:45 2012

Re: haskell cryptogaphic libraries

On 08/24/2012 04:20 PM, marcmo wrote:
> You have done quite some work on the crypto front...cool!
>
> since you are the owner of cryptocipher and your new package cipher-aes:
> is cryptocipher now deprecated?

cryptocipher itself is not deprecated as it contains much more than just AES.
The haskell AES will probably going to be replaced by a stub layer to call into 
cipher-aes, and i'm also mulling splitting the package into many per-feature 
packages with cryptocipher binding them together, but it should affect any users.

> the certificate library fits my needs perfectly!
> <snip>
> so let's just hope you stick around for some time Vince, my code now fully 
> depends on you ;)

Well i have no plan to go anywhere and want to bring the tls stack to 
completion; although it's only on my free time for now..

--

-- 
Vincent

Gmane