This is Crypt::CBC, a Perl-only implementation of the cryptographic cipher block chaining mode (CBC). In combination with a block cipher such as Crypt::DES or Crypt::IDEA, you can encrypt and decrypt messages of arbitrarily long length. The encrypted messages are compatible with the encryption format used by B. IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly using 8 byte IVs when generating the old-style RandomIV style header (as opposed to the new-style random salt header). This affects the Rijndael algorithm, which has a 16 byte blocksize. The bug has been corrected in versions 2.17 and higher, but in order to read legacy encrypted data, you will have to pass the B<-legacy_iv> option to new() using a true value. Prerequisites ------------- In addition to this module you will need to install the MD5 module, and one or more of: Crypt::DES, Crypt::DES_EDE3, Crypt::IDEA, Crypt::Blowfish, or Crypt::Rijndael modules. 1. Digest::MD5 Required for key and iteration vector generation. 2. Crypt::DES Required for the DES encryption algorithm. 3. Crypt::DES_EDE3 Required for the triple DES encryption algorithm in Encrypt Decrypt Encrypt mode. Note, this depends on Crypt::DES. 4. Crypt::IDEA Required for the IDEA encryption algorithm. 5. Crypt::Blowfish Required for the Blowfish encryption algorithm. 6. Crypt::Blowfish_PP Required for the Blowfish_PP encryption algorithm. 7. Crypt::Rijndael Required for the Rijndael/AES encryption algorithm. You can find these modules on a CPAN server near you! Unfortunately, Crypt::TripleDES does not work with this module, owing to the fact that it does not follow the same API as the other Crypt::* modules. Please write to TripleDES's author, Vipul Ved Prakash and ask him to fix this. Installing Crypt::CBC --------------------- The rest is easy 1. perl Makefile.PL 2. make 3. make test 4. make install Versions 1.22 and greater generate a random initialization vector, rather than generating one based on the key. Not only is this much more secure, but it maintains compatibility with the current version of OpenSSL, which does the same thing as of version 0.9.5. For backwards compatibility, messages encrypted with older versions of Crypt::CBC can be decrypted with the newer version. The reverse is not true -- the beginning messages encrypted by the new version and decrypted by the old may be contaminated with "junk". Lincoln D. Stein lstein@cshl.org