use Crypt::File::Valet; my $xr = Crypt::File::Valet->new($filename[, %options]); # Whole file slurping/unslurping with encryption/decryption: $str = $xr->rd; # slurp as a string of bytes $ok = $xr->wr($str); # unslurp string of bytes into file $ok = $xr->ap($str); # append bytes to end of file # Incremental file I/O with encryption/decryption: $str = $xr->readline; # return the next line of content $str = $xr->rd(42); # return the next 42 bytes of content $str = $xr->rd(42, 69); # return the 42 bytes starting at the 69th byte of content $ok = $xr->wr($str, 123); # write $str to file, starting at 123rd byte of content $loc = $xr->tell; # return current position in content # Hardening predictable content with a random prefix: # Given predictable content c, mix(c) = (random x, c xor digest(x)) # This would remove one opportunity for partial-knowledge-plaintext attacks on the cipher. $str = $xr->mix($c); # returns concatenation of x and c xor digest(x) $str = $xr->unmix($mixed); # given mix() output string, returns original c # File locking/unlocking: # Identical in semantics to File::Valet's lockafile and unlockafile, but with encrypted lockfiles $ok = $xr->lock; $ok = $xr->unlock; # Procedural interface: # These "our" variables provide for new()'s parameters when using procedural interface: %Crypt::File::Valet::CREDENTIALS_HASH = (key_sum => $h, sys_salt => $s); %Crypt::File::Valet::DIGEST_OBJ = $digest_object; # These are just convenience wrappers around new() and the corresponding methods: $str = rd_x($filename); $ok = wr_x($filename, $str); $ok = ap_x($filename, $str); $str = mix($c); $str = unmix($mixed); $ok = lock_x($filename); $ok = unlock_x($filename);
I am the author of File::Valet (https://metacpan.org/pod/File::Valet) and have need for a module with a similarly convenient way to perform I/O on encrypted files, so I'm writing one. The synopsis shows what I'd like it to look like, but it's not set in stone. The method and function names are chosen to be similar to those of File::Valet, but with "x" used instead of "f" to denote "encrypted" vs "file".
The module would use a caller-provided digest instance, hashed password string, and salt string to encrypt/decrypt the contents of files via a CTR cipher, with random padding before and after the file content, and a convenient way to harden predictable plaintext (via mix method).
When I came to PrePAN, the question I had in mind was "should this be named File::Crypt::Valet or Crypt::File::Valet?" but general comments and suggestions about the proposed module would be welcome as well.