AOLserver encryption Module -------------------------- This module *REQUIRES* OpenSSL 0.9.6 or higher. Purpose ------------------ I wrote this for encrypting customer and credit card information. The idea is that the publicly accessible server would encrypt using the public key, and another private server would be able to decrypt it using the private key. For security, the private key is NEVER stored on the public server. Feature Highlights ------------------ * Strong RSA cryptography. * Support for AES, Blowfish, Cast5, IDEA and Triple DES ciphers. * Open Source software (AOLserver Public License or GPL). * Useable for both commercial and non-commercial use. Theory ------------------ User data is encrypted with a unique one time session key. Key size is either fixed or variable, depending on the cipher used. The session key is then encrypted with the provided RSA public or private key. Ciphertext is returned BASE64 encoded. Compiling the code ------------------ To compile this code, just type: $ make AOLSERVER=/path/to/aolserver OPENSSL=/path/to/openssl Configuration Options --------------------- ns_section "ns/server/${servername}/module/nsencrypt" ns_param PubKeyFile pubkey.pem ns_param PrivKeyFile privkey.pem ns_section "ns/server/${servername}/modules" ns_param nsencrypt ${bindir}/nsencrypt.${ext} Configuration Notes ------------------- Create your private and public keys using the openssl command line: $ openssl genrsa -out privkey.pem 2048 $ openssl rsa -in privkey.pem -pubout -out pubkey.pem It is recommended that you do not use less than 2048 bits for your RSA private key. This needs to match RSAKEYLEN in nsencrypt.c WARNING: Never put your private key on a publicly accessable server. Usage ---------------------- set ciphertext [ns_encrypt "This is some text to encrypt"] set plaintext [ns_decrypt $ciphertext] Tcl Interface Commands ---------------------- ================================================================================ NAME ns_encrypt - returns ciphertext from plaintext. SYNOPSIS ns_encrypt -blowfish -3des -cast5 -idea -keysize -public -private plaintext DESCRIPTION Encrypts the characters given by plaintext and returns ciphertext. -blowfish Use blowfish cipher. (default) -3des Use Triple DES cipher. -cast5 Use CAST5 cipher. -idea Use IDEA cipher. -keyfile Use public/private RSA key file other than configured. -keysize Set key size in bits. -public Use public key for encryption. (default) -private Use private key for encryption. plaintext Plain ASCII text to encrypt. Keysizes available: AES: 128, 192, 256 bits (128 default) Blowfish: 64 to 448 in 8 bit increments (128 default) CAST5: 40 to 128 in 8 bit increments (128 default) 3DES: 168 bits (168 default) IDEA: 128 bits (128 default) RETURNS: BASE64 encoded Ciphertext ================================================================================ NAME ns_decrypt - returns plaintext from ciphertext. SYNOPSIS ns_decrypt -public -private -keyfile ciphertext DESCRIPTION Decrypts the BASE64 ciphertext and returns plaintext. -public Use public key for decryption. (default) -private Use private key for decryption. -keyfile Use public/private RSA key file other than configured. ciphertext BASE64 encoded ciphertext to unencrypt. RETURNS: Plaintext ================================================================================ Copyright Notices ----------------- This software is copyrighted by Daniel P. Stasinski. It is distributed under the AOLserver Public License. See the file license.txt for more information. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/) This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). Related Links ------------- http://www.aolserver.com AOLserver homepage http://www.openssl.org OpenSSL toolkit homepage http://www.scriptkitties.com Information on this module Contact ------------- Contact: daniel@avenues.org