PrevTable of Contents Index Op Reference On Github Next 
 aa_macro syntax 
 aa_macro source 
 HTML source 
 HTML render 
Key

§ 4.40 - [encrypt] Built-In

Mnemonic aid: encrypt for ENCRYPT content

See also:  [decrypt] 

(Optionally re-) encrypts content (optionally from a hexadecimal block produced by a previous invocation of  [encrypt] ) into a hexadecimal block.

This encryption is asymmetrically reversible; therefore multiply encrypted content is not sensitive to order of decryption. It is useful to think of this as "multiple locks on a box"; you can put such locks on in any order, and take them off in any order.


[encrypt (mode=1,)(breakat=N,)(seed=N,)(icount=N,)(salt=string,)(again=1,)content]

The mode=1 option tells  [encrypt]  to use a more robust random number generator. Use of mode=1 is recommended. The mode option, if supplied, must be either 0 (which is also the default) or 1, and must match the mode used in the corresponding  [decrypt]  operation(s.)

The breakat=N option sets how many columns the result returns in. The default is 16 columns. This does not affect the encryption decoding or re-encoding, both of which only "see" sequences of hexadecimal digits.

In mode=0, the default mode, the seed=N option is a positive integer that affects the encryption encoding. The default is 1. In mode=1, the seed can be an integer or a string.

The icount=N option is a positive integer that affects the encryption encoding. The default is 1.

The salt=string option is a text string that affects the encryption encoding. The default is no salt.

The again=1 option allows for additional levels of encryption and decryption. This, in turn, is the the enabling mechanism which provides for double-locked box, or triple-exchange, two-party, non-public, non-shared, dual-key-based encryption. Here's how that works:

  1. Each party owns a lock with a unique key.
  2. Party one puts a message in a box locked by their own key
  3. Party one then sends the box to party two.
  4. Party two puts an additional lock on the box using their own key
  5. Party two then sends the box back to party one.
  6. Party one removes their lock on the box using their own key.
  7. Party one sends the box, now locked only by party two's key, back to party two.
  8. Party two removes their lock on the box using their own key: the contents are free.

As you can see from the above sequence, at no time does party one have party two's key, and at no time does party two have party one's key. In addition, the information in the box is never transferred in an unlocked (unencrypted) box.

Here's the sequence to use; p1=party one and p2=party two:

  1. p1 actions: oneLockedBox =  [encrypt seed=1234,message]  ==> (send to p2)
  2. p2 actions: twoLockedBox =  [encrypt again=1,seed=5678,oneLockedBox]  ==> (send back to p1)
  3. p1 actions: oneLockedBox =  [encrypt again=1,1234,twoLockedBox]  ==> (send back to p2)
  4. p2 actions: message =  [decrypt seed=5678,oneLockedBox] 
Tip: The trick to opaque encryption is to use a unique, secret seed and a long, unique, secret salt; encrypt; then encrypt using again=1 using a different seed and a different salt; repeat as many times as possible with different seeds and salts. In terms of the above double-locked-box approach, each party may (and should) use multiple levels of encryption to create their lock on the box.

The saltless examples on this page are demonstrations only. You should always use a long, unique salt.

Multiple levels of encryption are created when  [encrypt]  is used normally first, then with the again=1 parameter on each subsequent result.

Decrypting multiply-encrypted blocks is done by running  [encrypt]  with again=1 on all but the last result, in any order, and then running  [decrypt]  on the final result. Here's a three-level example demonstrating out-of order decryption:

  • result1 =  [encrypt seed=123,mystuff]  - first level of encryption
  • result2 =  [encrypt seed=456,again=1, result1]  - second level encryption
  • result3 =  [encrypt seed=789,again=1, result2]  - third level of encryption
  • ------------- at this point, result3 is triple encrypted -------------
  • result4 =  [encrypt seed=456,again=1,result3]  - first level of decryption
  • result5 =  [encrypt seed=123,again=1,result4]  - second level of decryption
  • mystuff =  [decrypt seed=789,result5]  - final level of decryption

[encrypt (mode=1,)(breakat=N,)(seed=N,)(icount=N,)(salt=string,)(again=1,)content]

[local z [encrypt simple usage]]
[v z]
[decrypt [v z]]

[local x [encrypt breakat=64,seed=19,icount=5,salt=meddling manatee,this is a silly test]]
[v x]
[decrypt seed=19,icount=5,salt=meddling manatee,[v x]]

Double-locked box, or "triple exchange" dual-non-public-key encryption:
1 [local unLockedBox secret message][v unLockedBox]
2 [local oneLockedBox [encrypt seed=1234,breakat=64,[v unLockedBox]]][v oneLockedBox]
3 [local twoLockedBox [encrypt again=1,seed=5678,breakat=64,[v oneLockedBox]]][v twoLockedBox]
4 [local oneLockedBoxB [encrypt again=1,seed=1234,breakat=64,[v twoLockedBox]]][v oneLockedBoxB]
5 [decrypt seed=5678,[v oneLockedBoxB]]

73696F7C5154D5B8
716F2D16
simple usage

223E677F9DAF2173BEF8CF11BEA206C444E0A575
this is a silly test

Double-locked box, or "triple exchange" dual-non-public-key encryption:
1 secret message
2 0B3FA7A5507E167D31D64945D2EC
3 21EB811AEDCA92EBDF7F19D70FB9
4 59B145CDD8C0A4FB8BDA23F3BA30
5 secret message
73696F7C5154D5B8 716F2D16 simple usage 223E677F9DAF2173BEF8CF11BEA206C444E0A575 this is a silly test Double-locked box, or "triple exchange" dual-non-public-key encryption: 1 secret message 2 0B3FA7A5507E167D31D64945D2EC 3 21EB811AEDCA92EBDF7F19D70FB9 4 59B145CDD8C0A4FB8BDA23F3BA30 5 secret message

Other built-ins used here:  [decrypt] ,  [local]  and  [v] 

Keyboard Navigation
, Previous Page . Next Page t TOC i Index
 PrevTable of Contents Index Op Reference On Github Next 

Valid HTML 4.01 Loose
 

This manual was generated with wtfm
wtfm uses aa_macro and SqLite
aa_macro uses Python 2.7