zeitform Internet Dienste      

[Inhalt] -> [Crypt]

[info]


           

Crypt: Verschlüsselungsmethoden


Texte symetrisch verschlüsseln

Das zentrale Modul zur einfachen Verschlüsselung von Texten beliebiger Länge ist Crypt::CBC. Es implementiert Cipher Block Chaining für verschiedene Verschlüsselungsalgorithmen wie z.B.:

Algorithmus

Perl-Modul

Blowfish

Crypt::Blowfish

DES

Crypt::DES

IDEA

Crypt::IDEA

TEA

Crypt::TEA

Twofish

Crypt::Twofish

Die Verschlüsselung nutzt die Methode encrypt().

   use Crypt::CBC;

   my $key = "some key";
   my $plaintext = "some secret text";

   my $encryption_method = "Blowfish"; # or any other supported method

   my $cipher = new Crypt::CBC($key, $encryption_method);
   my $ciphertext = $cipher->encrypt($plaintext);

Analog wird über die Methode decrypt entschlüsselt.

   my $cipher = new Crypt::CBC($key, $encryption_method);
   my $plaintext = $cipher->decrypt($ciphertext);

Seitenanfang


MD5-Digest für APOP-Authentisierung

APOP-Authentisierung verwendet statt Benutzerkennung/Paßwort einen MD5-Digest aus dem POP3-Datumsstempel und dem Benutzerpaßwort.

Das folgende Perl-Skript berechnet die Prüfsumme für eine APOP-Authentisierung:

   #!/usr/bin/perl -w 
   use Digest::MD5  qw(md5_hex); 
 
   my $stamp = '<1017.997873531@mail.zf2.de>'; 
   my $secret = 'geheimes_passwort'; 

   print md5_hex($stamp . $secret);  # fb66767976cd0c6749bdd072964f5663 

Weitere Dateils zu APOP, POP3 und SMTP_AUTH unter http://webmail.zf2.de/technik.html.

Seitenanfang


Perl-Modul für SMTP-Authentisierung

Das Perl-Module Net::SMTP bietet ein komfortables Interface zum Versenden von Emails über SMTP. Es beinhaltet jedoch zum gegenwärtigen Zeitpunkt keine Unterstützung für SMTP_AUTH. Die hier vorgestellte Erweiterung bietet eine Unterstützung der Authentisierungstypen "PLAIN", "LOGIN" und "CRAM-MD5" und kann leicht für andere Typen erweitert werden.

  # Net::SMTP_auth.pm
  #
  # alex pleiner 2001,2003 zeitform Internet Dienste
  # thanks to Graham Barr  for Net::SMTP
  # This program is free software; you can redistribute it and/or
  # modify it under the same terms as Perl itself.

  package Net::SMTP_auth;

  require 5.001;

  use strict;
  use vars qw($VERSION @ISA);
  use Socket 1.3;
  use Carp;
  use IO::Socket;
  use Net::Cmd;
  use Net::Config;
  use Net::SMTP;
  use MIME::Base64;
  use Digest::HMAC_MD5 qw(hmac_md5_hex);

  $VERSION = "0.04";

  @ISA = qw(Net::SMTP);

  # all other method taken from Net::SMTP

  sub auth_types {
    my $me = shift;
 
    if (exists ${*$me}{'net_smtp_esmtp'}) {
 
      my $esmtp = ${*$me}{'net_smtp_esmtp'};

      if(exists $esmtp->{AUTH}) {
        return $esmtp->{AUTH};
      }
    }
    return;
  }

  sub auth {
    my $me = shift;
    my $auth_type = shift ||
         carp 'Net::SMTP_auth: missing argument "auth_type" to method "auth"';
    my $user = shift;
    my $pass = shift;

    ## go for auth login
    if (uc($auth_type) eq "LOGIN") {
      $me->_AUTH("LOGIN");
      if ( $me->code() == 334 ) {
        my $encoded_user = encode_base64($user); chomp $encoded_user;
        $me->command($encoded_user)->response();
        if ( $me->code() == 334 ) {
          my $encoded_pass = encode_base64($pass); chomp $encoded_pass;
          $me->command($encoded_pass)->response(); 
          if ( $me->code() == 235 ) {
           return 1;
          }
        }
      }

      return;

    ## go for auth cram-md5
    } elsif (uc($auth_type) eq "CRAM-MD5") { 
      $me->_AUTH("CRAM-MD5");
      if ( $me->code() == 334 ) {
        my $stamp = $me->message;
        my $hmac = hmac_md5_hex(decode_base64($stamp), $pass);
        my $answer = encode_base64($user . " " . $hmac); $answer =~ s/\n//g;
        $me->command($answer)->response();
        if ( $me->code() == 235 ) {
          return 1;
        }
      }

      return;

    ## go for auth plain
    } elsif (uc($auth_type) eq "PLAIN") {
      $me->_AUTH("PLAIN");
      if ( $me->code() == 334 ) {
        my $string = encode_base64("\000$user\000$pass"); $string =~ s/\n//g;
        $me->command($string)->response();
        if ( $me->code() == 235 ) {
          return 1;
        }
      }

      return;

    ## other auth methods not supported
    } else {
      carp "Net::SMTP_auth: authentication type \"$auth_type\" not supported";
      return;
    }
  
  }


  sub _AUTH { shift->command("AUTH", @_)->response()  == CMD_OK } 

  1;


__END__

=head1 NAME

Net::SMTP_auth - Simple Mail Transfer Protocol Client with AUTHentication

=head1 SYNOPSIS

    use Net::SMTP_auth;

    # Constructors
    $smtp = Net::SMTP_auth->new('mailhost');
    $smtp = Net::SMTP_auth->new('mailhost', Timeout => 60);

=head1 DESCRIPTION

This module implements a client interface to the SMTP and ESMTP
protocol AUTH service extension, enabling a perl5 application to talk 
to and authenticate against SMTP servers. This documentation assumes 
that you are familiar with the concepts of the SMTP protocol described 
in RFC821 and with the AUTH service extension described in RFC2554.

A new Net::SMTP_auth object must be created with the I<new> method. Once
this has been done, all SMTP commands are accessed through this object.

The Net::SMTP_auth class is a subclass of Net::SMTP, which itself is
a subclass of Net::Cmd and IO::Socket::INET.

=head1 EXAMPLES

This example authenticates via CRAM-MD5 and sends a small message to 
the postmaster at the SMTP server known as mailhost:

    #!/usr/bin/perl -w

    use Net::SMTP_auth;

    $smtp = Net::SMTP_auth->new('mailhost');
    $smtp->auth('CRAM-MD5', 'user', 'password');

    $smtp->mail($ENV{USER});
    $smtp->to('postmaster');

    $smtp->data();
    $smtp->datasend("To: postmaster\n");
    $smtp->datasend("\n");
    $smtp->datasend("A simple test message\n");
    $smtp->dataend();

    $smtp->quit;

=head1 CONSTRUCTOR

=over 4

=item new Net::SMTP_auth [ HOST, ] [ OPTIONS ]

This is the constructor for a new Net::SMTP_auth object. It is
taken from Net::SMTP as all other methods (except I<auth> and 
I<auth_types>) are, too.

=head1 METHODS

Unless otherwise stated all methods return either a I<true> or I<false>
value, with I<true> meaning that the operation was a success. When a method
states that it returns a value, failure will be returned as I<undef> or an
empty list.

=over 4

=item auth_types ()

Returns the AUTH methods supported by the serarated
string. This string is exacly the line given by the SMTP server after
the C<EHLO> command containing the keyword C<AUTH>.

=item auth ( AUTH, USER, PASSWORD )

Authenticates the user C<USER> via the authentication method C<AUTH>
and the password C<PASSWORD>. Returns I<true> if successful and I<false>
if the authentication failed. Remember that the connection is not closed
if the authentication fails. You may issue a different authentication 
attempt. If you once are successfully authenticated, you cannot send
the C<AUTH> command again.

=back

=head1 SEE ALSO

L<Net::SMTP> and L<Net::Cmd>

=head1 AUTHOR

Alex Pleiner <alex@zeitform.de>, zeitform Internet Dienste.
Thanks to Graham Barr <gbarr@pobox.com> for Net::SMTP.

=head1 COPYRIGHT

Copyright (c) 2001,2003 zeitform Internet Dienste. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.

=cut

Seitenanfang


Zufälliges Passwort generieren

Auch ohne Crypt-Module zu verwenden kann unter Zuhilfenahme der rand()-Funktion ein einfaches Paßwort erzeugt werden:

   #!/usr/bin/perl -w 
   # lege einen Array mit Zeichen an (hier nur alphanumerische Zeichen, die
   # nicht leicht verwechselt werden koennen)
   my @chars = ( 'A'..'H', 'J'..'N', 'P'..'Z', 'a'..'k', 'm'..'z', 1..9 );

   my $length = $ARGV[0] || 8; # setze Laenge des Passwortes

   # generiere Passwort
   # $array[rand @array] liefert ein zufaelliges Element des Arrays @array
   my $password = "";

   foreach (1..$length) { $password .= $chars[rand @chars]; }

   print $password, "\n";

Seitenanfang


Links

Seitenanfang


Zusammengestellt von Alex Pleiner
© 2001 zeitform Internet Dienste   Bei Problemen wenden Sie sich bitte an den Webmaster
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1.