#!/usr/bin/perl -w
############
# Cryptomatic
# by Richard Still (oakbox.com)
############
# (C) 2001 oakbox.com This program is freeware and may
# be used at no cost to you (just leave this notice intact).
# Feel free to modify, hack, and play with this script.
# No guarantees about the utility of this script for any particular
# purpose!
############
# This should be placed on a web site with SSL enabled.
# see bottom for more comments :)
use CGI::Carp qw(fatalsToBrowser);
use MD5;
use strict;
my ($message, $temp, $key, $content, $item, @pairs);
my %fields;
# accept input from user and decode variables
read(STDIN,$temp,$ENV{'CONTENT_LENGTH'});
@pairs=split(/&/,$temp);
foreach $item(@pairs)
{
($key,$content)=split(/=/,$item,2);
$content=~tr/+/ /;
$content =~ s///g;
$content=~s/%(..)/pack("c",hex($1))/ge;
$fields{$key}=$content;
}
if($fields{'action'} eq ""){&firstscreen; &shellout; exit;}
if($fields{'action'} eq "encoder"){&hexhex; &firstscreen; &shellout; exit;}
if($fields{'action'} eq "decoder"){&ghex; &firstscreen; &shellout; exit;}
sub hexhex {
my $pad_text = MD5->hexhash($fields{'seeder'});
# pad this key against the incoming text
my $ciphered = &pad_it($fields{'textinput'},$pad_text);
# hex the content so that it can travel through a 6-bit connection
$ciphered = unpack("h*",$ciphered);
# grab a checksum based on this hexed string
my $checksum = MD5->hexhash($ciphered);
# modify it a little so that it looks good in the browser
$ciphered =~ s/(\S{50})/$1
/mg;
$message.="
Cipher: $ciphered checksum: $checksum |
Email both of the above codes to your intended recipient. They can DECODE this by coming back to this form and entering these codes in the 'decode' area below. Your recipient has to know your secret 'seed' to unlock this message. DO NOT communicate this seed in your email or in any clear-channel way. |
\n";} # remove the hex encoding my $ciphered=pack("h*",$fields{'textinput'}); # now we pad our key against our text my $content = &pad_it($ciphered,$pad_text); $message.=" Your decoded text:
$content |
Send your message securely over the internet! This particular implementation is meant FOR DEMONSTATION PORPOISES ONLY. To be genuinely secure, this form must be placed behind an SSL browser connection (https://). Your recipient must know the secret 'seed' you use to encrypt your message. Without it, your message remains a meaningless jumble.
During Encryption, I take your 'seed', which should be a random jumble of letters and numbers (think 'password'), and encrypt that using MD5 encryption. That produces a string of letters and number that I use as a one time pad against the text of your message. As a last step, I put everything into hexcode so that you can copy and paste it into an email message. A checksum is produced from this hexcode so that your recipient knows that they received an unaltered message.
To decode a message, you need three pieces of info. The encoded text, the checksum (to verify the encoded text is unaltered) and the 'seed' code.
Written by Richard Still at Oakbox.com
© 2001. There are NO guarantees about the utility of this script
for any particular purpose!
Thanks to Kurt Kincaid, author of
Crypt-OTP module (available on CPAN), for his OTP code!);
}
sub shellout {
print "Content-type: text/html\n\n";
print<<_TTT_;