- Supported ciphers: AES, DES, 3DES, Blowfish, Twofish, RC5, RC6, Arcfour (RC4)
- Supported hash functions: MD4, MD5, SHA1, SHA256, Tiger, Adler32, CRC32 (also supports tree hashes)
- RFC 2104 HMACs and RFC 4493 CMACs
- Public key schemes: DSA signing and verification
- Key derivation functions: PBKDF1, PBKDF2 (RFC 2898)
The Ironclad homepage and package documentation can be found at:
http://method-combination.net/lisp/ironclad/
Ironclad can be downloaded from:
ASDF-install package (obsolete) http://www.method-combination.net/lisp/files/ironclad.tar.gz
An ASDF package-definition file is included, and the current release should be ASDF-installable.
The SHA-1 and SHA-256 hash functions do not work under CLISP versions earlier than 2.34. Please upgrade your CLISP installation. (The failures are related to CLISP's handling of (LOOP ... FINALLY ...).)
Ironclad is distributed under a liberal X11/MIT-like license.
Debian package
Ironclad has been packaged for Debian. You can just apt-get install it.
The latest Debian package sources can be found among the CL-Debian repositories.
Note however that the Debian package lacks some cryptographic algorithms, removed due to patent issues. More information here.
Using Ironclad
Tell us how you are using Ironclad:
- To encrypt passwords for a web site, for that I created the following function:
(defun hash-password (password)
(ironclad:byte-array-to-hex-string
(ironclad:digest-sequence
:sha256
(ironclad:ascii-string-to-byte-array password))))
(push "/home/mcarter/ironclad_0.20.1/" asdf:*central-registry*) ;or something similar
(asdf:oos 'asdf:load-op 'ironclad)
(defun cipher-example (message password)
(let* ((iv (ironclad:ascii-string-to-byte-array password))
(cipher (ironclad:make-cipher :blowfish :mode :ecb :key iv)))
(setf message (ironclad:ascii-string-to-byte-array message))
(format t "original message as bytes:~A~%" message)
(ironclad:encrypt-in-place cipher message)
(format t "encrypted message as bytes:~A~%" message)
(ironclad:decrypt-in-place cipher message)
;; convert the message back to a string
(setf message (coerce message 'list))
(setf message (mapcar #'code-char message))
(setf message (coerce message 'string))
(format t "your original message was:*~A*~%" message)))
* (cipher-example "ironclad is a way of encrypting and decrypting messages" "my password")
original message as bytes:#(105 114 111 110 99 108 97 100 32 105 115 32 97 32
119 97 121 32 111 102 32 101 110 99 114 121 112
116 105 110 103 32 97 110 100 32 100 101 99 114
121 112 116 105 110 103 32 109 101 115 115 97 103
101 115)
encrypted message as bytes:#(206 106 66 158 68 233 4 198 157 196 72 39 13 110
140 102 0 27 7 177 80 46 144 203 187 69 89 95 208
51 206 149 172 158 127 210 90 210 19 240 224 252
137 13 19 206 188 20 101 115 115 97 103 101 115)
your original message was:*ironclad is a way of encrypting and decrypting messages*
NIL(ql:quickload :ironclad)
(defun get-cipher (key) (ironclad:make-cipher :blowfish :mode :ecb :key (ironclad:ascii-string-to-byte-array key)))
(defun encrypt (plaintext key)
(let ((cipher (get-cipher key))
(msg (ironclad:ascii-string-to-byte-array plaintext)))
(ironclad:encrypt-in-place cipher msg)
(ironclad:octets-to-integer msg)))
(defun decrypt (ciphertext-int key)
(let ((cipher (get-cipher key))
(msg (ironclad:integer-to-octets ciphertext-int)))
(ironclad:decrypt-in-place cipher msg)
(coerce (mapcar #'code-char (coerce msg 'list)) 'string)))
* (defvar test (encrypt "A simple test message" "pass"))
TEST
* test
369463901797626567104213850270827601164336028018533
* (decrypt test "pass")
"A simple test message"