Ironclad
Ironclad is a Common Lisp Cryptography package; several block encryption algorithms and hash functions are included with the initial release. Its initial impetus was to unify several of the cryptographic packages for Common Lisp (such as the MD5 and SHA1 implementations floating around), but it aims at providing a cryptographic toolkit similar in scope to something like OpenSSL or Crypto++.

  • Supported ciphers: AES, DES, 3DES, Blowfish, Twofish, RC5, RC6, Arcfour (RC4)
  • Supported hash functions: MD4, MD5, SHA1, SHA256, Tiger, Adler32, CRC32 (also supports tree hashes)
  • RFC 2104 HMACs and RFC 4493 CMACs
  • Public key schemes: DSA signing and verification
  • Key derivation functions: PBKDF1, PBKDF2 (RFC 2898)
The Ironclad homepage and package documentation can be found at: https://github.com/sharplispers/ironclad

(Originally located at http://method-combination.net/lisp/ironclad/ and now maintained by sharplispers.)

The SHA-1 and SHA-256 hash functions do not work under CLISP versions earlier than 2.34. Please upgrade your CLISP installation. (The failures are related to CLISP's handling of (LOOP ... FINALLY ...).)

Ironclad is distributed under a liberal X11/MIT-like license.

Debian package

Ironclad has been packaged for Debian. You can just apt-get install it.

Using Ironclad

RSA With Ironclad—The Missing Manual is an article about using the RSA functionality that is currently implemented in Ironclad.

Tell us how you are using Ironclad:

  • To encrypt passwords for a web site, for that I created the following function:

    (defun hash-password (password)
      (ironclad:byte-array-to-hex-string 
       (ironclad:digest-sequence 
        :sha256
        (ironclad:ascii-string-to-byte-array password))))
  • Very simple example of encrypting and decrypting a message using the blowfish algorithm:

    (push "/home/mcarter/ironclad_0.20.1/" asdf:*central-registry*) ; or something similar
    (asdf:oos 'asdf:load-op 'ironclad)

    (defun cipher-example (message password) (let* ((iv (ironclad:ascii-string-to-byte-array password)) (cipher (ironclad:make-cipher :blowfish :mode :ecb :key iv))) (setf message (ironclad:ascii-string-to-byte-array message)) (format t "original message as bytes:~A~%" message) (ironclad:encrypt-in-place cipher message) (format t "encrypted message as bytes:~A~%" message) (ironclad:decrypt-in-place cipher message) ;; convert the message back to a string (setf message (coerce message 'list)) (setf message (mapcar #'code-char message)) (setf message (coerce message 'string)) (format t "your original message was:*~A*~%" message)))

    * (cipher-example "ironclad is a way of encrypting and decrypting messages" "my password")

    original message as bytes:#(105 114 111 110 99 108 97 100 32 105 115 32 97 32 119 97 121 32 111 102 32 101 110 99 114 121 112 116 105 110 103 32 97 110 100 32 100 101 99 114 121 112 116 105 110 103 32 109 101 115 115 97 103 101 115) encrypted message as bytes:#(206 106 66 158 68 233 4 198 157 196 72 39 13 110 140 102 0 27 7 177 80 46 144 203 187 69 89 95 208 51 206 149 172 158 127 210 90 210 19 240 224 252 137 13 19 206 188 20 101 115 115 97 103 101 115) your original message was:*ironclad is a way of encrypting and decrypting messages* NIL

  • A more functional (hopefully simpler) example

    (ql:quickload :ironclad)
    (defun get-cipher (key)
      (ironclad:make-cipher :blowfish
        :mode :ecb
        :key (ironclad:ascii-string-to-byte-array key)))

    (defun encrypt (plaintext key) (let ((cipher (get-cipher key)) (msg (ironclad:ascii-string-to-byte-array plaintext))) (ironclad:encrypt-in-place cipher msg) (ironclad:octets-to-integer msg)))

    (defun decrypt (ciphertext-int key) (let ((cipher (get-cipher key)) (msg (ironclad:integer-to-octets ciphertext-int))) (ironclad:decrypt-in-place cipher msg) (coerce (mapcar #'code-char (coerce msg 'list)) 'string)))

    * (defvar test (encrypt "A simple test message" "pass")) TEST

    * test 369463901797626567104213850270827601164336028018533

    * (decrypt test "pass") "A simple test message"