
AOLserver encryption Module
--------------------------

This module *REQUIRES* OpenSSL 0.9.6 or higher.


Purpose
------------------
I wrote this for encrypting customer and credit card information.
The idea is that the publicly accessable server would encrypt
using the public key, and another private server would be able
to decrypt it using the private key.  For security, the private 
key is NEVER stored on the public server.


Feature Highlights
------------------

 * Strong RSA cryptography.
 * Support for AES, Blowfish, Cast5, IDEA and Triple DES ciphers.
 * Open Source software (AOLserver Public License or GPL).
 * Useable for both commercial and non-commercial use.


Theory
------------------
User data is encrypted with a unique one time session key.  Key size 
is either fixed or variable, depending on the cipher used.  The 
session key is then encrypted with the provided RSA public or private 
key.  Ciphertext is returned BASE64 encoded.


Compiling the code
------------------

To compile this code, just type:

make


Configuration Options
---------------------

ns_section "ns/server/${servername}/module/nsencrypt"
ns_param  PubKeyFile       pubkey.pem
ns_param  PrivKeyFile      privkey.pem

ns_section "ns/server/${servername}/modules"
ns_param nsencrypt    ${bindir}/nsencrypt.${ext}


Configuration Notes
-------------------

Create your private and public keys using the openssl command line:

 openssl genrsa -out privkey.pem 2048
 openssl rsa -in privkey.pem -pubout -out pubkey.pem

It is recommended that you do not use less than 2048 bits for your
RSA private key.  This needs to match RSAKEYLEN in nsencrypt.c

WARNING: Never put your private key on a publicly accessable server.


Usage
----------------------

	set ciphertext [ns_encrypt "This is some text to encrypt"]
	set plaintext [ns_decrypt $ciphertext]


Tcl Interface Commands
----------------------

================================================================================

NAME 

	ns_encrypt - returns ciphertext from plaintext.

SYNOPSIS

	ns_encrypt -blowfish -3des -cast5 -idea -keysize -public -private plaintext

DESCRIPTION

	Encrypts the characters given by plaintext and returns ciphertext.

	-blowfish   Use blowfish cipher. (default)
	-3des       Use Triple DES cipher.
	-cast5      Use CAST5 cipher.
	-idea       Use IDEA cipher.
	-keyfile    Use public/private RSA key file other than configured.
	-keysize    Set key size in bits.
	-public     Use public key for encryption.   (default)
	-private    Use private key for encryption.
	plaintext   Plain ASCII text to encrypt.

	Keysizes available:
		AES:      128, 192, 256 bits (128 default)
		Blowfish: 64 to 448 in 8 bit increments (128 default)
		CAST5:    40 to 128 in 8 bit increments (128 default)
		3DES:     168 bits (168 default)
		IDEA:     128 bits (128 default)

RETURNS:

	BASE64 encoded Ciphertext

================================================================================

NAME 

	ns_decrypt - returns plaintext from ciphertext.

SYNOPSIS

	ns_decrypt -public -private -keyfile ciphertext

DESCRIPTION

	Decrypts the BASE64 ciphertext and returns plaintext.

	-public     Use public key for decryption.   (default)
	-private    Use private key for decryption.
	-keyfile    Use public/private RSA key file other than configured.
	ciphertext  BASE64 encoded ciphertext to unencrypt.

RETURNS:

	Plaintext

================================================================================


Copyright Notices
-----------------

This software is copyrighted by Daniel P. Stasinski.  It is
distributed under the AOLserver Public License. See the file
license.txt for more information.

This product includes software developed by the OpenSSL Project for
use in the OpenSSL Toolkit. (http://www.openssl.org/)

This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com).


Related Links
-------------

  http://www.aolserver.com      AOLserver homepage
  http://www.openssl.org        OpenSSL toolkit homepage
  http://www.scriptkitties.com  Information on this module


Contact
-------------

Contact: daniel@avenues.org
