Crypto

Cryptography

OCamlnet-4 does not include any implementations of cryptographic ciphers or hashes. It does, however, include a binding to GnuTLS and GNU Nettle, providing cryptography, and it defines a number of helper functions to use cryptography efficiently.

Before OCamlnet-4, some modules used Xavier Leroy's Cryptokit. This dependency is gone now.

Cryptography providers

Like for TLS (see Tls), first-class modules are used to modularize the provider of the crypto functions:

There are default providers:

If not initialized, these providers are empty, i.e. the lists of available ciphers and digests are empty. This can be changed by initializing a provider. So far, there is only GnuTLS/Nettle, and you can enable this by

Using cryptography

It is not advised to call any functions of the providers directly: the API is not yet stable, and may change, and there are some inconveniences in the buffer management. Instead, use the following functionality:

Examples

Encrypt a string s with AES-128 in CBC mode and length-style padding:

let key = "0123456789abcdef"
let iv = "0123456789abcdef"
let cipher = Netsys_ciphers.find ("AES-128", "CBC")
let ctx = cipher # create key `Length
let () = ctx # set_iv iv
let s_enc = ctx # encrypt_string s

Compute the SHA1 digest of a string s:

let digest = Netsys_digests.find "SHA1-160"
let ctx = digest # create()
let () = ctx # add_substring s 0 (String.length s)
let result = ctx # finish()

Supported ciphers

If using nettls-gnutls as provider, you can normally expect:

All ciphers are supported in ECB, CBC, CTR, and OFB modes.

If using a recent version of GnuTLS/Nettls:

Supported digests

If using nettls-gnutls as provider, you can normally expect:

If using a recent version of GnuTLS/Nettls:

Supported public key ciphers

You can normally use for encryption:

You can use for signing:

Currently, there isn't an interface for key agreement yet, so all Diffie-Hellman variants are out of reach at the moment.