Encrypt

Encrypt["password",expr]

encrypts expr using the specified password, to give an encrypted object.

Encrypt[keyspec,expr]

encrypts expr using the cryptographic key specification keyspec.

Encrypt[expr]

interactively requests a password with which to encrypt expr.

Details and Options

  • Encrypt yields EncryptedObject[], suitable for decryption with Decrypt.
  • Encrypt[key,"string"] yields an EncryptedObject containing the encrypted version of the contents of the string as encoded in UTF-8.
  • Encrypt[key,ByteArray[]] yields an EncryptedObject containing the encrypted version of the raw bytes in the ByteArray object.
  • In a notebook interface, Encrypt[expr] generates a dialog box; in a textual interface it generates a textual prompt.
  • Encrypt has the following option:
  • MethodAutomaticdetails of encryption method
  • With the setting Methodassoc, the association assoc gives details of the encryption method to use.
  • The "Padding" element in the association assoc specifies the padding method to pad incomplete input blocks.
  • Encryption with a public key and decryption with a private key support the following padding methods: "PKCS1", "OAEP", "SSLV23", None.
  • Encryption with a private key and decryption with a public key support the following padding methods: "PKCS1", None.
  • The "PKCS1" padding method is used as a default.
  • For a general expression, Encrypt[key,expr] yields an EncryptedObject essentially containing an encrypted version of Compress[expr].
  • For RSA ciphers, the maximum length of data that can be encrypted is determined by the number of bytes in the modulus, and the padding mode, according to:
  • "PKCS1"<
    "SSLV23"<
    "OAEP"<
    None

Examples

open allclose all

Basic Examples  (3)

Encrypt a message with a password:

Show the raw encrypted form:

Decrypt with the password to get back the message:

Generate a key:

Encrypt using the key:

Generate public and private keys:

Encrypt using the public key:

Decrypt using the private key:

Alternatively, encrypt using the private key:

Now decrypt using the public key:

Scope  (2)

Encrypt any expression:

Byte arrays are encrypted literally, making them more easily usable with external programs:

Applications  (2)

Encrypt a message and save the ciphertext to a file:

Read back the contents of the file as bytes:

Compare with the original ciphertext:

Delete the temporary file:

Write simple cryptographic signing and verification functions:

Generate a pair of public and private keys:

Define an expression to sign:

Generate a signature:

Verify that the signature is authentic:

Verifying with another expression will fail:

Properties & Relations  (1)

The returned encrypted object stores all aspects of the encrypted result:

Extract the bytes in the ciphertext:

Extract the bytes in the initialization vector used for encryption:

Possible Issues  (3)

Encrypting using a password requires key derivation, which is intentionally slow:

You can avoid this by pre-generating a key:

The ciphertext may be a different length from the input:

Encryption with elliptic curve-based keys is not currently supported:

Introduced in 2015
 (10.1)
 |
Updated in 2019
 (12.0)
2020
 (12.1)