Encrypt

Encrypt["password",expr]

encrypts expr using the specified password, to give an encrypted object.

Encrypt[keyspec,expr]

encrypts expr using the cryptographic key specification keyspec.

Encrypt[expr]

interactively requests a password with which to encrypt expr.

Details and Options

Encrypt yields EncryptedObject[…], suitable for decryption with Decrypt.
Encrypt[key,"string"] yields an EncryptedObject containing the encrypted version of the contents of the string as encoded in UTF-8.
Encrypt[key,ByteArray[…]] yields an EncryptedObject containing the encrypted version of the raw bytes in the ByteArray object.
In a notebook interface, Encrypt[expr] generates a dialog box; in a textual interface it generates a textual prompt.
Encrypt has the following option:
Method Automatic details of encryption method
With the setting Methodassoc, the association assoc gives details of the encryption method to use.
The "Padding" element in the association assoc specifies the padding method to pad incomplete input blocks.
Encryption with a public key and decryption with a private key support the following padding methods: "PKCS1", "OAEP", "SSLV23", None.
Encryption with a private key and decryption with a public key support the following padding methods: "PKCS1", None.
The "PKCS1" padding method is used as a default for asymmetric encryption.
For a general expression, Encrypt[key,expr] yields an EncryptedObject essentially containing an encrypted version of Compress[expr].
For RSA ciphers, the maximum length of data that can be encrypted is determined by the number of bytes in the modulus, and the padding mode, according to:
"PKCS1" <

"SSLV23" <

"OAEP" <

None

Examples

open allclose all

Basic Examples (3)

Encrypt a message with a password:

Show the raw encrypted form:

Decrypt with the password to get back the message:

Generate a key:

Encrypt using the key:

Generate public and private keys:

Encrypt using the public key:

Decrypt using the private key:

Alternatively, encrypt using the private key:

Now decrypt using the public key:

Scope (2)

Encrypt any expression:

Byte arrays are encrypted literally, making them more easily usable with external programs:

Applications (2)

Encrypt a message and save the ciphertext to a file:

Read back the contents of the file as bytes:

Compare with the original ciphertext:

Delete the temporary file:

Write simple cryptographic signing and verification functions:

Generate a pair of public and private keys:

Define an expression to sign:

Generate a signature:

Verify that the signature is authentic:

Verifying with another expression will fail:

Properties & Relations (1)

The returned encrypted object stores all aspects of the encrypted result:

Extract the bytes in the ciphertext:

Extract the bytes in the initialization vector used for encryption:

Possible Issues (4)

Timing (1)

Encrypting using a password requires key derivation, which is intentionally slow:

You can avoid this by pre-generating a key:

Encrypted Data Size (1)

The ciphertext may be a different length from the input:

Incompatible Keys (1)

Encryption with elliptic curve-based keys is not currently supported:

Incompatible Padding Modes (1)

Encrypting with a private key is not possible for certain padding modes: