Thread: mcrypt/ openssl/ gnupg/ etc
05-27-2004, 06:15 PM #1Web Hosting Master
- Join Date
- Dec 2002
mcrypt/ openssl/ gnupg/ etc
Forgive me for not reading up enough on crypto - I am hoping someone can help me get this right in my mind.
What is the difference between what mcrypt provides and what openssl provides?
From reading the docs, it appears that:
libmcrypt - mcrypt lib, other "frontends" can use it to generate crypto (like the php mcrypt stuff).
mcrypt - CLI frontend to generate crypto, uses libmcrypt
openssl - can generate public/private keypairs, certs, and symmetric encryption
gnupg - public/private keypairs
Why are all these projects necessary? It seems to me that several of them overlap in terms of what one could use it for. Someone has explained to me that gnupg is similar to openssl, but its the reverse way.
Argh. Does anyone have a 'newbies guide to crypto' link or info that could help me get this straight?
In short - I know how to use these, but I am not sure WHY I would use one or the other.
thanks"The only difference between a poor person and a rich person is what they do in their spare time."
"If youth is wasted on the young, then retirement is wasted on the old"
05-27-2004, 09:23 PM #2Premium Member
- Join Date
- Mar 2003
- Saint Paul, MN
I don't know of any really good newbie crypto guides; the documentation that comes with older (2.*) versions of PGP is pretty good but only really applicable to email/file encryption. I don't recall if it is included with the more recent versions or not. There used to be a FAQ for one of the USENET groups (sci.crypt?) that was pretty decent, but a few seconds of searching doesn't seem to locate it - maybe someone else can post a link.
If you're really into crypto, get a copy of Bruce Schneier's _Applied Cryptography_. Heavy on math, but some good stuff.
As to the difference between all the crypto apps... All I can really say is that GnuPG is an open-source, RFC-compliant alternative to the better-established PGP, for people who care about things like that. It's not 100% compatible with PGP, but it's largely interoperable for most basic uses, especially for older versions of PGP.
I use OpenSSL, which I quite like, and have mcrypt installed, though I'm not sure it's ever been used. I think a lot of the choice of crypto libs just comes down to what library the piece of software you're installing or compiling requires. Someone more familiar with mcrypt/libmcrypt will hopefully come along to answer your questions there...