manpagez: man pages & more
man Crypt::AuthEnc::EAX(3)

man pages By Section Choose... 123456789ln Alphabetically Choose... ABCDEFGHIJKLMNOPQRSTUVWXYZOther

Home | html | info | man

Crypt::AuthEnc::EAX(3)                     User Contributed Perl Documentation

NAME

       Crypt::AuthEnc::EAX - Authenticated encryption in EAX mode

SYNOPSIS

        ### OO interface
        use Crypt::AuthEnc::EAX;

        my $key = '...';
        my $nonce = '...';
        my $expected_tag = '...';

        # encrypt and authenticate
        my $ae_enc = Crypt::AuthEnc::EAX->new("AES", $key, $nonce);
        $ae_enc->adata_add('additional_authenticated_data1');
        $ae_enc->adata_add('additional_authenticated_data2');
        my $ct = $ae_enc->encrypt_add('data1');
        $ct .= $ae_enc->encrypt_add('data2');
        $ct .= $ae_enc->encrypt_add('data3');
        my $tag = $ae_enc->encrypt_done();

        # decrypt and verify
        my $ae_dec = Crypt::AuthEnc::EAX->new("AES", $key, $nonce);
        $ae_dec->adata_add('additional_authenticated_data1');
        $ae_dec->adata_add('additional_authenticated_data2');
        my $pt = $ae_dec->decrypt_add('ciphertext1');
        $pt .= $ae_dec->decrypt_add('ciphertext2');
        $pt .= $ae_dec->decrypt_add('ciphertext3');
        my $computed_tag = $ae_dec->decrypt_done();
        die "decrypt failed" unless $computed_tag eq $expected_tag;

        #or
        my $result = $ae_dec->decrypt_done($expected_tag); # 0 or 1

        ### functional interface
        use Crypt::AuthEnc::EAX qw(eax_encrypt_authenticate eax_decrypt_verify);

        my $key = '...';
        my $nonce = '...';
        my $adata = '...';
        my $plaintext = '...';

        my ($ciphertext, $tag) = eax_encrypt_authenticate('AES', $key, $nonce, $adata, $plaintext);
        my $decrypted = eax_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);

DESCRIPTION

       EAX is a mode that requires a cipher, CTR and OMAC support and provides
       encryption and authentication.  It is initialized with a random IV that
       can be shared publicly, additional authenticated data which can be
       fixed and public, and a random secret symmetric key.

       This is a stateful API. Build one message by calling, in order: "new",
       optional extra "adata_add", zero or more "encrypt_add" or "decrypt_add"
       calls, then "encrypt_done" or "decrypt_done".

       Use a fresh object per message. The optional $adata argument to "new"
       is equivalent to adding initial AAD before processing any payload. When
       verifying, decrypt_done($expected_tag) is the safer one-step form;
       decrypt_done() without arguments only returns the calculated tag.  The
       first "encrypt_done" / "decrypt_done" call finalizes the object. After
       that, further "adata_add", "encrypt_add", "decrypt_add",
       "encrypt_done", and "decrypt_done" calls croak.

EXPORT

       Nothing is exported by default.

       You can export selected functions:

         use Crypt::AuthEnc::EAX qw(eax_encrypt_authenticate eax_decrypt_verify);

FUNCTIONS

   eax_encrypt_authenticate
        my ($ciphertext, $tag) = eax_encrypt_authenticate($cipher, $key, $nonce, $adata, $plaintext);

        # $cipher .. [string] 'AES' or name of any other cipher with 16-byte block len
        # $key ..... [binary string] AES key of proper length (128/192/256 bits)
        # $nonce ... [binary string] unique nonce (no need to keep it secret)
        # $adata ... [binary string] additional authenticated data

   eax_decrypt_verify
        my $plaintext = eax_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
        # on error returns undef

METHODS

       Unless noted otherwise, assume $ae is an existing AEAD object created
       via "new", for example:

        my $ae = Crypt::AuthEnc::EAX->new($cipher, $key, $nonce);

   new
        my $ae = Crypt::AuthEnc::EAX->new($cipher, $key, $nonce);
        #or
        my $ae = Crypt::AuthEnc::EAX->new($cipher, $key, $nonce, $adata);

        # $cipher .. [string] 'AES' or name of any other cipher with 16-byte block len
        # $key ..... [binary string] AES key of proper length (128/192/256 bits)
        # $nonce ... [binary string] unique nonce (no need to keep it secret)
        # $adata ... [binary string] additional authenticated data (optional)

   adata_add
       Can be called only before the first "encrypt_add" or "decrypt_add".
       Returns the object itself (for chaining).

        $ae->adata_add($adata);                        # can be called multiple times

   encrypt_add
       Returns a binary string of ciphertext (raw bytes).

        my $ciphertext = $ae->encrypt_add($data);      # can be called multiple times

   encrypt_done
       Returns the authentication tag as a binary string (raw bytes).  This
       call finalizes the current message.

        my $tag = $ae->encrypt_done();                 # returns $tag value

   decrypt_add
       Returns a binary string of plaintext (raw bytes).

        my $plaintext = $ae->decrypt_add($ciphertext); # can be called multiple times

   decrypt_done
       Without argument returns the computed tag as a binary string. With $tag
       argument returns 1 (success) or 0 (failure).  This call finalizes the
       current message.

        my $tag = $ae->decrypt_done;           # returns $tag value
        #or
        my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)

   clone
       Returns a copy of the AEAD object in its current state.

        my $ae_new = $ae->clone;

SEE ALSO

       o   CryptX(3), Crypt::AuthEnc::CCM(3), Crypt::AuthEnc::GCM(3),
           Crypt::AuthEnc::OCB(3)

       o   <https://en.wikipedia.org/wiki/EAX_mode>

       o   <https://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf>

perl v5.34.3                      2026-05-11            Crypt::AuthEnc::EAX(3)

---

cryptx 0.89.0 - Generated Mon May 11 07:42:19 CDT 2026

© manpagez.com 2000-2026
Individual documents may contain additional copyright information.