- swi-prolog
- library
- filesex.pl -- Extended operations on files
- apply.pl -- Apply predicates on a list
- error.pl -- Error generating support
- shlib.pl -- Utility library for loading foreign objects (DLLs, shared objects)
- lists.pl -- List Manipulation
- pairs.pl -- Operations on key-value lists
- doc_http.pl -- Documentation server
- pldoc.pl -- Process source documentation
- memfile.pl
- operators.pl -- Manage operators
- debug.pl -- Print debug messages and test assertions
- option.pl -- Option list processing
- prolog_source.pl -- Examine Prolog source-files
- socket.pl -- Network socket (TCP and UDP) library
- thread_pool.pl -- Resource bounded thread management
- rbtrees.pl -- Red black trees
- gensym.pl -- Generate unique symbols
- readutil.pl -- Read utilities
- url.pl -- Analysing and constructing URL
- utf8.pl -- UTF-8 encoding/decoding on lists of character codes.
- uri.pl -- Process URIs
- settings.pl -- Setting management
- broadcast.pl -- Event service
- arithmetic.pl -- Extensible arithmetic
- sgml.pl -- SGML, XML and HTML parser
- iostream.pl -- Utilities to deal with streams
- dialect.pl -- Support multiple Prolog dialects
- quasi_quotations.pl -- Define Quasi Quotation syntax
- pure_input.pl -- Pure Input from files and streams
- time.pl -- Time and alarm library
- base64.pl -- Base64 encoding and decoding
- aggregate.pl -- Aggregation operators on backtrackable predicates
- ordsets.pl -- Ordered set manipulation
- oset.pl -- Ordered set manipulation
- www_browser.pl -- Open a URL in the users browser
- process.pl -- Create processes and redirect I/O
- prolog_colour.pl -- Prolog syntax colouring support.
- prolog_xref.pl -- Prolog cross-referencer data collection
- predicate_options.pl -- Access and analyse predicate options
- prolog_clause.pl -- Get detailed source-information about a clause
- occurs.pl -- Finding and counting sub-terms
- listing.pl -- List programs and pretty print clauses
- record.pl -- Access compound arguments by name
- assoc.pl -- Binary associations
- ugraphs.pl -- Graph manipulation library
- xpath.pl -- Select nodes in an XML DOM
- prolog_pack.pl -- A package manager for Prolog
- archive.pl -- Access several archive formats
- rdf.pl
- rdf_parser.pl
- rewrite.pl
- quintus.pl -- Quintus compatibility
- rdf_triple.pl -- Create triples from intermediate representation
- sgml_write.pl -- XML/SGML writer module
- xsdp_types.pl -- XML-Schema primitive types
- thread.pl -- High level thread primitives
- git.pl -- Run GIT commands
- ctypes.pl -- Character code classification
- sha.pl -- SHA secure hashes
- crypt.pl
- persistency.pl -- Provide persistent dynamic predicates
- tty.pl -- Terminal operations
- c14n2.pl -- C14n2 canonical XML documents
- dicts.pl -- Dict utilities
- solution_sequences.pl -- Modify solution sequences
- nb_set.pl -- Non-backtrackable sets
- terms.pl -- Term manipulation
- apply_macros.pl -- Goal expansion rules to avoid meta-calling
- snowball.pl -- The Snowball multi-lingual stemmer library
- sandbox.pl -- Sandboxed Prolog code
- prolog_format.pl -- Analyse format specifications
- when.pl -- Conditional coroutining
- double_metaphone.pl -- Phonetic string matching
- porter_stem.pl
- uuid.pl -- Universally Unique Identifier (UUID) Library
- pcre.pl -- Perl compatible regular expression matching for SWI-Prolog
- backcomp.pl -- Backward compatibility
- system.pl -- System utilities
- rdf_write.pl -- Write RDF/XML from a list of triples
- date.pl -- Process dates and times
- zlib.pl -- Zlib wrapper for SWI-Prolog
- rdf_ntriples.pl -- RDF N-triples parser (obsolete)
- csv.pl -- Process CSV (Comma-Separated Values) data
- dif.pl -- The dif/2 constraint
- ssl.pl -- Secure Socket Layer (SSL) library
- crypto.pl -- Cryptography and authentication library
- crypto_n_random_bytes/2
- crypto_data_hash/3
- crypto_file_hash/3
- crypto_context_new/2
- crypto_data_context/3
- crypto_context_hash/2
- crypto_open_hash_stream/3
- crypto_stream_hash/2
- crypto_password_hash/2
- crypto_password_hash/3
- crypto_data_hkdf/4
- ecdsa_sign/4
- ecdsa_verify/4
- hex_bytes/2
- rsa_private_decrypt/4
- rsa_private_encrypt/4
- rsa_public_decrypt/4
- rsa_public_encrypt/4
- rsa_sign/4
- rsa_verify/4
- crypto_data_decrypt/6
- crypto_data_encrypt/6
- crypto_modular_inverse/3
- crypto_generate_prime/3
- crypto_is_prime/2
- crypto_name_curve/2
- crypto_curve_order/2
- crypto_curve_generator/2
- crypto_curve_scalar_mult/4
- ansi_term.pl -- Print decorated text to ANSI consoles
- pengines.pl -- Pengines: Web Logic Programming Made Easy
- charsio.pl -- I/O on Lists of Character Codes
- modules.pl -- Module utility predicates
- term_to_json.pl
- prolog_stack.pl -- Examine the Prolog stack
- statistics.pl -- Get information about resource usage
- editline.pl -- BSD libedit based command line editing
- console_input.pl
- prolog_history.pl -- Per-directory persistent commandline history
- base32.pl -- Base32 encoding and decoding
- edinburgh.pl -- Some traditional Edinburgh predicates
- helpidx.pl
- explain.pl -- Describe Prolog Terms
- edit.pl -- Editor interface
- make.pl -- Reload modified source files
- check.pl -- Consistency checking
- prolog_codewalk.pl -- Prolog code walker
- prolog_metainference.pl -- Infer meta-predicate properties
- prolog_breakpoints.pl -- Manage Prolog break-points
- help.pl
- threadutil.pl -- Interactive thread utilities
- writef.pl -- Old-style formatted write
- md5.pl -- MD5 hashes
- sort.pl
- qsave.pl -- Save current program as a state or executable
- prolog_autoload.pl -- Autoload all dependencies
- files.pl
- main.pl -- Provide entry point for scripts
- tabling.pl -- Tabled execution (SLG WAM)
- hash_stream.pl -- Maintain a hash on a stream
- optparse.pl -- command line parsing
- varnumbers.pl -- Utilities for numbered terms
- library
- crypto_data_encrypt(+PlainText, +Algorithm, +Key, +IV, -CipherText, +Options)
- Encrypt the given PlainText, using the symmetric algorithm
Algorithm, key Key, and initialization vector (or nonce) IV, to give
CipherText.
PlainText must be a string, atom or list of codes or characters, and CipherText is created as a string. Key and IV are typically lists of bytes, though atoms and strings are also permitted. Algorithm must be an algorithm which your copy of OpenSSL knows about.
Keys and IVs can be chosen at random (using for example crypto_n_random_bytes/2) or derived from input keying material (IKM) using for example crypto_data_hkdf/4. This input is often a shared secret, such as a negotiated point on an elliptic curve, or the hash that was computed from a password via crypto_password_hash/3 with a freshly generated and specified salt.
Reusing the same combination of Key and IV typically leaks at least some information about the plaintext. For example, identical plaintexts will then correspond to identical ciphertexts. For some algorithms, reusing an IV with the same Key has disastrous results and can cause the loss of all properties that are otherwise guaranteed. Especially in such cases, an IV is also called a nonce (number used once). If an IV is not needed for your algorithm (such as
'aes-128-ecb'
) then any value can be provided as it will be ignored by the underlying implementation. Note that such algorithms do not provide semantic security and are thus insecure. You should use stronger algorithms instead.It is safe to store and transfer the used initialization vector (or nonce) in plain text, but the key must be kept secret.
Commonly used algorithms include:
'chacha20-poly1305'
- A powerful and efficient authenticated encryption scheme, providing secrecy and at the same time reliable protection against undetected modifications of the encrypted data. This is a very good choice for virtually all use cases. It is a stream cipher and can encrypt data of any length up to 256 GB. Further, the encrypted data has exactly the same length as the original, and no padding is used. It requires OpenSSL 1.1.0 or greater. See below for an example.
'aes-128-gcm'
- Also an authenticated encryption scheme. It uses a 128-bit (i.e., 16 bytes) key and a 96-bit (i.e., 12 bytes) nonce. It requires OpenSSL 1.1.0 or greater.
'aes-128-cbc'
- A block cipher that provides secrecy, but does not protect against unintended modifications of the cipher text. This algorithm uses 128-bit (16 bytes) keys and initialization vectors. It works with all supported versions of OpenSSL. If possible, consider using an authenticated encryption scheme instead.
Options:
- encoding(+Encoding)
- Encoding to use for PlainText. Default is
utf8
. Alternatives areutf8
andoctet
. - padding(+PaddingScheme)
- For block ciphers, the padding scheme to use. Default is
block
. You can disable padding by supplyingnone
here. If padding is disabled for block ciphers, then the length of the ciphertext must be a multiple of the block size. - tag(-List)
- For authenticated encryption schemes, List is unified with a list of bytes holding the tag. This tag must be provided for decryption. Authenticated encryption requires OpenSSL 1.1.0 or greater.
- tag_length(+Length)
- For authenticated encryption schemes, the desired length of the tag, specified as the number of bytes. The default is 16. Smaller numbers are not recommended.
For example, with OpenSSL 1.1.0 and greater, we can use the ChaCha20 stream cipher with the Poly1305 authenticator. This cipher uses a 256-bit key and a 96-bit nonce, i.e., 32 and 12 bytes, respectively:
?- Algorithm = 'chacha20-poly1305', crypto_n_random_bytes(32, Key), crypto_n_random_bytes(12, IV), crypto_data_encrypt("this is some input", Algorithm, Key, IV, CipherText, [tag(Tag)]), crypto_data_decrypt(CipherText, Algorithm, Key, IV, RecoveredText, [tag(Tag)]). Algorithm = 'chacha20-poly1305', Key = [65, 147, 140, 197, 27, 60, 198, 50, 218|...], IV = [253, 232, 174, 84, 168, 208, 218, 168, 228|...], CipherText = <binary string>, Tag = [248, 220, 46, 62, 255, 9, 178, 130, 250|...], RecoveredText = "this is some input".
In this example, we use crypto_n_random_bytes/2 to generate a key and nonce from cryptographically secure random numbers. For repeated applications, you must ensure that a nonce is only used once together with the same key. Note that for authenticated encryption schemes, the tag that was computed during encryption is necessary for decryption. It is safe to store and transfer the tag in plain text.
- See also
- - crypto_data_decrypt/6.
- - hex_bytes/2 for conversion between bytes and hex encoding.