Next: , Previous: Public-Key Subsystem Architecture, Up: Architecture


13.2 Symmetric Encryption Subsystem Architecture

The interface to work with symmetric encryption algorithms is made up of functions from the gcry_cipher_ name space. The implementation follows the open-use-close paradigm and uses registered algorithm modules for the actual work. Unless a module implements optimized cipher mode implementations, the high level code (cipher/cipher.c) implements the modes and calls the core algorithm functions to process each block.

The most important functions are:

gcry_cipher_open
Create a new instance to encrypt or decrypt using a specified algorithm and mode.
gcry_cipher_close
Release an instance.
gcry_cipher_setkey
Set a key to be used for encryption or decryption.
gcry_cipher_setiv
Set an initialization vector to be used for encryption or decryption.
gcry_cipher_encrypt
gcry_cipher_decrypt
Encrypt or decrypt data. These functions may be called with arbitrary amounts of data and as often as needed to encrypt or decrypt all data.

There are also functions to query properties of algorithms or context, like block length, key length, map names or to enable features like padding methods.