Symmetric Encryption Subsystem Architecture - The Libgcrypt Reference Manual

Next: Hashing and MACing Subsystem Architecture, Previous: Public-Key Subsystem Architecture, Up: Architecture

14.2 Symmetric Encryption Subsystem Architecture

The interface to work with symmetric encryption algorithms is made up of functions from the gcry_cipher_ name space. The implementation follows the open-use-close paradigm and uses registered algorithm modules for the actual work. Unless a module implements optimized cipher mode implementations, the high level code (cipher/cipher.c) implements the modes and calls the core algorithm functions to process each block.

The most important functions are:

gcry_cipher_open: Create a new instance to encrypt or decrypt using a specified algorithm and mode.
gcry_cipher_close: Release an instance.
gcry_cipher_setkey: Set a key to be used for encryption or decryption.
gcry_cipher_setiv: Set an initialization vector to be used for encryption or decryption.
gcry_cipher_encrypt
gcry_cipher_decrypt: Encrypt or decrypt data. These functions may be called with arbitrary amounts of data and as often as needed to encrypt or decrypt all data.

There are also functions to query properties of algorithms or context, like block length, key length, map names or to enable features like padding methods.