- swipl
- library
- error.pl -- Error generating support
- apply.pl -- Apply predicates on a list
- lists.pl -- List Manipulation
- debug.pl -- Print debug messages and test assertions
- broadcast.pl -- Event service
- socket.pl -- Network socket (TCP and UDP) library
- predicate_options.pl -- Access and analyse predicate options
- shlib.pl -- Utility library for loading foreign objects (DLLs, shared objects)
- option.pl -- Option list processing
- uid.pl -- User and group management on Unix systems
- unix.pl -- Unix specific operations
- syslog.pl -- Unix syslog interface
- thread_pool.pl -- Resource bounded thread management
- gensym.pl -- Generate unique symbols
- settings.pl -- Setting management
- arithmetic.pl -- Extensible arithmetic
- main.pl -- Provide entry point for scripts
- readutil.pl -- Read utilities
- ssl.pl -- Secure Socket Layer (SSL) library
- crypto.pl -- Cryptography and authentication library
- crypto_n_random_bytes/2
- crypto_data_hash/3
- crypto_file_hash/3
- crypto_context_new/2
- crypto_data_context/3
- crypto_context_hash/2
- crypto_open_hash_stream/3
- crypto_stream_hash/2
- crypto_password_hash/2
- crypto_password_hash/3
- crypto_data_hkdf/4
- ecdsa_sign/4
- ecdsa_verify/4
- hex_bytes/2
- rsa_private_decrypt/4
- rsa_private_encrypt/4
- rsa_public_decrypt/4
- rsa_public_encrypt/4
- rsa_sign/4
- rsa_verify/4
- crypto_data_decrypt/6
- crypto_data_encrypt/6
- crypto_modular_inverse/3
- crypto_generate_prime/3
- crypto_is_prime/2
- crypto_name_curve/2
- crypto_curve_order/2
- crypto_curve_generator/2
- crypto_curve_scalar_mult/4
- filesex.pl -- Extended operations on files
- doc_http.pl -- Documentation server
- pldoc.pl -- Process source documentation
- operators.pl -- Manage operators
- pairs.pl -- Operations on key-value lists
- prolog_source.pl -- Examine Prolog source-files
- sgml.pl -- SGML, XML and HTML parser
- quasi_quotations.pl -- Define Quasi Quotation syntax
- uri.pl -- Process URIs
- url.pl -- Analysing and constructing URL
- www_browser.pl -- Open a URL in the users browser
- prolog_colour.pl -- Prolog syntax colouring support.
- record.pl -- Access compound arguments by name
- prolog_xref.pl -- Prolog cross-referencer data collection
- occurs.pl -- Finding and counting sub-terms
- ordsets.pl -- Ordered set manipulation
- assoc.pl -- Binary associations
- ugraphs.pl -- Graph manipulation library
- xpath.pl -- Select nodes in an XML DOM
- iostream.pl -- Utilities to deal with streams
- atom.pl -- Operations on atoms
- porter_stem.pl
- solution_sequences.pl -- Modify solution sequences
- prolog_pack.pl -- A package manager for Prolog
- process.pl -- Create processes and redirect I/O
- memfile.pl
- prolog_config.pl -- Provide configuration information
- git.pl -- Run GIT commands
- ctypes.pl -- Character code classification
- time.pl -- Time and alarm library
- utf8.pl -- UTF-8 encoding/decoding on lists of character codes.
- base64.pl -- Base64 encoding and decoding
- sha.pl -- SHA secure hashes
- crypt.pl
- persistency.pl -- Provide persistent dynamic predicates
- pure_input.pl -- Pure Input from files and streams
- nb_set.pl -- Non-backtrackable sets
- xsdp_types.pl -- XML-Schema primitive types
- uuid.pl -- Universally Unique Identifier (UUID) Library
- pcre.pl -- Perl compatible regular expression matching for SWI-Prolog
- aggregate.pl -- Aggregation operators on backtrackable predicates
- rdf_write.pl -- Write RDF/XML from a list of triples
- rdf.pl -- RDF/XML parser
- sgml_write.pl -- XML/SGML writer module
- archive.pl -- Access several archive formats
- csv.pl -- Process CSV (Comma-Separated Values) data
- dialect.pl -- Support multiple Prolog dialects
- apply_macros.pl -- Goal expansion rules to avoid meta-calling
- pengines.pl -- Pengines: Web Logic Programming Made Easy
- random.pl -- Random numbers
- zlib.pl -- Zlib wrapper for SWI-Prolog
- bdb.pl -- Berkeley DB interface
- hash_stream.pl -- Maintain a hash on a stream
- md5.pl -- MD5 hashes
- sandbox.pl -- Sandboxed Prolog code
- prolog_format.pl -- Analyse format specifications
- pprint.pl -- Pretty Print Prolog terms
- lazy_lists.pl -- Lazy list handling
- pengines_io.pl -- Provide Prolog I/O for HTML clients
- yall.pl -- Lambda expressions
- edinburgh.pl -- Some traditional Edinburgh predicates
- prolog_clause.pl -- Get detailed source-information about a clause
- prolog_breakpoints.pl -- Manage Prolog break-points
- dicts.pl -- Dict utilities
- dif.pl -- The dif/2 constraint
- thread.pl -- High level thread primitives
- rbtrees.pl -- Red black trees
- nb_rbtrees.pl -- Non-backtrackable operations on red black trees
- mallocinfo.pl -- Memory allocation details
- date.pl -- Process dates and times
- snowball.pl -- The Snowball multi-lingual stemmer library
- rdf_triple.pl -- Create triples from intermediate representation
- rdf_parser.pl
- rewrite_term.pl
- oset.pl -- Ordered set manipulation
- modules.pl -- Module utility predicates
- tables.pl -- XSB interface to tables
- base32.pl -- Base32 encoding and decoding
- charsio.pl -- I/O on Lists of Character Codes
- codesio.pl -- I/O on Lists of Character Codes
- coinduction.pl -- Co-Logic Programming
- heaps.pl -- heaps/priority queues
- sort.pl
- statistics.pl -- Get information about resource usage
- terms.pl -- Term manipulation
- varnumbers.pl -- Utilities for numbered terms
- when.pl -- Conditional coroutining
- backcomp.pl -- Backward compatibility
- edit.pl -- Editor interface
- doc_latex.pl -- PlDoc LaTeX backend
- listing.pl -- List programs and pretty print clauses
- system.pl -- System utilities
- make.pl -- Reload modified source files
- intercept.pl -- Intercept and signal interface
- files.pl
- doc_files.pl -- Create stand-alone documentation files
- hashtable.pl -- Hash tables
- shell.pl -- Elementary shell commands
- quintus.pl -- Quintus compatibility
- prolog_codewalk.pl -- Prolog code walker
- prolog_metainference.pl -- Infer meta-predicate properties
- prolog_code.pl -- Utilities for reasoning about code
- check.pl -- Consistency checking
- prolog_stack.pl -- Examine the Prolog stack
- optparse.pl -- command line parsing
- strings.pl -- String utilities
- yaml.pl -- Process YAML data
- help.pl -- Text based manual
- isub.pl -- isub: a string similarity measure
- threadutil.pl -- Interactive thread utilities
- redis_streams.pl -- Using Redis streams
- redis.pl -- Redis client
- odbc.pl
- editline.pl -- BSD libedit based command line editing
- wfs.pl -- Well Founded Semantics interface
- pwp.pl -- Prolog Well-formed Pages
- prolog_autoload.pl -- Autoload all dependencies
- ansi_term.pl -- Print decorated text to ANSI consoles
- prolog_trace.pl -- Print access to predicates
- writef.pl -- Old-style formatted write
- prolog_wrap.pl -- Wrapping predicates
- paxos.pl -- A Replicated Data Store
- table.pl
- readline.pl -- GNU readline interface
- plunit.pl -- Unit Testing
- test_cover.pl -- Clause cover analysis
- explain.pl -- Describe Prolog Terms
- term_to_json.pl
- unicode.pl -- Unicode string handling
- xmlenc.pl -- XML encryption library
- cgi.pl -- Read CGI parameters
- prolog_jiti.pl -- Just In Time Indexing (JITI) utilities
- udp_broadcast.pl -- A UDP broadcast proxy
- qsave.pl -- Save current program as a state or executable
- zip.pl -- Access resource ZIP archives
- prolog_stream.pl -- A stream with Prolog callbacks
- c14n2.pl -- C14n2 canonical XML documents
- protobufs.pl -- Google's Protocol Buffers
- double_metaphone.pl -- Phonetic string matching
- prolog_history.pl -- Per-directory persistent commandline history
- xmldsig.pl -- XML Digital signature
- tty.pl -- Terminal operations
- streampool.pl -- Input multiplexing
- rlimit.pl
- library
- crypto_data_encrypt(+PlainText, +Algorithm, +Key, +IV, -CipherText, +Options)
- Encrypt the given PlainText, using the symmetric algorithm
Algorithm, key Key, and initialization vector (or nonce) IV, to give
CipherText.
PlainText must be a string, atom or list of codes or characters, and CipherText is created as a string. Key and IV are typically lists of bytes, though atoms and strings are also permitted. Algorithm must be an algorithm which your copy of OpenSSL knows about.
Keys and IVs can be chosen at random (using for example crypto_n_random_bytes/2) or derived from input keying material (IKM) using for example crypto_data_hkdf/4. This input is often a shared secret, such as a negotiated point on an elliptic curve, or the hash that was computed from a password via crypto_password_hash/3 with a freshly generated and specified salt.
Reusing the same combination of Key and IV typically leaks at least some information about the plaintext. For example, identical plaintexts will then correspond to identical ciphertexts. For some algorithms, reusing an IV with the same Key has disastrous results and can cause the loss of all properties that are otherwise guaranteed. Especially in such cases, an IV is also called a nonce (number used once). If an IV is not needed for your algorithm (such as
'aes-128-ecb') then any value can be provided as it will be ignored by the underlying implementation. Note that such algorithms do not provide semantic security and are thus insecure. You should use stronger algorithms instead.It is safe to store and transfer the used initialization vector (or nonce) in plain text, but the key must be kept secret.
Commonly used algorithms include:
'chacha20-poly1305'- A powerful and efficient authenticated encryption scheme, providing secrecy and at the same time reliable protection against undetected modifications of the encrypted data. This is a very good choice for virtually all use cases. It is a stream cipher and can encrypt data of any length up to 256 GB. Further, the encrypted data has exactly the same length as the original, and no padding is used. It requires OpenSSL 1.1.0 or greater. See below for an example.
'aes-128-gcm'- Also an authenticated encryption scheme. It uses a 128-bit (i.e., 16 bytes) key and a 96-bit (i.e., 12 bytes) nonce. It requires OpenSSL 1.1.0 or greater.
'aes-128-cbc'- A block cipher that provides secrecy, but does not protect against unintended modifications of the cipher text. This algorithm uses 128-bit (16 bytes) keys and initialization vectors. It works with all supported versions of OpenSSL. If possible, consider using an authenticated encryption scheme instead.
Options:
- encoding(+Encoding)
- Encoding to use for PlainText. Default is
utf8. Alternatives areutf8andoctet. - padding(+PaddingScheme)
- For block ciphers, the padding scheme to use. Default is
block. You can disable padding by supplyingnonehere. If padding is disabled for block ciphers, then the length of the ciphertext must be a multiple of the block size. - tag(-List)
- For authenticated encryption schemes, List is unified with a list of bytes holding the tag. This tag must be provided for decryption. Authenticated encryption requires OpenSSL 1.1.0 or greater.
- tag_length(+Length)
- For authenticated encryption schemes, the desired length of the tag, specified as the number of bytes. The default is 16. Smaller numbers are not recommended.
For example, with OpenSSL 1.1.0 and greater, we can use the ChaCha20 stream cipher with the Poly1305 authenticator. This cipher uses a 256-bit key and a 96-bit nonce, i.e., 32 and 12 bytes, respectively:
?- Algorithm = 'chacha20-poly1305', crypto_n_random_bytes(32, Key), crypto_n_random_bytes(12, IV), crypto_data_encrypt("this is some input", Algorithm, Key, IV, CipherText, [tag(Tag)]), crypto_data_decrypt(CipherText, Algorithm, Key, IV, RecoveredText, [tag(Tag)]). Algorithm = 'chacha20-poly1305', Key = [65, 147, 140, 197, 27, 60, 198, 50, 218|...], IV = [253, 232, 174, 84, 168, 208, 218, 168, 228|...], CipherText = <binary string>, Tag = [248, 220, 46, 62, 255, 9, 178, 130, 250|...], RecoveredText = "this is some input".In this example, we use crypto_n_random_bytes/2 to generate a key and nonce from cryptographically secure random numbers. For repeated applications, you must ensure that a nonce is only used once together with the same key. Note that for authenticated encryption schemes, the tag that was computed during encryption is necessary for decryption. It is safe to store and transfer the tag in plain text.
- See also
- - crypto_data_decrypt/6.
- - hex_bytes/2 for conversion between bytes and hex encoding.