aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-03-10 18:44:36 -0500
committerJack Lloyd <[email protected]>2018-03-10 18:44:36 -0500
commitec1fefc10c0961796825a03ffa7578011441d0c2 (patch)
tree41d95c57964bbedbdee93605776cd3d7a743da4e
parenta06b9a4dd6172943c8ed4095128379a8fb87b04c (diff)
FPE doc updates [ci skip]
-rw-r--r--doc/manual/fpe.rst9
1 files changed, 7 insertions, 2 deletions
diff --git a/doc/manual/fpe.rst b/doc/manual/fpe.rst
index caa2eb916..efb85be60 100644
--- a/doc/manual/fpe.rst
+++ b/doc/manual/fpe.rst
@@ -22,7 +22,9 @@ might encrypt. For instance, a 16 digit credit card number consists of
a 15 digit code plus a 1 digit checksum. So to encrypt a credit card
number, you first remove the checksum, encrypt the 15 digit value
modulo 10\ :sup:`15`, and then calculate what the checksum is for the
-new (ciphertext) number.
+new (ciphertext) number. Or, if you were encrypting words in a
+dictionary, you could rank the words by their lexicographical order,
+and choose the modulus to be the number of words in the dictionary.
The interfaces for FE1 are defined in the header ``fpe_fe1.h``:
@@ -32,7 +34,7 @@ The interfaces for FE1 are defined in the header ``fpe_fe1.h``:
.. cpp:function:: FPE_FE1(const BigInt& n, size_t rounds = 5, \
bool compat_mode = false, \
- std::string mac_algo = "HMAC(SHA-256)");
+ std::string mac_algo = "HMAC(SHA-256)")
Initialize an FPE operation to encrypt/decrypt integers less
than *n*. It is expected that *n* is trially factorable into
@@ -74,6 +76,9 @@ These are the original interface to FE1, first added in 1.9.17. However because
they do the entire setup cost for each operation, they are significantly slower
than the class-based API presented above.
+.. warning:: These functions are hardcoded to use 3 rounds, which may be
+ insufficient depending on the chosen modulus.
+
.. cpp:function:: BigInt FPE::fe1_encrypt(const BigInt& n, const BigInt& X, \
const SymmetricKey& key, const std::vector<uint8_t>& tweak)