[Openswan Users] Implementing proprietary cipher in Openswan

Brian Candler B.Candler at pobox.com
Fri May 26 10:59:47 CEST 2006

On Fri, May 26, 2006 at 10:17:18AM +0200, Mihajlo Cvetanovi?? wrote:
> I would like to implement my own proprietary cipher, so I guess the most 
> apropriate method is to implement it into something called CryptoApi (of 
> which I don't know anything about at the moment). Could somebody give me 
> some useful hints & links to get me started? I would need help both on 
> CryptoApi implementation, and integration with Openswan. I'm working 
> with FC5 2.6.15, ipsec 2.4.5 (klips). Thanks in advance.

First read a bit of history. Phil Zimmermann, when he wrote PGP 1.0, used a
symmetric cipher of his own design ("Bass-O-Matic"), because DES had too
short a key, and he didn't know of any other ciphers at the time.

Bass-o-matic soon turned out to be fatally flawed, and he was forced to
replace it with a properly designed cipher (in this case IDEA).

The moral is: unless you are an expert cryptographer and mathematician - by
which I mean far more of an expert than the person who wrote PGP - then you
are unlikely to be able to design a cipher which has any chance of
withstanding cryptographic attack.

However, if you *are* this much of a cryptography expert, then IMO you can
certainly work out for yourself how to plug into a crypto API.



More information about the Users mailing list