Simple crypto library

Discussion in 'C++' started by Dave, May 14, 2005.

  1. Dave

    Dave Guest

    Hi,

    I want to simply generate an encrypted text (with a static key) store in
    a text file and validate it by decrypting the enrypted text with the
    static key.

    The static key is a plain text written in a C++ class.

    What is the simple way of writing this sort of functions in C/C++?

    I currently created two functions to deal with encryption and
    decryption, but they don't functioning properly:

    void Auth::encrypt(string &text)
    {
    const char *k = text.c_str();
    const char *s = _seed.c_str();

    std::eek:stringstream encrypted_text;
    char c;
    for (; *k != '\0'; *k++) {
    for (; *s != '\0'; *s1++) {
    c = *k ^ *s;
    encrypted_text << c;
    }
    }
    text = encrypted_text;
    }

    string Auth::decrypt(string &line)
    {
    const char *l = line.c_str();
    const char *s = _seed.c_str();

    std::eek:stringstream ascii_text;
    char c;
    for (; *l != '\0'; *l++) {
    for (; *s != '\0'; *s++) {
    c = *l ^ *s;
    ascii_text << c;
    }
    }
    return ascii_text.str();
    }

    Thanks
    Sam
     
    Dave, May 14, 2005
    #1
    1. Advertising

  2. Dave

    Rapscallion Guest

    Dave wrote:
    > I want to simply generate an encrypted text (with a static key) store

    in
    > a text file and validate it by decrypting the enrypted text with the
    > static key.


    The problem is probably located here:

    > encrypted_text << c;
    > ascii_text << c;


    Don't use op<< (better, don't use iostreams) here.

    R.
     
    Rapscallion, May 14, 2005
    #2
    1. Advertising

  3. Dave

    Ron Natalie Guest


    > void Auth::encrypt(string &text)

    Frankly, I'd return the encrypted string in a different string
    object rather than overwriting the input.
    > {
    > const char *k = text.c_str();
    > const char *s = _seed.c_str();


    What's with the char* pointers here? Have you heard of iterators?

    >
    > std::eek:stringstream encrypted_text;


    Why an ostringstream? You're only adding single characters to the
    output. You could just use another string object or a vector and
    it will be more efficient.

    > char c;
    > for (; *k != '\0'; *k++) {
    > for (; *s != '\0'; *s1++) {


    Nothing says that std::strings can't contain embedded nulls. You
    should use the length field in the string (or compare the iterator
    against the end() value).


    > encrypted_text << c;


    Your stream is in text mode which may insert additioanl characters.
    when you do this operation.

    > text = encrypted_text;


    You can't do this assignment. If you want to extract the string from
    the stringstream, you have to do
    encrypted_text.str()
    to get at it.
     
    Ron Natalie, May 14, 2005
    #3
  4. Dave

    Kai-Uwe Bux Guest

    Re: [OT] Simple crypto library, here: cryptographic aspects

    Dave wrote:

    > Hi,
    >
    > I want to simply generate an encrypted text (with a static key) store in
    > a text file and validate it by decrypting the enrypted text with the
    > static key.
    >
    > The static key is a plain text written in a C++ class.
    >
    > What is the simple way of writing this sort of functions in C/C++?
    >
    > I currently created two functions to deal with encryption and
    > decryption, but they don't functioning properly:
    >
    > void Auth::encrypt(string &text)
    > {
    > const char *k = text.c_str();
    > const char *s = _seed.c_str();
    >
    > std::eek:stringstream encrypted_text;
    > char c;
    > for (; *k != '\0'; *k++) {
    > for (; *s != '\0'; *s1++) {
    > c = *k ^ *s;
    > encrypted_text << c;
    > }
    > }
    > text = encrypted_text;
    > }

    [snipped: completely identical decrpytion]


    Others have already commented on the C++. And although it is off-topic in
    this group, it might be of interest to you that you are implementing a very
    weak cryptoscheme (to say it friendly). What you do is XORing the plaintext
    with a known key. This has the sad consequence that an attacker who gets a
    hold of one pair (plaintext,cyphertext) can derive an initial segment of
    your key (known plaintext attack). This kind of attack is considered not
    very difficult to mount.

    I do not known what for you want to use this cryptoscheme, but if you feel
    you actually need some cryptographic security, your scheme will not fit the
    bill. I would strongly advocate using an established cryptographic scheme
    if possible by using a well-trusted library implementation.


    Best

    Kai-Uwe Bux
     
    Kai-Uwe Bux, May 14, 2005
    #4
  5. Dave

    Dave Guest

    Re: [OT] Simple crypto library, here: cryptographic aspects

    Kai-Uwe Bux wrote:

    > Dave wrote:
    >
    >
    >>Hi,
    >>
    >>I want to simply generate an encrypted text (with a static key) store in
    >>a text file and validate it by decrypting the enrypted text with the
    >>static key.
    >>
    >>The static key is a plain text written in a C++ class.
    >>
    >>What is the simple way of writing this sort of functions in C/C++?
    >>
    >>I currently created two functions to deal with encryption and
    >>decryption, but they don't functioning properly:
    >>
    >>void Auth::encrypt(string &text)
    >>{
    >> const char *k = text.c_str();
    >> const char *s = _seed.c_str();
    >>
    >> std::eek:stringstream encrypted_text;
    >> char c;
    >> for (; *k != '\0'; *k++) {
    >> for (; *s != '\0'; *s1++) {
    >> c = *k ^ *s;
    >> encrypted_text << c;
    >> }
    >> }
    >> text = encrypted_text;
    >>}

    >
    > [snipped: completely identical decrpytion]
    >
    >
    > Others have already commented on the C++. And although it is off-topic in
    > this group, it might be of interest to you that you are implementing a very
    > weak cryptoscheme (to say it friendly). What you do is XORing the plaintext
    > with a known key. This has the sad consequence that an attacker who gets a
    > hold of one pair (plaintext,cyphertext) can derive an initial segment of
    > your key (known plaintext attack). This kind of attack is considered not
    > very difficult to mount.
    >
    > I do not known what for you want to use this cryptoscheme, but if you feel
    > you actually need some cryptographic security, your scheme will not fit the
    > bill. I would strongly advocate using an established cryptographic scheme
    > if possible by using a well-trusted library implementation.
    >
    >

    Do you have any suggestion about which C library I can use? The
    libcrypto++ is overkilled for my application.

    Thanks

    > Best
    >
    > Kai-Uwe Bux
     
    Dave, May 14, 2005
    #5
  6. Dave

    Dave Guest

    Re: [OT] Simple crypto library, here: cryptographic aspects

    Kai-Uwe Bux wrote:

    > Dave wrote:
    >
    >
    >>Hi,
    >>
    >>I want to simply generate an encrypted text (with a static key) store in
    >>a text file and validate it by decrypting the enrypted text with the
    >>static key.
    >>
    >>The static key is a plain text written in a C++ class.
    >>
    >>What is the simple way of writing this sort of functions in C/C++?
    >>
    >>I currently created two functions to deal with encryption and
    >>decryption, but they don't functioning properly:
    >>
    >>void Auth::encrypt(string &text)
    >>{
    >> const char *k = text.c_str();
    >> const char *s = _seed.c_str();
    >>
    >> std::eek:stringstream encrypted_text;
    >> char c;
    >> for (; *k != '\0'; *k++) {
    >> for (; *s != '\0'; *s1++) {
    >> c = *k ^ *s;
    >> encrypted_text << c;
    >> }
    >> }
    >> text = encrypted_text;
    >>}

    >
    > [snipped: completely identical decrpytion]
    >
    >
    > Others have already commented on the C++. And although it is off-topic in
    > this group, it might be of interest to you that you are implementing a very
    > weak cryptoscheme (to say it friendly). What you do is XORing the plaintext
    > with a known key. This has the sad consequence that an attacker who gets a
    > hold of one pair (plaintext,cyphertext) can derive an initial segment of
    > your key (known plaintext attack). This kind of attack is considered not
    > very difficult to mount.
    >
    > I do not known what for you want to use this cryptoscheme, but if you feel
    > you actually need some cryptographic security, your scheme will not fit the
    > bill. I would strongly advocate using an established cryptographic scheme
    > if possible by using a well-trusted library implementation.
    >
    >

    Actually I just want to make a licence key in a file so that my software
    can be validated with this key. What approach should I follow to code in
    C/C++. I just installed 'botan' in the system. But I m not sure which
    algo is suitable to be used in my context.

    Thanks

    > Best
    >
    > Kai-Uwe Bux
     
    Dave, May 14, 2005
    #6
  7. Dave

    Kai-Uwe Bux Guest

    Re: [OT] Simple crypto library, here: cryptographic aspects

    Dave wrote:

    [snip]
    > Actually I just want to make a licence key in a file so that my software
    > can be validated with this key. What approach should I follow to code in
    > C/C++. I just installed 'botan' in the system. But I m not sure which
    > algo is suitable to be used in my context.


    I will not pretend to be an expert. My knowledge in cryptography is (a)
    limited and (b) purely theoretical. I understand just enough cryptography
    to know that I (and most others) should not invent cryptoschemes nor
    implement cryptographic routines: there are just too many traps.

    That said, may I suggest you peek into sci.crypt. Over there, they seem to
    know a lot more about the pros and cons of various libraries and the
    suitability of various algorithms.


    Best

    Kai-Uwe Bux

    ps.: I do not understand what you mean by "validating your software". Do
    you want to safeguard against someone modifying your binary and inserting
    malicious code turning your program into a trojan? Then you could probably
    just publish a secure hash-code of your binary to make it tamperproof.
     
    Kai-Uwe Bux, May 14, 2005
    #7
  8. Re: [OT] Simple crypto library, here: cryptographic aspects

    Dave wrote:

    > Do you have any suggestion about which C library I can use? The
    > libcrypto++ is overkilled for my application.


    As far as I know most platforms provide cryptographic APIs. Doesn't your OS provide one?



    --
    Ioannis Vranos

    http://www23.brinkster.com/noicys
     
    Ioannis Vranos, May 14, 2005
    #8
  9. Dave

    Rapscallion Guest

    Re: Simple crypto library, here: cryptographic aspects

    Dave wrote:
    > Do you have any suggestion about which C library I can use? The
    > libcrypto++ is overkilled for my application.


    There are several at http://sourceforge.net
     
    Rapscallion, May 14, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gandalf

    Interfacing Python crypto library

    Gandalf, Jun 15, 2004, in forum: Python
    Replies:
    0
    Views:
    490
    Gandalf
    Jun 15, 2004
  2. GiBo

    Which Crypto Library?

    GiBo, Feb 22, 2007, in forum: Python
    Replies:
    1
    Views:
    249
    James Stroud
    Feb 22, 2007
  3. =?UTF-8?Q?P=C4=B1nar_Yanarda=C4=9F?=

    looking for a simple crypto library

    =?UTF-8?Q?P=C4=B1nar_Yanarda=C4=9F?=, Mar 15, 2007, in forum: Python
    Replies:
    4
    Views:
    290
    =?UTF-8?Q?P=C4=B1nar_Yanarda=C4=9F?=
    Mar 16, 2007
  4. Replies:
    0
    Views:
    319
  5. Replies:
    0
    Views:
    314
Loading...

Share This Page