Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C++ > Simple crypto library

Reply
Thread Tools

Simple crypto library

 
 
Dave
Guest
Posts: n/a
 
      05-14-2005
Hi,

I want to simply generate an encrypted text (with a static key) store in
a text file and validate it by decrypting the enrypted text with the
static key.

The static key is a plain text written in a C++ class.

What is the simple way of writing this sort of functions in C/C++?

I currently created two functions to deal with encryption and
decryption, but they don't functioning properly:

void Auth::encrypt(string &text)
{
const char *k = text.c_str();
const char *s = _seed.c_str();

std:stringstream encrypted_text;
char c;
for (; *k != '\0'; *k++) {
for (; *s != '\0'; *s1++) {
c = *k ^ *s;
encrypted_text << c;
}
}
text = encrypted_text;
}

string Auth::decrypt(string &line)
{
const char *l = line.c_str();
const char *s = _seed.c_str();

std:stringstream ascii_text;
char c;
for (; *l != '\0'; *l++) {
for (; *s != '\0'; *s++) {
c = *l ^ *s;
ascii_text << c;
}
}
return ascii_text.str();
}

Thanks
Sam

 
Reply With Quote
 
 
 
 
Rapscallion
Guest
Posts: n/a
 
      05-14-2005
Dave wrote:
> I want to simply generate an encrypted text (with a static key) store

in
> a text file and validate it by decrypting the enrypted text with the
> static key.


The problem is probably located here:

> encrypted_text << c;
> ascii_text << c;


Don't use op<< (better, don't use iostreams) here.

R.

 
Reply With Quote
 
 
 
 
Ron Natalie
Guest
Posts: n/a
 
      05-14-2005

> void Auth::encrypt(string &text)

Frankly, I'd return the encrypted string in a different string
object rather than overwriting the input.
> {
> const char *k = text.c_str();
> const char *s = _seed.c_str();


What's with the char* pointers here? Have you heard of iterators?

>
> std:stringstream encrypted_text;


Why an ostringstream? You're only adding single characters to the
output. You could just use another string object or a vector and
it will be more efficient.

> char c;
> for (; *k != '\0'; *k++) {
> for (; *s != '\0'; *s1++) {


Nothing says that std::strings can't contain embedded nulls. You
should use the length field in the string (or compare the iterator
against the end() value).


> encrypted_text << c;


Your stream is in text mode which may insert additioanl characters.
when you do this operation.

> text = encrypted_text;


You can't do this assignment. If you want to extract the string from
the stringstream, you have to do
encrypted_text.str()
to get at it.
 
Reply With Quote
 
Kai-Uwe Bux
Guest
Posts: n/a
 
      05-14-2005
Dave wrote:

> Hi,
>
> I want to simply generate an encrypted text (with a static key) store in
> a text file and validate it by decrypting the enrypted text with the
> static key.
>
> The static key is a plain text written in a C++ class.
>
> What is the simple way of writing this sort of functions in C/C++?
>
> I currently created two functions to deal with encryption and
> decryption, but they don't functioning properly:
>
> void Auth::encrypt(string &text)
> {
> const char *k = text.c_str();
> const char *s = _seed.c_str();
>
> std:stringstream encrypted_text;
> char c;
> for (; *k != '\0'; *k++) {
> for (; *s != '\0'; *s1++) {
> c = *k ^ *s;
> encrypted_text << c;
> }
> }
> text = encrypted_text;
> }

[snipped: completely identical decrpytion]


Others have already commented on the C++. And although it is off-topic in
this group, it might be of interest to you that you are implementing a very
weak cryptoscheme (to say it friendly). What you do is XORing the plaintext
with a known key. This has the sad consequence that an attacker who gets a
hold of one pair (plaintext,cyphertext) can derive an initial segment of
your key (known plaintext attack). This kind of attack is considered not
very difficult to mount.

I do not known what for you want to use this cryptoscheme, but if you feel
you actually need some cryptographic security, your scheme will not fit the
bill. I would strongly advocate using an established cryptographic scheme
if possible by using a well-trusted library implementation.


Best

Kai-Uwe Bux
 
Reply With Quote
 
Dave
Guest
Posts: n/a
 
      05-14-2005
Kai-Uwe Bux wrote:

> Dave wrote:
>
>
>>Hi,
>>
>>I want to simply generate an encrypted text (with a static key) store in
>>a text file and validate it by decrypting the enrypted text with the
>>static key.
>>
>>The static key is a plain text written in a C++ class.
>>
>>What is the simple way of writing this sort of functions in C/C++?
>>
>>I currently created two functions to deal with encryption and
>>decryption, but they don't functioning properly:
>>
>>void Auth::encrypt(string &text)
>>{
>> const char *k = text.c_str();
>> const char *s = _seed.c_str();
>>
>> std:stringstream encrypted_text;
>> char c;
>> for (; *k != '\0'; *k++) {
>> for (; *s != '\0'; *s1++) {
>> c = *k ^ *s;
>> encrypted_text << c;
>> }
>> }
>> text = encrypted_text;
>>}

>
> [snipped: completely identical decrpytion]
>
>
> Others have already commented on the C++. And although it is off-topic in
> this group, it might be of interest to you that you are implementing a very
> weak cryptoscheme (to say it friendly). What you do is XORing the plaintext
> with a known key. This has the sad consequence that an attacker who gets a
> hold of one pair (plaintext,cyphertext) can derive an initial segment of
> your key (known plaintext attack). This kind of attack is considered not
> very difficult to mount.
>
> I do not known what for you want to use this cryptoscheme, but if you feel
> you actually need some cryptographic security, your scheme will not fit the
> bill. I would strongly advocate using an established cryptographic scheme
> if possible by using a well-trusted library implementation.
>
>

Do you have any suggestion about which C library I can use? The
libcrypto++ is overkilled for my application.

Thanks

> Best
>
> Kai-Uwe Bux

 
Reply With Quote
 
Dave
Guest
Posts: n/a
 
      05-14-2005
Kai-Uwe Bux wrote:

> Dave wrote:
>
>
>>Hi,
>>
>>I want to simply generate an encrypted text (with a static key) store in
>>a text file and validate it by decrypting the enrypted text with the
>>static key.
>>
>>The static key is a plain text written in a C++ class.
>>
>>What is the simple way of writing this sort of functions in C/C++?
>>
>>I currently created two functions to deal with encryption and
>>decryption, but they don't functioning properly:
>>
>>void Auth::encrypt(string &text)
>>{
>> const char *k = text.c_str();
>> const char *s = _seed.c_str();
>>
>> std:stringstream encrypted_text;
>> char c;
>> for (; *k != '\0'; *k++) {
>> for (; *s != '\0'; *s1++) {
>> c = *k ^ *s;
>> encrypted_text << c;
>> }
>> }
>> text = encrypted_text;
>>}

>
> [snipped: completely identical decrpytion]
>
>
> Others have already commented on the C++. And although it is off-topic in
> this group, it might be of interest to you that you are implementing a very
> weak cryptoscheme (to say it friendly). What you do is XORing the plaintext
> with a known key. This has the sad consequence that an attacker who gets a
> hold of one pair (plaintext,cyphertext) can derive an initial segment of
> your key (known plaintext attack). This kind of attack is considered not
> very difficult to mount.
>
> I do not known what for you want to use this cryptoscheme, but if you feel
> you actually need some cryptographic security, your scheme will not fit the
> bill. I would strongly advocate using an established cryptographic scheme
> if possible by using a well-trusted library implementation.
>
>

Actually I just want to make a licence key in a file so that my software
can be validated with this key. What approach should I follow to code in
C/C++. I just installed 'botan' in the system. But I m not sure which
algo is suitable to be used in my context.

Thanks

> Best
>
> Kai-Uwe Bux

 
Reply With Quote
 
Kai-Uwe Bux
Guest
Posts: n/a
 
      05-14-2005
Dave wrote:

[snip]
> Actually I just want to make a licence key in a file so that my software
> can be validated with this key. What approach should I follow to code in
> C/C++. I just installed 'botan' in the system. But I m not sure which
> algo is suitable to be used in my context.


I will not pretend to be an expert. My knowledge in cryptography is (a)
limited and (b) purely theoretical. I understand just enough cryptography
to know that I (and most others) should not invent cryptoschemes nor
implement cryptographic routines: there are just too many traps.

That said, may I suggest you peek into sci.crypt. Over there, they seem to
know a lot more about the pros and cons of various libraries and the
suitability of various algorithms.


Best

Kai-Uwe Bux

ps.: I do not understand what you mean by "validating your software". Do
you want to safeguard against someone modifying your binary and inserting
malicious code turning your program into a trojan? Then you could probably
just publish a secure hash-code of your binary to make it tamperproof.
 
Reply With Quote
 
Ioannis Vranos
Guest
Posts: n/a
 
      05-14-2005
Dave wrote:

> Do you have any suggestion about which C library I can use? The
> libcrypto++ is overkilled for my application.


As far as I know most platforms provide cryptographic APIs. Doesn't your OS provide one?



--
Ioannis Vranos

http://www23.brinkster.com/noicys
 
Reply With Quote
 
Rapscallion
Guest
Posts: n/a
 
      05-14-2005
Dave wrote:
> Do you have any suggestion about which C library I can use? The
> libcrypto++ is overkilled for my application.


There are several at http://sourceforge.net

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
crypto library for license management? jhc0033@gmail.com C++ 0 04-22-2008 04:26 PM
crypto library for license management? jhc0033@gmail.com C++ 0 04-22-2008 04:24 PM
looking for a simple crypto library =?UTF-8?Q?P=C4=B1nar_Yanarda=C4=9F?= Python 4 03-16-2007 04:52 PM
Which Crypto Library? GiBo Python 1 02-22-2007 02:16 AM
Interfacing Python crypto library Gandalf Python 0 06-15-2004 11:37 AM



Advertisments