Simple crypto library

[Dave]

Hi,

I want to simply generate an encrypted text (with a static key) store in
a text file and validate it by decrypting the enrypted text with the
static key.

The static key is a plain text written in a C++ class.

What is the simple way of writing this sort of functions in C/C++?

I currently created two functions to deal with encryption and
decryption, but they don't functioning properly:

void Auth::encrypt(string &text)
{
const char *k = text.c_str();
const char *s = _seed.c_str();

std:stringstream encrypted_text;
char c;
for (; *k != '\0'; *k++) {
for (; *s != '\0'; *s1++) {
c = *k ^ *s;
encrypted_text << c;
}
}
text = encrypted_text;
}

string Auth::decrypt(string &line)
{
const char *l = line.c_str();
const char *s = _seed.c_str();

std:stringstream ascii_text;
char c;
for (; *l != '\0'; *l++) {
for (; *s != '\0'; *s++) {
c = *l ^ *s;
ascii_text << c;
}
}
return ascii_text.str();
}

Thanks
Sam

 

[Rapscallion]

I want to simply generate an encrypted text (with a static key) store in
a text file and validate it by decrypting the enrypted text with the
static key.

The problem is probably located here:

encrypted_text << c;
ascii_text << c;

Don't use op<< (better, don't use iostreams) here.

R.

 

[Ron Natalie]

void Auth::encrypt(string &text)

Frankly, I'd return the encrypted string in a different string
object rather than overwriting the input.

{
const char *k = text.c_str();
const char *s = _seed.c_str();

What's with the char* pointers here? Have you heard of iterators?

std:stringstream encrypted_text;

Why an ostringstream? You're only adding single characters to the
output. You could just use another string object or a vector and
it will be more efficient.

char c;
for (; *k != '\0'; *k++) {
for (; *s != '\0'; *s1++) {

Nothing says that std::strings can't contain embedded nulls. You
should use the length field in the string (or compare the iterator
against the end() value).

encrypted_text << c;

Your stream is in text mode which may insert additioanl characters.
when you do this operation.

text = encrypted_text;

You can't do this assignment. If you want to extract the string from
the stringstream, you have to do
encrypted_text.str()
to get at it.

 

[Kai-Uwe Bux]

Hi,

I want to simply generate an encrypted text (with a static key) store in
a text file and validate it by decrypting the enrypted text with the
static key.

The static key is a plain text written in a C++ class.

What is the simple way of writing this sort of functions in C/C++?

I currently created two functions to deal with encryption and
decryption, but they don't functioning properly:

void Auth::encrypt(string &text)
{
const char *k = text.c_str();
const char *s = _seed.c_str();

std:stringstream encrypted_text;
char c;
for (; *k != '\0'; *k++) {
for (; *s != '\0'; *s1++) {
c = *k ^ *s;
encrypted_text << c;
}
}
text = encrypted_text;
}

[snipped: completely identical decrpytion]


Others have already commented on the C++. And although it is off-topic in
this group, it might be of interest to you that you are implementing a very
weak cryptoscheme (to say it friendly). What you do is XORing the plaintext
with a known key. This has the sad consequence that an attacker who gets a
hold of one pair (plaintext,cyphertext) can derive an initial segment of
your key (known plaintext attack). This kind of attack is considered not
very difficult to mount.

I do not known what for you want to use this cryptoscheme, but if you feel
you actually need some cryptographic security, your scheme will not fit the
bill. I would strongly advocate using an established cryptographic scheme
if possible by using a well-trusted library implementation.


Best

Kai-Uwe Bux

 

[Dave]

Dave wrote:

Hi,

I want to simply generate an encrypted text (with a static key) store in
a text file and validate it by decrypting the enrypted text with the
static key.

The static key is a plain text written in a C++ class.

What is the simple way of writing this sort of functions in C/C++?

I currently created two functions to deal with encryption and
decryption, but they don't functioning properly:

void Auth::encrypt(string &text)
{
const char *k = text.c_str();
const char *s = _seed.c_str();

std:stringstream encrypted_text;
char c;
for (; *k != '\0'; *k++) {
for (; *s != '\0'; *s1++) {
c = *k ^ *s;
encrypted_text << c;
}
}
text = encrypted_text;
}

[snipped: completely identical decrpytion]


Others have already commented on the C++. And although it is off-topic in
this group, it might be of interest to you that you are implementing a very
weak cryptoscheme (to say it friendly). What you do is XORing the plaintext
with a known key. This has the sad consequence that an attacker who gets a
hold of one pair (plaintext,cyphertext) can derive an initial segment of
your key (known plaintext attack). This kind of attack is considered not
very difficult to mount.

I do not known what for you want to use this cryptoscheme, but if you feel
you actually need some cryptographic security, your scheme will not fit the
bill. I would strongly advocate using an established cryptographic scheme
if possible by using a well-trusted library implementation.

Do you have any suggestion about which C library I can use? The
libcrypto++ is overkilled for my application.

Thanks

 

[Dave]

Dave wrote:

Hi,

I want to simply generate an encrypted text (with a static key) store in
a text file and validate it by decrypting the enrypted text with the
static key.

The static key is a plain text written in a C++ class.

What is the simple way of writing this sort of functions in C/C++?

I currently created two functions to deal with encryption and
decryption, but they don't functioning properly:

void Auth::encrypt(string &text)
{
const char *k = text.c_str();
const char *s = _seed.c_str();

std:stringstream encrypted_text;
char c;
for (; *k != '\0'; *k++) {
for (; *s != '\0'; *s1++) {
c = *k ^ *s;
encrypted_text << c;
}
}
text = encrypted_text;
}

[snipped: completely identical decrpytion]


Others have already commented on the C++. And although it is off-topic in
this group, it might be of interest to you that you are implementing a very
weak cryptoscheme (to say it friendly). What you do is XORing the plaintext
with a known key. This has the sad consequence that an attacker who gets a
hold of one pair (plaintext,cyphertext) can derive an initial segment of
your key (known plaintext attack). This kind of attack is considered not
very difficult to mount.

I do not known what for you want to use this cryptoscheme, but if you feel
you actually need some cryptographic security, your scheme will not fit the
bill. I would strongly advocate using an established cryptographic scheme
if possible by using a well-trusted library implementation.

Actually I just want to make a licence key in a file so that my software
can be validated with this key. What approach should I follow to code in
C/C++. I just installed 'botan' in the system. But I m not sure which
algo is suitable to be used in my context.

Thanks

 

[Kai-Uwe Bux]

Dave wrote:

[snip]

Actually I just want to make a licence key in a file so that my software
can be validated with this key. What approach should I follow to code in
C/C++. I just installed 'botan' in the system. But I m not sure which
algo is suitable to be used in my context.

I will not pretend to be an expert. My knowledge in cryptography is (a)
limited and (b) purely theoretical. I understand just enough cryptography
to know that I (and most others) should not invent cryptoschemes nor
implement cryptographic routines: there are just too many traps.

That said, may I suggest you peek into sci.crypt. Over there, they seem to
know a lot more about the pros and cons of various libraries and the
suitability of various algorithms.


Best

Kai-Uwe Bux

ps.: I do not understand what you mean by "validating your software". Do
you want to safeguard against someone modifying your binary and inserting
malicious code turning your program into a trojan? Then you could probably
just publish a secure hash-code of your binary to make it tamperproof.

 

[Ioannis Vranos]

Do you have any suggestion about which C library I can use? The
libcrypto++ is overkilled for my application.

As far as I know most platforms provide cryptographic APIs. Doesn't your OS provide one?

 

[Rapscallion]

Do you have any suggestion about which C library I can use? The
libcrypto++ is overkilled for my application.

There are several at http://sourceforge.net