I want to write a small program in C/C++ which reads a small text file, and encrypts it, using a "internal" key. Then I also want to write another small program which can decrypt the encrypted file using internally the same key.
I looked at openSSL site and googled but found not simple example, has somebody ever tried to do this thing?
Ideally, you could use an existing tool like ccrypt, but here goes:
#include <openssl/aes.h>
/* ... */
{
int bytes_read, bytes_written;
unsigned char indata[AES_BLOCK_SIZE];
unsigned char outdata[AES_BLOCK_SIZE];
/* ckey and ivec are the two 128-bits keys necesary to
en- and recrypt your data. Note that ckey can be
192 or 256 bits as well */
unsigned char ckey[] = "thiskeyisverybad";
unsigned char ivec[] = "dontusethisinput";
/* data structure that contains the key itself */
AES_KEY key;
/* set the encryption key */
AES_set_encrypt_key(ckey, 128, &key);
/* set where on the 128 bit encrypted block to begin encryption*/
int num = 0;
while (1) {
bytes_read = fread(indata, 1, AES_BLOCK_SIZE, ifp);
AES_cfb128_encrypt(indata, outdata, bytes_read, &key, ivec, &num,
AES_ENCRYPT);
bytes_written = fwrite(outdata, 1, bytes_read, ofp);
if (bytes_read < AES_BLOCK_SIZE)
break;
}
}
Decryption is done by calling AES_cfb128_encrypt with AES_DECRYPT as the last parameter. Note that this code hasn't been given anything more than the most elementary of testing, and that you really should use proper 8-bits random data for ckey and ivec.
EDIT: It seems AES_cfb128_encrypt accepts data of arbitrary length, so you're not required to encrypt in blocks of AES_BLOCK_SIZE (16) bytes.
FILE *ifp = fopen("input_file", "rb"); FILE *ofp = fopen("output_file", "wb"); –
Maui Previous answers have pointed you towards how to do what you asked for.
I'd like to add a word on why you probably shouldn't do this.
What you are talking about is called "symmetric encryption" (the same key is used for encrypting and decrypting, as opposed to asymmetric encryption where everything encrypted with one key can only be decrypted by a specific counterpart).
Disassembling an executable to determine a hardcoded key being used is next-to-trivial. That means, anyone who gets his/her hands on one of your executables, ever, can break the encryption of any message ever exchanged.
Unless the application you have in mind is very specific, this means your setup might "look" secure, but isn't. In these cases, it's usually better not to encrypt at all, so that no-one involved falls for that false sense of security...
It's very good you are looking to standard libraries to do the encryption (instead of implementing / creating an algorithm yourself), but the protocoll (how applications, keys, and messages are used and exchanged) is at least as important as the cipher itself. You might want to have your ideas tested by someone dealing in cryptography, to tell you the weaknesses. (I'm sure there's enough of that kind here at StackOverflow. ;-) )
OpenSSL is specifically concerned with implementing SSL and TLS which are protocols for encrypting data over a network. Since you are just looking to encrypt a file, it is possible to use OpenSSL but not ideal.
Instead, I would use something like BeeCrypt or Crypto++® Library 5.6.0 which both provide examples for their use.
BIO's, which are an abstraction. The library is fine with memory buffers, file buffers, sockets, and other I/O objects. The cryptography portion of the library (libcrypto.a) can be used stand alone; and the SSL portion (libssl.a) is built on top of the cryptography. –
Alys © 2022 - 2024 — McMap. All rights reserved.
EVP_*functions. TheEVP_*functions use hardware, like AES-NI (if available). See EVP Symmetric Encryption and Decryption on the OpenSSL wiki. In fact, you should probably be using authenticated encryption because it provides both confidentiality and authenticity. See EVP Authenticated Encryption and Decryption on the OpenSSL wiki. – Alys