C/C++ encrypt/decrypt with public key

Asked 8/11, 2010 at 13:20 Answered 8/11, 2010 at 17:33

I'm looking for two functions conceptually similar to these:

// returns the encrypted text
string encrypt( string public_key, string pass_phrase, string text );
// returns the original text
string decrypt( string private_key, string pass_phrase, string encrypted_text );

where string could be a char*, a std::string or something easily convertible to those two. And where public_key and private_key can be basically anything, from keys generated with some commands (gpg/ssl stuff or whatever), to keys generated with other simple functions.

I've looked into a few cryptography libraries (libgcrypt, libgpgme, openssl ...), but it doesn't look easy at all to implement such functions with those libraries: they require a non-superficial knowledge about asymmetric encryption and a lot of code.

Anyway this task doesn't seem uncommon. How can I implement the two functions above?

Spermary answered 8/11, 2010 at 13:20 Comment(5)

Have you checked out Keyczar? code.google.com/p/keyczar – Laddy 8/11, 2010 at 13:32

encrypted_text is probably binary data. You need to watch out for embedded zeros. I'd include lengths in the prototypes ... – Genniegennifer 8/11, 2010 at 13:32

@pmg: I realize there's a [c]-tag, but I suppose peoro is thinking of C++'s std::string, which is 8-bit clean and includes a length, separate from the contents of the string. – Orthodoxy 8/11, 2010 at 13:37

@pmg: I considered string to have a length embedded somewhere. Of course if strings are char*s, all of those parameters will need another one for the length: also keys (and potentially even plaint text) are binary. – Spermary 8/11, 2010 at 13:43

@kotlinski: no, I didn't check it out. I'll give it a look! – Spermary 8/11, 2010 at 13:43

Unfortunately, encryption always requires a non-superficial knowledge of the algorithms involved. It is hard to get right. The "Handbook of Applied Cryptography" is a relatively readable guide to the various algorithms available so it's probably worth a look.

You could also try cryptlib. It seems to have a well-layered design that gives you sensible defaults for a lot of parameters so you can hopefully get started without having to worry too much about the details.

Venomous answered 8/11, 2010 at 13:33 Comment(4)

Well, I don't agree that much. The two functions of which I gave the signature (plus another one to gen a public/private key pair) should be enough to play with encryption. Of course they aren't very customizable, so they won't be secure enough to be used with something serious, but I guess they're OK for 99% of cases... – Spermary 8/11, 2010 at 13:51

I'll give a look to cryptlib, anyway, thanks for pointing it out! – Spermary 8/11, 2010 at 13:51

I'd suggest you also change your function signatures to work in terms of bytes, not strings. Crypto generally works on opaque byte arrays and adding string semantics will just make things harder. At this layer, a key is just a set of bytes, a passphrase is a set of bytes, and the clear/cipher text are both sets of bytes. They may represent strings with some kind of character encoding (ASCII, UTF-8 or whatever), but the crypto layer doesn't care about that. – Venomous 8/11, 2010 at 14:26

Absolutely disagree. – Bracknell 8/7, 2016 at 18:22

When someone asks for easy encryption, I can only recommend KeyCzar.

It not only provides a clean interface in several languages (that can use the same keys) but also mechanisms to handle key rotations and the like.

And of course, safe defaults for the algorithms implemented so that you don't have to worry about the technical details.

Really, the better easy & safe combination I've seen so far.

Stain answered 8/11, 2010 at 17:33 Comment(3)

isn't keyczar just a wrapper around openssl etc.? – Postimpressionism 25/7, 2013 at 10:26

@BjornWesen: yes, it is. From the link Keyczar is designed to be open, extensible, and cross-platform compatible. It is not intended to replace existing cryptographic libraries like OpenSSL, PyCrypto, or the Java JCE, and in fact is built on these libraries. (emphasis mine) The one benefit of KeyCzar is that it chooses safe defaults for you so you do not shoot yourself in the foot. – Stain 25/7, 2013 at 11:59

yeah, and that is of course a very appreciated goal :) I did just find myself in the same situation needing a lightweight library doing some public key sign/verification though, and the thought of having to involve openssl "just" to do that is heavy.. i did find libtom afterwards which is probably ok for many things. – Postimpressionism 25/7, 2013 at 23:47

Assuming you don’t need something platform agnostic, Cryptography Next Generation (CNG) is a relatively new cryptography API on Windows and is surprisingly intuitive and easy to use. I wrote an article that includes examples of all the main cryptographic operations you’re likely to need in typical applications. The sample code for the article also provides a complete working example for these operations using the Visual C++ compiler.

http://msdn.microsoft.com/en-us/magazine/cc163389.aspx

To treat public and private keys as strings you could simply use Base64 or a similar encoding.

Madonia answered 8/11, 2010 at 13:32 Comment(2)

The link just gives an index of magazines. Which one has your article? Thanks! – Abalone 29/12, 2018 at 14:19

Sadly those older articles have been archived as chm files. download.microsoft.com/download/3/A/7/… – Madonia 2/1, 2019 at 18:0

Recommended topics

Hot tags