Provides basic encryption support. More...
Classes | |
class | crypto::RSAPublicKey |
public key suitable for encrypting More... | |
class | crypto::RSAKey |
private/public key pair. More... | |
class | crypto::DESKey |
fast symmetric encryption More... | |
Functions | |
virtual std::string | crypto::RSAPublicKey::serialize (void)=0 |
return a serialized (string) version of the public key | |
virtual std::string | crypto::RSAPublicKey::encrypt (IN const char *plaintext)=0 |
return the given text encrypted with the public key | |
static smart_ptr< RSAPublicKey > | crypto::RSAPublicKey::create (IN const char *serialized) |
factory to create public key from serialized (string) version | |
virtual smart_ptr< RSAPublicKey > | crypto::RSAKey::getPublicKey (void)=0 |
return the public key for the public/private pair | |
virtual std::string | crypto::RSAKey::decrypt (IN const char *encrypted)=0 |
decrypt a string encrypted with the public key, using the private key | |
static smart_ptr< RSAKey > | crypto::RSAKey::create (void) |
create new RSA public/private key pair (note: very expensive!) | |
virtual std::string | crypto::DESKey::serialize (void)=0 |
return a serialized (string) version of the DES key | |
virtual std::string | crypto::DESKey::encrypt (IN const char *plaintext, IN int minSize)=0 |
encrypt the given plaintext string using the DES key (pads if necessary to fill out to minSize) | |
virtual std::string | crypto::DESKey::decrypt (IN const char *encrypted)=0 |
decrypt the given string using the DES key (returns original plaintext) | |
static smart_ptr< DESKey > | crypto::DESKey::create (void) |
create new DES key | |
static smart_ptr< DESKey > | crypto::DESKey::create (IN const char *serialized) |
factory to create DES key from serialized (string) version | |
| |
typedef std::vector< byte_t > | crypto::vec_byte_t |
std::string | crypto::getSHA1 (IN const char *data) |
quick one-way encryption (SHA1 algorithm, see http://en.wikipedia.org/wiki/SHA-1) | |
std::string | crypto::encodeBase64 (IN const byte_t *data, IN long bytes, IN bool encodeLength=true) |
given binary data, encode into base64 ascii string | |
void | crypto::decodeBase64 (IN const char *base64, OUT vec_byte_t &data) |
given base64 ascii string, decode into byte array |
Provides basic encryption support.
Simple objects to abstract:
These are optimized for usability (and correctness) over efficiency! If you are doing hardcore crypto you should use the RSA APIs directly. For instance, these APIs aren't clever about memory management, they allocate and de-allocate as needed.
Encrypted strings have simple encoding applied so they are safe to pass around as strings (no null characters and should be MIME-friendly). Decryption routines assume the string is encoded and they will decode first. In theory these could be split out but in practice I expect most people to just treat the encrypted strings opaquely anyway.
These APIs are best for applications that are using crypto tactically in just a few rarely-used places.
Seed the randomizer before calling any crypto APIs
Because the RSA libraries are confusing (or at least, I wasn't clever enough to determine if there was a standard way of serializing keys or not), I don't think the results of these can be mixed with other libraries. That is, you can't take the encrypted value from this API and decrypt it using another API. All encryption/decryption must happen using these APIs (although that can happen across processes and machines, etc.).
These aren't designed for streaming. These are designed for encryption of small blocks of data (a couple of KB or so at most). These APIs are designed for user-readable null-terminated strings, not arbitrary binary data.
Typical usage is to create a DESKey for use in encrypting data, and only use the public/private keys to safely exchange the DES key.
Example:
Generate RSAKey on host 1:
smart_ptr<RSAKey> rsa = RSAKey::create(); // expensive! smart_ptr<RSAPublicKey> pubkey = rsa->getPublicKey(); std::string serialized = pubkey->serialize(); // great, now send serialized version of public key to host 2 send_string_to("host2", serialized);
Then, on host 2:
// receive string from remote host std::string serialized = get_string_from("host1"); // deserialize into local version of their public key smart_ptr<RSAPublicKey> pubkey = RSAPublicKey::create(serialized.c_str()); // create a new secret symmetric encryption key smart_ptr<DESKey> secret = DESKey::create(); std::string des_serial = secret->serialize(); // encrypt DES key (secret) with host 1's public key std::string encrypted = pubkey->encrypt(des_serial.c_str()); // send secret to host 1 send_string_to("host1", encrypted);
Then, back on host 1:
// receive encrypted secret from host 2 std::string encrypted = get_string_from("host2"); // decrypt using our private key std::string serialized = rsa->decrypt(encrypted.c_str()); // deserialize DES key so we have a local copy smart_ptr<DESKey> secret = DESKey::create(serialized.c_str()); // now I can communicate with host 2 using shared secret key std::string password = secret->encrypt("This is my password!"); send_string_to("host2", password);
Don't get too excited about these, because you are still vulnerable to attack/cracking during the initial handshake phase (how do you trust the machine you are handing your public key to?). But these are intended to make it harder to crack non-critical data, for instance game data where you want to make it more expensive but not necessarily impossible to crack other players' packets.
Put another way, the code above is vulnerable to man-in-the-middle attacks but is good protection against passive listeners.
Also, someday this library may beef up the handshake process, at which point the other code could be more generally useful and secure.
typedef std::vector<byte_t> crypto::vec_byte_t |
Definition at line 236 of file wave-crypto.h.
virtual std::string crypto::RSAPublicKey::serialize | ( | void | ) | [pure virtual, inherited] |
return a serialized (string) version of the public key
virtual std::string crypto::RSAPublicKey::encrypt | ( | IN const char * | plaintext | ) | [pure virtual, inherited] |
return the given text encrypted with the public key
smart_ptr< RSAPublicKey > crypto::RSAPublicKey::create | ( | IN const char * | serialized | ) | [static, inherited] |
factory to create public key from serialized (string) version
Definition at line 721 of file wave-crypto.cpp.
virtual smart_ptr<RSAPublicKey> crypto::RSAKey::getPublicKey | ( | void | ) | [pure virtual, inherited] |
return the public key for the public/private pair
virtual std::string crypto::RSAKey::decrypt | ( | IN const char * | encrypted | ) | [pure virtual, inherited] |
decrypt a string encrypted with the public key, using the private key
smart_ptr< RSAKey > crypto::RSAKey::create | ( | void | ) | [static, inherited] |
create new RSA public/private key pair (note: very expensive!)
Definition at line 739 of file wave-crypto.cpp.
virtual std::string crypto::DESKey::serialize | ( | void | ) | [pure virtual, inherited] |
return a serialized (string) version of the DES key
virtual std::string crypto::DESKey::encrypt | ( | IN const char * | plaintext, | |
IN int | minSize | |||
) | [pure virtual, inherited] |
encrypt the given plaintext string using the DES key (pads if necessary to fill out to minSize)
virtual std::string crypto::DESKey::decrypt | ( | IN const char * | encrypted | ) | [pure virtual, inherited] |
decrypt the given string using the DES key (returns original plaintext)
smart_ptr< DESKey > crypto::DESKey::create | ( | void | ) | [static, inherited] |
create new DES key
Definition at line 757 of file wave-crypto.cpp.
smart_ptr< DESKey > crypto::DESKey::create | ( | IN const char * | serialized | ) | [static, inherited] |
factory to create DES key from serialized (string) version
Definition at line 775 of file wave-crypto.cpp.
std::string crypto::getSHA1 | ( | IN const char * | data | ) |
quick one-way encryption (SHA1 algorithm, see http://en.wikipedia.org/wiki/SHA-1)
std::string crypto::encodeBase64 | ( | IN const byte_t * | data, | |
IN long | bytes, | |||
IN bool | encodeLength | |||
) |
given binary data, encode into base64 ascii string
void crypto::decodeBase64 | ( | IN const char * | base64, | |
OUT vec_byte_t & | data | |||
) |
given base64 ascii string, decode into byte array