Stephen, I looked at the FAQ, and it looks like it might be better to split the filter up into sections (just like you had to start with... but read on below):
Encrypting: #include "sha.h" #include "hmac.h" string plaintext = ... input text ... string ciphertext; int myDigestLen = SHA::DIGESTSIZE ; // for MAC key byte myMac[myDigestLen]; byte myDigest[myDigestLen]; // or SHA::DIGESTSIZE if the variable don't work CFB_Mode<AES>::Encryption aes_encrypt (m_encryKey, AES::DEFAULT_KEYLENGTH, m_iv); _______________________________________ StreamTransformationFilter *cfbEncryptor = new StreamTransformationFilter (aes_encrypt, /* except here we don't encode yet*/ new Base64Encoder (new StringSink (ciphertext))); ------------------------------------------------------------------------ ************************************************************ StreamTransformationFilter *cfbEncryptor = new StreamTransformationFilter (aes_encrypt, (new StringSink (ciphertext))); StringSource source (plaintext, true, cfbEncryptor); // use hash of the encryption key for the MAC key.... SHA().CalculateDigest(myDigest, m_encryKey, AES::DEFAULT_KEYLENGTH); HMAC<SHA>(myDigest, myDigestLen).CalculateDigest(ciphertext, ciphertext.length()); // NOTE: on mine, string.length() returns the actual length even if there are embedded null chars // in the string (I'm using std::string template class). ciphertext.append((const char*)myMac, mydigestLen); ****************************************************************************** *********************** This is getting weird.... HashFilter(HashTransformation &hm, BufferedTransformation *attachment = NULL, bool putMessage=false); Because SHA is a HashTransfromation, and HMAC<SHA> "is a" SHA... and a HashFilter can be part of a filter chain.... Looks like we may can do: StringSource source (plaintext, true, new StreamTransformationFilter(aes_encrypt, (new HashFilter(HMAC<SHA>(key, keylen), new Base64Encoder(new StringSink (ciphertext), false, 4096), true)))); BUT I don't know if we can use HMAC<SHA> in the constructor of the HashFilter, BUT we may be able to declare HMAC<SHA> mac(key, keylen); above then use mac in the constructor where I have (new HashFilter(HMAC<SHA>... so that it reads (new HashFilter(mac(key, keylen.... Note that the key for the HMAC should NOT be the same key as the one for aes_encrypt.... even using the hash of that key might not be safe... ****************************************************************************** *********************** Lets see if I get any comments from those with more experience before we look at decrypting... Rickey
