That information and some sample code would go a long way in helping newbies implement crypto++, it would have saved me considerable time incorporating crypto++ into my project, perhaps adding it to the Crypto++ FAQ site would be a good idea, if it's not there already? I haven't seen it if so. The sample code that I have seen doesn't show much in the way of handling large amounts of data for instance strings. The problem I had was, I had large strings/byte arrays between 1k and 2M and could find no good examples or recommendations on how to do it.
A.J. Mayorga Network Security Engineer US NAVY~FIWC~Red Team~R&D -----Original Message----- From: Wei Dai [mailto:[EMAIL PROTECTED] Sent: Friday, March 11, 2005 5:25 To: [email protected] Subject: RE: Is an encrypted filestream possible? You only have to break data into multiple-of-block-size chunks if you use ECB or CBC mode (call MandatoryBlockSize() to see if chunking is needed, and what the block size is). But Crypto++ will do it for you automatically if you use the StreamTransformationFilter (buffering incomplete blocks as needed). On Wed, 9 Mar 2005, Mayorga, Armando CIV FLTINFOWARCEN NORFOLK VA wrote: > Depends on how you plan on using the file, for me I was encrypting a file > (3DES)and pushing it out a socket to be decrypted on a server, the only good > way I found to doing this was to put the file data into a byte array and then > pipe it chunk by chunk (sizeof(chunk) = BLOCK_SIZE) into the StringSink > method which I then Base64 encoded and shot out the pipe, there is also a > FileSink method but from what I saw it writes directly to the disk and not > memory which sounds kind of like what you want. You'll need to do a lot of > reading on the mailing list sight it took me (a newbie as well) a good two > months to get everything working the way I needed it to. here are some > pointers that if I knew would have made my life a lot easier hopefully will > help you save time and sanity. > > 1. When possible use the same library for encrypting and decrypting, I tried > using MScryptoAPI and php's mcrypt with crypto++ > and it was a nightmare, when I changed cryptoPP (the PHP port for > decrypting on my server) life got A LOT easier. > > 2. For 3DES ( and I believe most Block ciphers ) data must be broken up into > chunks ( largest chunk 128 bytes ) which are multiples of the > BLOCK_SIZE which is a predetermined size depending on the cipher used > (3DES = 8 bytes), > (I used 3DES so that is the one I know the most about) then it each > chunk is passed to the > encryptor object with the "Put" method and then "MessageEnd" called > after the lastblock. Use this with StringSink or > FileSink. I found my padding got screwed up if I tried using "Put" and > "Get", which would be fine if your data is smaller than 128 bytes mine > wasn't, which might have been just me, but anyway > use the StringSink or FileSink methods they are MUCH easier regardless > of what size your data is. > > 3. make sure you are using the same padding type for encrypting and > decrypting, types are ZEROS_PADDING, ONE_ZEROS_PADDING, > PKCS5_PADDING, I have found ZEROS_PADDING to be the easiest to deal > with but your needs and mileage will vary, > important thing is make sure the encryption method and decryption > method use the same padding type. > > 4. encryption modes, here is a great link describing them > http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation. > with Block ciphers you will need to declare or generate an > initialization vector > http://en.wikipedia.org/wiki/Initialization_vector unless you are using ecb > mode, which I > wouldn't suggest (see wikipedia link on cipher modes) > > 5. Useful Links: > Crypto++ mailing list: good advice and code snippet source > http://www.mail-archive.com/cryptopp-list%40eskimo.com/ > > Crypto++ FAQ site very useful but assumes some knowledge > http://www.eskimo.com/~weidai/cgi-bin/fom-serve/cache/1.html > > Here is the Doxygen Reference, good reference for method parameters, > variable types needed, etc > http://cryptopp.sourceforge.net/docs/ref5/index.html > > > Although this may look complicated and a bit overwhelming believe me crypto++ > is actually a lot easier library to use then > a number of others I looked at it's a steep learning curve, but you can do it. > > Good Luck > > A.J. Mayorga > Network Security Engineer > US NAVY~FIWC~Red Team~R&D > > > > > > > > -----Original Message----- > From: news [mailto:[EMAIL PROTECTED] Behalf Of John Windle > Sent: Tuesday, March 08, 2005 21:56 > To: [email protected] > Subject: Is an encrypted filestream possible? > > > Hi > > I'm new to crypto++, cryptography in general and my C++ is rusty so apologies > if > this question has an obvious answer. > > I want to create an encrypted file stream, ie one that my application pushes > in > plaintext data and it is encrypted before being written to the file; ie I can > output to it as a standard stream. Later another application needs to setup a > decoding file stream, decodes the data into plain text as it is read, so the > file can then be read as if it were a standard stream. > > Is this possible and is there an example that shows how to do it? The examples > in test.cpp either don't seem to do what I want, or they are to complex for my > limited brain. > > Any advice greatly appreciated. > > john > >
