Mouse wrote:
> That means, that a program that creates output into
> StreamTransformationFilter containing CBC encryptor (and tries to force
> each individual record out), using something like:
>
> for (i=0; i < total; i++) {
> encrStream.Put(record[i], record[i].size());
> encStream.MessageEnd();
> }
This is fine (except that for security you need to use a different random IV
for each record in CBC mode), but on the decryption side, you need to call
MessageEnd() at the end of each encrypted record. Which means when you have
to store the sizes of encrypted records somewhere. You also need to use a
different random IV for each record in CBC mode, so you have to store that
also. Assuming you put them in front of each encrypted record (code
omitted), you can then do something like this:
FileStore f("tenc.txt");
StreamTransformationFilter d(decrAES, new ByteQueue);
while (f.AnyRetrievable()) {
word32 size;
byte iv[AES::BLOCKSIZE];
f.GetWord32(size);
f.Get(iv, AES::BLOCKSIZE);
decrAES.Resynchronize(iv);
f.TransferTo(d, size);
d.MessageEnd();
SecByteBlock record(d.MaxRetrievable());
d.Get(record, record.size());
// some something with record
}
Another way to think of it is that StreamTransformationFilter only
pads/unpads for you; it doesn't packetize.
You might also want to think about why you need to pad/packetize your
records in the first place. Why not encrypt all of the records as one big
"message" and only pad (call MessageEnd()) at the end? You'd save a lot of
space on the IV and padding.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [EMAIL PROTECTED]
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---
