Classes | Functions

Cryptography Libraries
[Libraries]

Provides basic encryption support. More...

Collaboration diagram for Cryptography Libraries:

Classes

class  crypto::RSAPublicKey
 public key suitable for encrypting More...
class  crypto::RSAKey
 private/public key pair. More...
class  crypto::DESKey
 fast symmetric encryption More...

Functions

virtual std::string crypto::RSAPublicKey::serialize (void)=0
 return a serialized (string) version of the public key
virtual std::string crypto::RSAPublicKey::encrypt (const char *plaintext)=0
 return the given text encrypted with the public key
static smart_ptr< RSAPublicKey > crypto::RSAPublicKey::create (const char *serialized)
 factory to create public key from serialized (string) version
virtual smart_ptr< RSAPublicKey > crypto::RSAKey::getPublicKey (void)=0
 return the public key for the public/private pair
virtual std::string crypto::RSAKey::decrypt (const char *encrypted)=0
 decrypt a string encrypted with the public key, using the private key
static smart_ptr< RSAKey > crypto::RSAKey::create (void)
 create new RSA public/private key pair (note: very expensive!)
virtual std::string crypto::DESKey::serialize (void)=0
 return a serialized (string) version of the DES key
virtual std::string crypto::DESKey::encrypt (const char *plaintext, int minSize)=0
 encrypt the given plaintext string using the DES key (pads if necessary to fill out to minSize)
virtual std::string crypto::DESKey::decrypt (const char *encrypted)=0
 decrypt the given string using the DES key (returns original plaintext)
static smart_ptr< DESKey > crypto::DESKey::create (void)
 create new DES key
static smart_ptr< DESKey > crypto::DESKey::create (const char *serialized)
 factory to create DES key from serialized (string) version



typedef std::vector< byte_tcrypto::vec_byte_t
std::string crypto::getSHA1 (const char *data)
 quick one-way encryption (SHA1 algorithm, see http://en.wikipedia.org/wiki/SHA-1)
std::string crypto::encodeBase64 (const byte_t *data,long bytes,bool encodeLength=true)
 given binary data, encode into base64 ascii string
void crypto::decodeBase64 (const char *base64, vec_byte_t &data)
 given base64 ascii string, decode into byte array

Detailed Description

Provides basic encryption support.

Simple objects to abstract:

These are optimized for usability (and correctness) over efficiency! If you are doing hardcore crypto you should use the RSA APIs directly. For instance, these APIs aren't clever about memory management, they allocate and de-allocate as needed.

Encrypted strings have simple encoding applied so they are safe to pass around as strings (no null characters and should be MIME-friendly). Decryption routines assume the string is encoded and they will decode first. In theory these could be split out but in practice I expect most people to just treat the encrypted strings opaquely anyway.

These APIs are best for applications that are using crypto tactically in just a few rarely-used places.

Seed the randomizer before calling any crypto APIs

Because the RSA libraries are confusing (or at least, I wasn't clever enough to determine if there was a standard way of serializing keys or not), I don't think the results of these can be mixed with other libraries. That is, you can't take the encrypted value from this API and decrypt it using another API. All encryption/decryption must happen using these APIs (although that can happen across processes and machines, etc.).

These aren't designed for streaming. These are designed for encryption of small blocks of data (a couple of KB or so at most). These APIs are designed for user-readable null-terminated strings, not arbitrary binary data.

Typical usage is to create a DESKey for use in encrypting data, and only use the public/private keys to safely exchange the DES key.

Example:

Generate RSAKey on host 1:

                smart_ptr<RSAKey> rsa = RSAKey::create();       // expensive!
                smart_ptr<RSAPublicKey> pubkey = rsa->getPublicKey();
                std::string serialized = pubkey->serialize();

                // great, now send serialized version of public key to host 2
                send_string_to("host2", serialized);

Then, on host 2:

                // receive string from remote host
                std::string serialized = get_string_from("host1");

                // deserialize into local version of their public key
                smart_ptr<RSAPublicKey> pubkey =
                    RSAPublicKey::create(serialized.c_str());

                // create a new secret symmetric encryption key
                smart_ptr<DESKey> secret = DESKey::create();
                std::string des_serial = secret->serialize();

                // encrypt DES key (secret) with host 1's public key
                std::string encrypted = pubkey->encrypt(des_serial.c_str());

                // send secret to host 1
                send_string_to("host1", encrypted);

Then, back on host 1:

                // receive encrypted secret from host 2
                std::string encrypted = get_string_from("host2");

                // decrypt using our private key
                std::string serialized = rsa->decrypt(encrypted.c_str());

                // deserialize DES key so we have a local copy
                smart_ptr<DESKey> secret = DESKey::create(serialized.c_str());

                // now I can communicate with host 2 using shared secret key
                std::string password = secret->encrypt("This is my password!");
                send_string_to("host2", password);

Don't get too excited about these, because you are still vulnerable to attack/cracking during the initial handshake phase (how do you trust the machine you are handing your public key to?). But these are intended to make it harder to crack non-critical data, for instance game data where you want to make it more expensive but not necessarily impossible to crack other players' packets.

Put another way, the code above is vulnerable to man-in-the-middle attacks but is good protection against passive listeners.

Also, someday this library may beef up the handshake process, at which point the other code could be more generally useful and secure.


Typedef Documentation

typedef std::vector<byte_t> crypto::vec_byte_t

Definition at line 236 of file crypto.h.


Function Documentation

virtual std::string crypto::RSAPublicKey::serialize ( void   )  [pure virtual, inherited]

return a serialized (string) version of the public key

virtual std::string crypto::RSAPublicKey::encrypt ( const char *  plaintext  )  [pure virtual, inherited]

return the given text encrypted with the public key

smart_ptr< RSAPublicKey > crypto::RSAPublicKey::create ( const char *  serialized  )  [static, inherited]

factory to create public key from serialized (string) version

Definition at line 721 of file crypto.cpp.

virtual smart_ptr<RSAPublicKey> crypto::RSAKey::getPublicKey ( void   )  [pure virtual, inherited]

return the public key for the public/private pair

virtual std::string crypto::RSAKey::decrypt ( const char *  encrypted  )  [pure virtual, inherited]

decrypt a string encrypted with the public key, using the private key

smart_ptr< RSAKey > crypto::RSAKey::create ( void   )  [static, inherited]

create new RSA public/private key pair (note: very expensive!)

Definition at line 739 of file crypto.cpp.

virtual std::string crypto::DESKey::serialize ( void   )  [pure virtual, inherited]

return a serialized (string) version of the DES key

virtual std::string crypto::DESKey::encrypt ( const char *  plaintext,
int  minSize 
) [pure virtual, inherited]

encrypt the given plaintext string using the DES key (pads if necessary to fill out to minSize)

virtual std::string crypto::DESKey::decrypt ( const char *  encrypted  )  [pure virtual, inherited]

decrypt the given string using the DES key (returns original plaintext)

smart_ptr< DESKey > crypto::DESKey::create ( void   )  [static, inherited]

create new DES key

Definition at line 757 of file crypto.cpp.

smart_ptr< DESKey > crypto::DESKey::create ( const char *  serialized  )  [static, inherited]

factory to create DES key from serialized (string) version

Definition at line 775 of file crypto.cpp.

std::string crypto::getSHA1 ( const char *  data  ) 

quick one-way encryption (SHA1 algorithm, see http://en.wikipedia.org/wiki/SHA-1)

std::string crypto::encodeBase64 ( const byte_t data,
long  bytes,
bool  encodeLength 
)

given binary data, encode into base64 ascii string

void crypto::decodeBase64 ( const char *  base64,
vec_byte_t &  data 
)

given base64 ascii string, decode into byte array