当前位置: 文江博客话题详情

使用openssl加密和解密小文件

发布于 2024-07-25 00:09:08 字数 144 浏览 6 评论 0原文

我想用 C/C++ 编写一个小程序,它读取一个小文本文件,并使用“内部”密钥对其进行加密。 然后我还想编写另一个小程序,它可以使用内部相同的密钥解密加密的文件。

我查看了 openSSL 网站并用谷歌搜索,但发现不是简单的例子,有人尝试过做这件事吗?

原文

I want to write a small program in C/C++ which reads a small text file, and encrypts it, using a "internal" key. Then I also want to write another small program which can decrypt the encrypted file using internally the same key.

I looked at openSSL site and googled but found not simple example, has somebody ever tried to do this thing?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

明月夜 2024-08-01 00:09:08

理想情况下,您可以使用 ccrypt 等现有工具,但这里是:

#include <openssl/aes.h>

/* ... */


{
  int bytes_read, bytes_written;
  unsigned char indata[AES_BLOCK_SIZE];
  unsigned char outdata[AES_BLOCK_SIZE];

  /* ckey and ivec are the two 128-bits keys necesary to
     en- and recrypt your data.  Note that ckey can be
     192 or 256 bits as well */
  unsigned char ckey[] =  "thiskeyisverybad";
  unsigned char ivec[] = "dontusethisinput";

  /* data structure that contains the key itself */
  AES_KEY key;

  /* set the encryption key */
  AES_set_encrypt_key(ckey, 128, &key);

  /* set where on the 128 bit encrypted block to begin encryption*/
  int num = 0;

  while (1) {
    bytes_read = fread(indata, 1, AES_BLOCK_SIZE, ifp);

    AES_cfb128_encrypt(indata, outdata, bytes_read, &key, ivec, &num,
           AES_ENCRYPT);

    bytes_written = fwrite(outdata, 1, bytes_read, ofp);
    if (bytes_read < AES_BLOCK_SIZE)
  break;
  }
}

通过调用 AES_cfb128_encrypt 并使用 AES_DECRYPT 作为最后一个参数来完成解密。 请注意,此代码仅经过最基本的测试,并且您确实应该为 ckey 和 ivec 使用正确的 8 位随机数据​​。

编辑AES_cfb128_encrypt 似乎接受任意长度的数据,因此您不需要以 AES_BLOCK_SIZE (16) 字节的块进行加密。

Ideally, you could use an existing tool like ccrypt, but here goes:

#include <openssl/aes.h>

/* ... */


{
  int bytes_read, bytes_written;
  unsigned char indata[AES_BLOCK_SIZE];
  unsigned char outdata[AES_BLOCK_SIZE];

  /* ckey and ivec are the two 128-bits keys necesary to
     en- and recrypt your data.  Note that ckey can be
     192 or 256 bits as well */
  unsigned char ckey[] =  "thiskeyisverybad";
  unsigned char ivec[] = "dontusethisinput";

  /* data structure that contains the key itself */
  AES_KEY key;

  /* set the encryption key */
  AES_set_encrypt_key(ckey, 128, &key);

  /* set where on the 128 bit encrypted block to begin encryption*/
  int num = 0;

  while (1) {
    bytes_read = fread(indata, 1, AES_BLOCK_SIZE, ifp);

    AES_cfb128_encrypt(indata, outdata, bytes_read, &key, ivec, &num,
           AES_ENCRYPT);

    bytes_written = fwrite(outdata, 1, bytes_read, ofp);
    if (bytes_read < AES_BLOCK_SIZE)
  break;
  }
}

Decryption is done by calling AES_cfb128_encrypt with AES_DECRYPT as the last parameter. Note that this code hasn't been given anything more than the most elementary of testing, and that you really should use proper 8-bits random data for ckey and ivec.

EDIT: It seems AES_cfb128_encrypt accepts data of arbitrary length, so you're not required to encrypt in blocks of AES_BLOCK_SIZE (16) bytes.

回复 原文
神仙妹妹 2024-08-01 00:09:08

以前的答案已经向您指出了如何做您所要求的事情。

我想补充一下为什么你可能不应该这样做

您所说的称为“对称加密”(使用相同的密钥进行加密和解密,而不是非对称加密,其中使用一个密钥加密的所有内容只能由特定的对应方解密)。

反汇编可执行文件以确定正在使用的硬编码密钥几乎是微不足道的。 这意味着,任何获得您的可执行文件的人都可以破解任何已交换消息的加密。

除非您想要的应用程序非常具体,否则这意味着您的设置可能“看起来”安全,但事实并非如此。 在这些情况下,通常最好根本不加密,这样就不会有人陷入这种错误的安全感...

您希望使用标准库来进行加密(而不是实现/创建算法),这是非常好的您自己),但是协议如何应用程序、密钥和消息的使用和交换)至少与密码本身一样重要。 您可能希望让从事密码学的人测试您的想法,以告诉您弱点。 (我确信 StackOverflow 上有足够多的此类内容。;-))

Previous answers have pointed you towards how to do what you asked for.

I'd like to add a word on why you probably shouldn't do this.

What you are talking about is called "symmetric encryption" (the same key is used for encrypting and decrypting, as opposed to asymmetric encryption where everything encrypted with one key can only be decrypted by a specific counterpart).

Disassembling an executable to determine a hardcoded key being used is next-to-trivial. That means, anyone who gets his/her hands on one of your executables, ever, can break the encryption of any message ever exchanged.

Unless the application you have in mind is very specific, this means your setup might "look" secure, but isn't. In these cases, it's usually better not to encrypt at all, so that no-one involved falls for that false sense of security...

It's very good you are looking to standard libraries to do the encryption (instead of implementing / creating an algorithm yourself), but the protocoll (how applications, keys, and messages are used and exchanged) is at least as important as the cipher itself. You might want to have your ideas tested by someone dealing in cryptography, to tell you the weaknesses. (I'm sure there's enough of that kind here at StackOverflow. ;-) )

回复 原文
如日中天 2024-08-01 00:09:08

OpenSSL 特别关注 SSL 和 TLS 的实现,它们是通过网络加密数据的协议。 由于您只想加密文件,因此可以使用 OpenSSL,但并不理想。

相反,我会使用类似 BeeCryptCrypto++® Library 5.6.0 两者都提供了使用示例。

OpenSSL is specifically concerned with implementing SSL and TLS which are protocols for encrypting data over a network. Since you are just looking to encrypt a file, it is possible to use OpenSSL but not ideal.

Instead, I would use something like BeeCrypt or Crypto++® Library 5.6.0 which both provide examples for their use.

回复 原文
~没有更多了~

关于作者

沧桑㈠

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

linfzu01

文章 0 评论 0

§对你不离不弃

文章 0 评论 0

可遇━不可求

文章 0 评论 0

枕梦

文章 0 评论 0

qq_3LFa8Q

文章 0 评论 0

JP

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文