在 C++ 中实现公钥加密的简单方法?
我希望能够签署文件。我的意思是收件人可以检查该文件确实来自我并且可以查看其内容。在 C++ 中是否有任何简单的方法可以做到这一点?
我刚刚浏览了 Wikipedia 上的 PGP 文章,但他们在“散列、数据压缩、对称密钥加密以及最后的公钥加密”中间迷失了方向。理想情况下,我想要一个具有函数 signString(string, privateykey) 的库,并且接收者将具有函数 readSignedString(string, publickey)。有什么建议吗?
编辑:
我不确定我是否使用了正确的方法,所以这就是我想要做的:
我想在我的桌面应用程序中实现一些简单的盗版保护。因此,当用户购买许可证时,我会向他们发送包含他们的姓名和电子邮件的签名文件。然后,用户安装该文件,应用程序读取该文件:它检查签名有效性并显示名称/电子邮件(在“关于”框中)。为了确保破解者无法生成这些文件,我需要确保解密文件的密钥与加密文件的密钥不同。有没有简单的方法来实现这个?
I want to be able to sign a file. By that I mean that the recipient can check that the file is indeed from me and can view its content. Is there any simple way to do that in C++?
I just had a look at the PGP article on Wikipedia but they lost me somewhere in the middle of "hashing, data compression, symmetric-key cryptography, and, finally, public-key cryptography". Ideally, I would like a library which has a function signString(string, privateykey) and the recipient would have function readSignedString(string, publickey). Any suggestion?
Edit:
I'm not sure I'm using the right approach, so here is what I'm trying to do:
I want to implement some simple piracy protection in my desktop application. So when the user buy a license, I send them a signed file containing their name and email. The user then install the file and the app reads it: it checks the signature validity and displays the name/email (in the About box). To make sure that crackers cannot generate these files, I need to make sure that the key to decrypt the file is not the same as the one to encrypt it. Is there any simple way to implement this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
OpenSSL 几乎就是您所需要的。它没有两个这样的函数,但它几乎同样简单。
首先,每个数字签名都需要一个哈希算法。原因是您不加密文件,仅加密文件哈希(否则验证将花费太长时间)。
使用 OpenSSL,您可以使用如下内容:
验证签名的方法几乎相同,仅使用
EVP_ValidateInit、EVP_ValidateUpdate和EVP_ValidateFinal。最后一个函数返回 0/1 来表示验证是否成功。您仍然需要将密钥放入应用程序中,有很多函数可以做到这一点,具体取决于您从何处读取它(文件/内存/证书等)
OpenSSL is almost what you need. It doesn't have two such functions, but it's almost as easy.
First of all, every digital signature requires a hash algorithm. The reason is that you don't encrypt the file, you only encrypt the file hash (it would take too long to verify otherwise).
With OpenSSL you can use something like this:
And pretty much the same for validating the signature, only using
EVP_ValidateInit,EVP_ValidateUpdateandEVP_ValidateFinal. The last function returns 0/1 to say whether validation succeeded or not.You still need to get the key into the application, there are quite a few functions to do that, depending on where you read it from (file/memory/certificate etc.)
您还可以使用 Keyczar 来加密和解密您的文件。
但实际上你不能像这样对你的程序进行破解,这使得它变得更加困难,但是破解者可以反汇编你的程序,找到检查这些签名文件有效性的函数,并将其更改为接受任何类型的文件。
You can also use Keyczar for encrypting and decrypting your file.
But actually you can't crack-proof your program like this, It makes it harder, but crackers can disassemble your program, find the function that checks the validity of those signed files, and change it to accept any kinds of files.
你可能想看看 PGP 的 GNU 版本,GnuPG,它使用一个名为 libgcrypt http 的 OSS 库://directory.fsf.org/project/libgcrypt/ 看起来能够做你想做的事情。 http://www.gnupg.org/documentation/manuals/gcrypt/手动的。
You might want to take a look at the GNU version of PGP, GnuPG, it uses a OSS lib called libgcrypt http://directory.fsf.org/project/libgcrypt/ which looks to be able to do what you want. http://www.gnupg.org/documentation/manuals/gcrypt/ for the manual.
有关信息,在尝试了此处的大部分建议后,我最终使用了 openpgp 命令行工具。 UPX 后它非常轻量级,它是跨平台的,并且以简单的方式满足我的需要。
For information, after having tried most of the suggestions here, I ended up using the openpgp command line tool. It's quite lightweight once UPXed, it's cross-platform and it does what I need in an easy way.