need primitive public key signature with out of band key distribution

Question

I pretty much a complete neophyte at this signature business so I don't know if what I'm asking is nonsense or not. Anyway, here goes...

I want to send an out of band message (don't worry about how it gets there) to a program I've written on a distant machine. I want the program to have some confidence the message is legit by attaching a digital signature to the message. The message will be small less than 200 characters.

It seems a public key based signature is what I want to use. I could embed the public key in the program.

I understand that the program would be vulnerable to attack by anyone who modifies it BUT I'm not too worried about that. The consequences are not dire.

I've looked through the MSDN and around the web but the prospect of diving in is daunting. I'm writing in straight c++, no NET framework or other fancy stuff. I've had no experience including NET framework stuff and little luck during previous attempts.

Can anyone point me at some very basic resources to get me started?

I need to know

1)how to generate the public and private keys 2)how to sign the message 3)how to verify the signature

Any help much appreciated.

TIA, Mike

Answer 1

You could try looking at the Keyczar library. It provides a high level abstraction to cryptographic functions with the aim to make is easy for developers to do crypto correctly. As an added bonus it has c++ bindings.

There is also Cryptlib which has been around for a while, and NaCl. As with Keyczar these libraries aim to provide a high level abstraction for common crypto functions.

Answer 2

gpgme is a high-level cryptographic API for GnuPG, written in C, but with bindings for a number of languages. GnuPG has excellent docs and is easy to use, so you can play around 'manually' on the command line and get a feel for how the key operations work, then look up the functions you need for your code in the API.