views:

68

answers:

2

I am writing an application which has an authenticity mechanism, using HMAC-sha1, plus a CBC-blowfish pass over the data for good measure. This requires 2 keys and one ivec.

I have looked at Crypto++ but the documentation is very poor (for example the HMAC documentation). So I am going oldschool and use Openssl. Whats the best way to generate and load these keys using library functions and tools ? I don't require a secure-socket therefore a x.509 certificate probably does not make sense, unless, of-course, I am missing something.

So, do I need to write my own config file, or is there any infrastructure in openssl for this ? If so, could you direct me to some documentation or examples for this.

+1  A: 

Although it doesn't answer your question directly, if you are looking at this as a method of copy protection for your program, the following related questions may make for interesting reading.

Konrad
Thank you for the links, I will look at them. The system is for handing out login tokens, similar to Kerberos tokens, embedded into HTTP cookies. I personally would have just used Kerberos and webauth, instead of re-inventing the wheel, but I do what I am told :P
Hassan Syed
+1 as it might be useful for others :D
Hassan Syed
A: 

This is the solution I am going for atm. Unless of course someone comes up with a better one, or one that solves my specific problem.

I will put three files in /etc/acme/auth/file1 file2 and file3, binary files with randomly generates numbers for the 2 keys and the ivec, and do the same in windows but under c:\etc\acme\auth.

Hassan Syed
Can I suggest (for Windows) you use a subdirectory in your application directory? Nothing annoys me more than applications polluting my filesystem. :-)
Konrad
The library will be a nginx module, Perhaps I can place it under a directory relative to the nginx install location. I will have to investigate that further, in all likelihood the server will only run under linux.
Hassan Syed