So far I've come across Botan and Crypto++ which both provide reversible (e.g AES) and non-reversible (e.g SHA) encryption. I wondered if anyone can recommend either, or something else?
+1
A:
I used to use libtomcrypt for CPP though its written in pure C.
It's huge!, means it has small, robust and simple API implementation of most of the cyphers and hashes down there.
It not on GPL so you can use it in closed projects.
bua
2010-09-07 07:16:57
+7
A:
OpenSSL has all the functionality that you would expect and it is often already installed (at least on Linux).
It supports asymmetric/symmetric encryption, digital signatures and hashing algorithms. For example, you can use the high-level OpenSSL EVP API for symmetric encryption.
AndiDog
2010-09-07 07:26:10
+1, and besides I should point out that for may things, OpenSSL is considered *the* standard. On top of that, depending on your field, if you need to undergo an audit or something like that, OpenSSL as something recognized and well-regarded won't cause any issues, but some other dodgy library you downloaded from an anonymous server might poke a stick in the auditor's wheels.
AviD
2010-09-07 14:02:41
Isn't (for example) SHA-256 SHA-256 regardless of implementation - it's deterministic so you can test it.
John
2010-09-07 19:40:28
@John: Even if it's the same algorithm with the same (test) results, the implementation might be different. Sometimes, encryption algorithm (reference) implementations are flawed and are vulnerable to attacks. AviD meant that a somewhat more stable library like OpenSSL would mitigate such risks.
AndiDog
2010-09-07 20:51:56
@John, I did mean as @AndiDog said, but even more than that, OpenSSL is a *trusted* library, and can be skipped over during an audit as a complete, (relatively) secure blackbox, without having to decompose the entirety of a crypto library. Consider OpenSSL to have a pre-registered "seal of approval", so to speak. (Not to suggest there are no flaws in it, but it is better than the dodgy ones).
AviD
2010-09-08 14:31:32
Good points. Thanks
John
2010-09-08 16:32:43
We're Windows (nominally cross-platform) which I guess is no problem, though OpenSSL looks very Linux-oriented (tarballs and all). Is there any support for MSVC, or would we need to build our own project from scratch if we wanted to be consistent with our other code?
John
2010-09-08 16:47:01
@John: It seems like the OpenSSL Windows binaries at http://www.slproweb.com/products/Win32OpenSSL.html are actually built with MSVC, so you shouldn't have any problems I guess.
AndiDog
2010-09-08 17:22:28
+1
A:
Google has a very interesting library: KeyCzar.
Of interest:
- Simple API (I have used Crypto++, and it may be powerful... but what a hassle!)
- Keys rotation and versioning (you do intend to make your keys evolve, right ?)
- Safe defaults !!
Frankly, those 3 points are what I think are the most important considerations once you know the implementation is sound. Especially for those of us who are not crypto experts.
Matthieu M.
2010-09-07 07:44:12
A:
Also you can use PoCo library, for more information visit www.pocoproject.org
Davit Siradeghyan
2010-09-07 10:47:59