tags:

views:

141

answers:

6
+5  Q: 

please suggest a good encryption library

Greetings everyone. I am working on a small project and need your help. Here are the details:

  • My project is in VC++ 2008
  • I need to store some critical resource files bundles with my project exe in encrypted form
  • While running the exe, I want to decrypt and use these files on the fly (without storing decrypted files in temp location)
  • The files in question are binary files
  • Project is small and simple
  • Encryption can be simple or moderately secure

I am looking for a encryption library/sdk/toolkit for a simple project, the library should have following requirements

  • It should be small and simple to work with, I dont need lots of features and I am short on development time
  • It should be free to use
  • It should be able to decrypt streams, or decrypt files directly in memory without storing them in any temp location
  • It should have good tutorials/examples/community support, I am short on development time
  • It should support more than one encryption strategies so that I should be able to switch to a better algorithm if needed, without changing library

I am really new to encryption libraries, kindly give your suggestion and i'll do background research on my own. Thanks much :)

EDIT

Also, can you suggest a good way to hide my key inside an EXE? This is an click-and-run application without any registration or installation.

+4  A: 

Will decrypt key be hardcoded in your program, or supplied from eg. a license file?

If hardcoded, don't bother looking for any type of fancy encryption, all you can hope for is a (very thin!) layer of obfuscation - even a simple XOR scrambling would be no worse than AES.

That said, check out TomCrypt or Crypto++.

EDIT

You could also opt for something really simple such as TEA. Or you could stick with simple XOR encryption and compress your executable; a nice property of single-byte XOR encryption is that the encrypted data will still be compressible :) (caveat emptor: exe compression sometimes triggers false positives in antivirus apps).

The thing to keep in mind is that "if it runs, it can be broken", so focus on diverting casual prying eyes and forget about securing against "really interested people" - it takes a lot of effort and knowledge to do anything remotely successful.

EDIT 2

For "hiding" the decryption key, you can simply store the binary key (what the decryption algorithm itself uses) rather than a textual representation - or you could use a string of gibberish. Doesn't matter much, casual users won't be able to use the key anyway, and you can't hide it from determined people :)

snemarch  2010-09-21 12:40:21
Yep encryption keys will be embedded in EXE, is there a better way to distribute keys?
coreSOLO  2010-09-21 12:47:54
That depends a lot on what you're doing; if there's no registration/license/whatever data required to run the app, and you simply want to keep prying eyes out, then I'd personally go for something simple.
snemarch  2010-09-21 12:50:12
What you said is correct, right now I just need to keep my data out of prying eyes, but I would need to update it to a better system in future. Also, something like "AES Encrypted" looks cool (if implemented properly) :)
coreSOLO  2010-09-21 13:03:03
If you move to a "content unlocked based on license" model at some point, you have a bunch of options... but do memorize the "if it runs, it will be broken" mantra :)
snemarch  2010-09-21 13:09:08
Thanks, I'm reading on this topic for the whole day and now its very clear to me that if a person is skilled enough to break XOR encryption, he can break the higher ones anyways. So I'll save energy and go with XOR or TEA!
coreSOLO  2010-09-21 13:26:53
A: 

This is kind of an "UnAnswer": I know only one free library supporting the feature you need and this is not small or simple to work with. But anyway, have a look at Crypto++. I guess others will also mention it.

ur  2010-09-21 12:42:48
A: 

You could just use the Capicom ActiveX control. It's been discontinued, but I don't think that will cause you any issues. It's a wrapper around Microsoft's CryptoAPI.

  • It is just a wrapper around OS functions, so it's pretty small and easy to use.

  • Microsoft does offer a redist for it, so you will be able to include it in your programs.

  • It can decrypt strings. Not sure about streams.

  • It's from MS, so tutorials and community support is a given.

  • It supports multiple encryption algorithms. Note that some of the newer algorithms ones are not available on older versions of Windows, since it uses CryptoAPI.

It's not perfect, but if you want something you can develop quickly, it's not a bad choice.

Brian  2010-09-21 13:26:14
Hey thats coll, i'll check it out right away. Is there any other crypto API which comes with windows/vs2008?
coreSOLO  2010-09-21 13:28:13
NVM, i just checked out "CAPICOM Alternatives" on MSDN and the list itself looks encrypted :\
coreSOLO  2010-09-21 13:30:42
+1  A: 

If you're only using Windows, I'd recommend the Windows Crypto API http://msdn.microsoft.com/en-us/library/aa388162(v=VS.85).aspx

Paul Whitehurst  2010-09-21 13:56:34
+1  A: 

I do not know if it really satisfies all of your requirements, but take a look at Botan.

wilx  2010-09-21 14:13:46
A: 

I have used Crypto++ and while I recognize the genius behind its conception... I loathe the fact that it takes a genius to use it (or close enough). There are good examples, but the slightest attempt to deviate from them turns into an extremely frustrating time.

I would recommend Google Keyczar: it's been designed for easy crypto:

  • safe defaults, so don't worry about them
  • multiple algorithms supported: asymmetric and symmetric, hashing
  • handling of keys, with rotation mechanism etc... though that may not be extremely useful in your case

Check out the website: Keyczar

Small note: there might be some issues with stream-decoding due to the API, I am not experienced enough with it to answer this.

Matthieu M.  2010-09-21 18:22:45

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS