What is the best way to encrypt a text file in C/C++?

Question

A C/C++ based cgi web application will be creating a temporary text file on the server as long as the user is logged in. The text file will be deleted when the user logs off. I want to encrypt this text file and also the content of the file. The file will contain information like username and password.

What is the best way to do this?

EDIT: I see libraries being suggested. My problem is I cannot use anything but Standard C++ library.

Answer 1

An encryption standard that currently is considered as "safe" is AES (also called Rijndael). You can find a C++ implementation at Codeproject and in many other places.

Please note, that when using AES or any other symmetric encryption standard, you must store the encryption/decryption key inside your application. If anyone discovers the key, he can decrypt all files that you encrypted with this key.

If your application will run under Windows, you also might use DPAPI to store the encrypted information.

Answer 2

Use a well known library such as openssl and follow well known examples and stay away from platform specific solutions.

Answer 3

Revised answer.
You want code to encrypt and decrypt a file that can be used with your C++ code.
It would be absolutely incorrect to write your own code (like this one).

But, you say that you cannot use standard libraries.
Standard (and, maybe opensource) libraries are probably the most correct approach to implementing encryption in your applications. If you choose to not do that, it leaves you with only two options,

• Implement your own version of a standard encryption algorithm (and risk weakness by any errors you make)
• Use a 'system' call from your application and run a standard encryption (like bcrypt) that maybe (hopefully) available on your system.

I would still stick to picking up a standard library or integrating such an opensource code into my application. Please explain what prevents you from doing that.

---

Old: for some reason, i thought a PHP code was required... my error.
This article gives a PHP encryption symmetric program example using crypt to store password in a text file.

Possibly related Stackoverflow questions

• discussion on the best C/C++ encryption library.
• discussion on plain text storage of password.

Answer 4

I think you might be going about this the wrong way. If security, real security, is the goal then you're not going to want to store the password even in its encrypted form (because it can be decrypted if the key is stolen, as other people have said).

What you should do is store a hash of the password (with an appropriate salt). This means that no one (not even the site admins) can determine a user's password. They can merely accept a password and see if it's the right one or not by hashing the input with the same salt (you can't reverse a hash).

Also, this sort of situation lends itself nicely to databases, are you using one?

Google password hashing with salts and you can read about it from real security experts (I am not one).