如何在Crypto ++中使用自定义密钥 [英] How to use a custom key in Crypto++
问题描述
在这个问题中,我有一个问题涉及加密代码: Crypto ++在两个不同的c ++程序中进行加密和解密
I have a question referring to the encryption code in this question: Crypto++ encrypt and decrypt in two different c++ programs
如果我想使用自定义键/iv,该怎么办?
If I want to use a custom key/iv, how can I do this?
推荐答案
如果我想使用自定义键/iv,该怎么办?
If I want to use a custom key/iv, how can I do this?
只需将其插入具有某种模式的密码中即可.有很多模式可供选择,但是您应该使用经过身份验证的加密模式,例如EAX,CCM或GCM.有关Crypto ++模式的讨论,请参见类别:模式.
Just plug it into a cipher with a mode. There are plenty of modes to choose from, but you should use an authenticated encryption mode like EAX, CCM or GCM. See Category:Mode for discussion of the modes in Crypto++.
下面的代码采用密码或机密,对密码进行加密,然后对消息进行加密和编码.接下来,它对加密的消息进行解码.最后,它会打印一些参数.
The code below takes a password or secret, keys a cipher, and then encrypts and encodes a message. Next, it decodes the encrypted message. Finally it prints some of the parameters.
try {
// KDF parameters
string password = "Super secret password";
unsigned int iterations = 15000;
char purpose = 0; // unused by Crypto++
// 32 bytes of derived material. Used to key the cipher.
// 16 bytes are for the key, and 16 bytes are for the iv.
SecByteBlock derived(32);
// KDF function
PKCS5_PBKDF2_HMAC<SHA256> kdf;
kdf.DeriveKey(derived.data(), derived.size(), purpose, (byte*)password.data(), password.size(), NULL, 0, iterations);
// Encrypt a secret message
string plaintext = "Attack at dawn", ciphertext, recovered;
// Key the cipher
EAX<AES>::Encryption encryptor;
encryptor.SetKeyWithIV(derived.data(), 16, derived.data() + 16, 16);
AuthenticatedEncryptionFilter ef(encryptor, new StringSink(ciphertext));
ef.Put((byte*)plaintext.data(), plaintext.size());
ef.MessageEnd();
// Key the cipher
EAX<AES>::Decryption decryptor;
decryptor.SetKeyWithIV(derived.data(), 16, derived.data() + 16, 16);
AuthenticatedDecryptionFilter df(decryptor, new StringSink(recovered));
df.Put((byte*)ciphertext.data(), ciphertext.size());
df.MessageEnd();
// Done with encryption and decryption
// Encode various parameters
HexEncoder encoder;
string key, iv, cipher;
encoder.Detach(new StringSink(key));
encoder.Put(derived.data(), 16);
encoder.MessageEnd();
encoder.Detach(new StringSink(iv));
encoder.Put(derived.data() + 16, 16);
encoder.MessageEnd();
encoder.Detach(new StringSink(cipher));
encoder.Put((byte*)ciphertext.data(), ciphertext.size());
encoder.MessageEnd();
// Print stuff
cout << "plaintext: " << plaintext << endl;
cout << "key: " << key << endl;
cout << "iv: " << iv << endl;
cout << "ciphertext: " << cipher << endl;
cout << "recovered: " << recovered << endl;
}
catch(CryptoPP::Exception& ex)
{
cerr << ex.what() << endl;
}
运行该程序会产生以下输出.
A run of the program produces the following output.
$ ./cryptopp-test.exe
plaintext: Attack at dawn
key: 7A8C7732898FB687669CB7DBEFBDD789
iv: 0AA980BABE72797E415C9B8979BF30EF
ciphertext: 197D0BD1A12577393AD1B1696B75D0FC6B8A142CF15B5F887AA965CE75F0
recovered: Attack at dawn
更好的是,使用集成加密方案. Crypto ++提供了其中两个.第一个是椭圆曲线集成加密方案,该方案在椭圆形诅咒字段上运行.第二个是离散对数集成加密方案,它在整数字段上运行.
Even better, use an Integrated Encryption Scheme. Crypto++ provides two of them. The first is Elliptic Curve Integrated Encryption Scheme which operates over fields of elliptic curse. The second is Discrete Logarithm Integrated Encryption Scheme, which operates over the field of integers.
其甚至更好" 的原因很多,但最明显的是其 IND-CCA2 .其他更实用的方法包括:您 无法重用安全性上下文,因为系统已正确使用了该上下文;并且删除了填充,这大大简化了证明并避免了潜在的预言.该系统还基于离散日志,这使它成为基于Diffie-Hellman的问题,并且据信到处都很难.
There's a number of non-obvious reason why its "even better", but the big one is its IND-CCA2. Other, more practical ones include: you can't reuse a security context because correct use is built into the system; and padding has been removed which greatly simplifies proofs and avoids potential oracles. The system is also predicated on Discrete Logs, which makes it a Diffie-Hellman based problem and its believed to be hard everywhere.
这篇关于如何在Crypto ++中使用自定义密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
