只需加密C中的一个字符串 [英] Simply encrypt a string in C
问题描述
我打算加密打开网址时所做游戏的查询字符串。它不一定要复杂,事实上,由于我从一个游戏引擎工作,它需要尽可能的简单。如果我的水平太低,往往会大惊小怪。
我已经创建了查询字符串,我只需要使用它的每个字符,并从char中减去15,轻轻加密它。我只是想做一个简单的加密,这将阻止大多数用户。
我希望我可以给一个代码示例,但我没有太多的经验C,我甚至不知道从哪里开始。游戏引擎的api通常使我的一切都变得简单。
这些答案都不构成任何形式的合理加密。
你实际想要做的是使用某种形式的认证加密,以及某种形式的安全密钥导出算法。我个人的建议是 libsodium 。它提供了非常好的默认值,并且API相对难以出错。
有几种不同的方法来执行此操作:
- 使用随机密钥进行密钥加密 Authenticated Encryption
- 使用密码派生密钥的密钥加密密钥导出
- 使用密钥协议进行混合加密。 公钥加密
所有这些可能性都集成到libsodium中,可以相对轻松实现。
以下代码示例直接来自 libsodium文档。
对于1:
#define MESSAGE((const unsigned char *)test)
#define MESSAGE_LEN 4
#define CIPHERTEXT_LEN(crypto_secretbox_MACBYTES + MESSAGE_LEN)
unsigned char nonce [crypto_secretbox_NONCEBYTES];
unsigned char key [crypto_secretbox_KEYBYTES];
unsigned char ciphertext [CIPHERTEXT_LEN];
/ *生成安全随机密钥和随机数* /
randombytes_buf(nonce,sizeof nonce);
randombytes_buf(key,sizeof key);
/ *使用给定的随机数和密钥加密消息,将结果输入密文* /
crypto_secretbox_easy(ciphertext,MESSAGE,MESSAGE_LEN,nonce,key);
unsigned char解密[MESSAGE_LEN];
if(crypto_secretbox_open_easy(decryptded,ciphertext,CIPHERTEXT_LEN,nonce,key)!= 0){
/ *如果我们到达这里,该消息是伪造的。这意味着有人(或网络)以某种方式试图篡改消息* /
}
对于2:(从密码中导出一个密钥)
#define PASSWORD正确的马电池订书钉
#定义KEY_LEN crypto_secretbox_KEYBYTES
unsigned char salt [crypto_pwhash_SALTBYTES];
unsigned char key [KEY_LEN];
/ *选择随机盐* /
randombytes_buf(salt,sizeof salt);
if(crypto_pwhash
(key,sizeof key,PASSWORD,strlen(PASSWORD),salt,
crypto_pwhash_OPSLIMIT_INTERACTIVE,crypto_pwhash_MEMLIMIT_INTERACTIVE,
crypto_pwhash_ALG_DEFAULT)!= 0){
/ *内存不足* /
}
现在,键阵列包含适用于上述代码示例中的键。为了生成一个随机密钥,我们生成了一个从用户定义的密码导出的密钥,并将其用于加密,而不是 randombytes_buf(key,sizeof key)。
3是3种类型中最复杂的。如果你有双方交流,这是你所用的。每一方都会产生一个包含公共密钥和秘密密钥的密钥对。使用这些键盘,他们可以在一起达成一致的共享密钥,它们可用于彼此加密(和签名)数据:
#define MESSAGE(const unsigned char *)test
#define MESSAGE_LEN 4
#define CIPHERTEXT_LEN(crypto_box_MACBYTES + MESSAGE_LEN)
unsigned char alice_publickey [crypto_box_PUBLICKEYBYTES];
unsigned char alice_secretkey [crypto_box_SECRETKEYBYTES];
crypto_box_keypair(alice_publickey,alice_secretkey);
unsigned char bob_publickey [crypto_box_PUBLICKEYBYTES];
unsigned char bob_secretkey [crypto_box_SECRETKEYBYTES];
crypto_box_keypair(bob_publickey,bob_secretkey);
unsigned char nonce [crypto_box_NONCEBYTES];
unsigned char ciphertext [CIPHERTEXT_LEN];
randombytes_buf(nonce,sizeof nonce);
if(crypto_box_easy(ciphertext,MESSAGE,MESSAGE_LEN,nonce,
bob_publickey,alice_secretkey)!= 0){
/ *错误* /
}
unsigned char decryptpted [MESSAGE_LEN];
if(crypto_box_open_easy(解密,密文,CIPHERTEXT_LEN,nonce,
alice_publickey,bob_secretkey)!= 0){
/ *为Bob假装来自Alice的消息已经伪造! * /
}
此代码首先生成两个关键字(通常,这将发生在bob的和alice的机器,并且他们将彼此发送他们的公共密钥,同时保持他们的密钥,好的秘密)。
然后,生成随机随机数,并且调用 crypto_box_easy(...)将从alice到bob的消息加密到(使用bob的公钥加密,和alice的秘密密钥进行签名)。
然后(在通过网络发送消息之后),调用 crypto_box_open_easy(。 ..)被bob用来解密消息(使用他自己的密钥进行解密,alice的公钥来验证签名)。如果由于某种原因(有人试图篡改)该消息的验证失败,则由非零退货代码指示。
I'm trying to encrypt a query string on a game I'm making when opening a url. It doesn't have to be complicated, in fact since I'm working from a game engine it needs to be as simple as possible. It tends to fuss if I get too low level.
I've already created the query string, I just need to take each char of it and subtract 15 from the char to lightly encrypt it. I'm just wanting to make a simple encryption that will deter most users.
I wish I could give a code example but I'm not too experienced in C, and I'm not even sure where to begin. The game engine's api usually makes everything simple for me.
None of these answers really constitute any form of reasonable encryption.
What you actually want to do, is use some form of authenticated encryption, and some form of secure key derivation algorithm. My personal recommendation is libsodium. It provides very good defaults, and an API that is relatively hard to get wrong.
There's several different ways to do this:
- Secret key encryption with a random key Authenticated Encryption
- Secret key encryption with a key derived from a passphrase Key Derivation
- Hybrid encryption with Key Agreement. Public Key Encryption
All of these possibilities are integrated into libsodium and implementable with relative ease.
The following code examples are taken directly from the libsodium documentation.
For 1:
#define MESSAGE ((const unsigned char *) "test")
#define MESSAGE_LEN 4
#define CIPHERTEXT_LEN (crypto_secretbox_MACBYTES + MESSAGE_LEN)
unsigned char nonce[crypto_secretbox_NONCEBYTES];
unsigned char key[crypto_secretbox_KEYBYTES];
unsigned char ciphertext[CIPHERTEXT_LEN];
/* Generate a secure random key and nonce */
randombytes_buf(nonce, sizeof nonce);
randombytes_buf(key, sizeof key);
/* Encrypt the message with the given nonce and key, putting the result in ciphertext */
crypto_secretbox_easy(ciphertext, MESSAGE, MESSAGE_LEN, nonce, key);
unsigned char decrypted[MESSAGE_LEN];
if (crypto_secretbox_open_easy(decrypted, ciphertext, CIPHERTEXT_LEN, nonce, key) != 0) {
/* If we get here, the Message was a forgery. This means someone (or the network) somehow tried to tamper with the message*/
}
For 2: (Deriving a key from a password)
#define PASSWORD "Correct Horse Battery Staple"
#define KEY_LEN crypto_secretbox_KEYBYTES
unsigned char salt[crypto_pwhash_SALTBYTES];
unsigned char key[KEY_LEN];
/* Choose a random salt */
randombytes_buf(salt, sizeof salt);
if (crypto_pwhash
(key, sizeof key, PASSWORD, strlen(PASSWORD), salt,
crypto_pwhash_OPSLIMIT_INTERACTIVE, crypto_pwhash_MEMLIMIT_INTERACTIVE,
crypto_pwhash_ALG_DEFAULT) != 0) {
/* out of memory */
}
Now, the key-array contains a key that is suitable for the use in the code sample above. Instead of randombytes_buf(key, sizeof key) for generating a random key, we generated a key derived from a user-defined password, and use that for encryption.
3 is the "most complicated" of the 3 types. It is what you use if you have two parties communicating. Each of the parties generates a "keypair", which contains a public and a secret key. With those keypairs, they can together agree on a "shared key" that they can use for encrypting (and signing) data for each other:
#define MESSAGE (const unsigned char *) "test"
#define MESSAGE_LEN 4
#define CIPHERTEXT_LEN (crypto_box_MACBYTES + MESSAGE_LEN)
unsigned char alice_publickey[crypto_box_PUBLICKEYBYTES];
unsigned char alice_secretkey[crypto_box_SECRETKEYBYTES];
crypto_box_keypair(alice_publickey, alice_secretkey);
unsigned char bob_publickey[crypto_box_PUBLICKEYBYTES];
unsigned char bob_secretkey[crypto_box_SECRETKEYBYTES];
crypto_box_keypair(bob_publickey, bob_secretkey);
unsigned char nonce[crypto_box_NONCEBYTES];
unsigned char ciphertext[CIPHERTEXT_LEN];
randombytes_buf(nonce, sizeof nonce);
if (crypto_box_easy(ciphertext, MESSAGE, MESSAGE_LEN, nonce,
bob_publickey, alice_secretkey) != 0) {
/* error */
}
unsigned char decrypted[MESSAGE_LEN];
if (crypto_box_open_easy(decrypted, ciphertext, CIPHERTEXT_LEN, nonce,
alice_publickey, bob_secretkey) != 0) {
/* message for Bob pretending to be from Alice has been forged! */
}
This code first generates both keypairs (typically, this would happen on bob's and alice's machine separately, and they would send each other their public key, while keeping their secret key, well, secret).
Then, a random nonce is generated, and the call to crypto_box_easy(...) encrypts a message from alice to bob (using bob's public key to encrypt, and alice's secret key to make a signature).
Then (after potentially sending the message over the network), the call to crypto_box_open_easy(...) is used by bob to decrypt the message (using his own secret key to decrypt, and alice's public key to verify the signature). If the verification of the message failed for some reason (someone tried to tamper with it), this is indicated by the non-zero return code.
这篇关于只需加密C中的一个字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
