Writing AES-256 Encrypter/Decrypter in C++

Hi everyone,

I'm looking to write a C++ program that encrypts text with the AES-256 cypher and can also decrypt it with a particular key.

I have searched around the web and stumbled upon a few libraries, but I'm unsure as to how to use them.

Thanks
LVL 5
bswinnertonAsked:
Who is Participating?
 
newbiealCommented:
I'm not familiar with xcode, but here is an example of how to install/reference a library:
http://www.rustyrazorblade.com/2008/02/06/external-libraries-in-xcode/

"In XCode, open up the project settings (under the project menu). Go down to search paths, and you can change your Header search paths to the correct locations where you installed whatever youre looking for. In this case, mine was /usr/local/includes and /usr/local/mysql/"

Hope this helps.
0
 
newbiealCommented:
Here is a simple example:
http://www.example-code.com/vcpp/aes_stringEncryption.asp

Hope this helps.
0
 
bswinnertonAuthor Commented:
How would I go about installing that library in xcode?
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

 
evilrixSenior Software Engineer (Avast)Commented:
>> I'm looking to write a C++ program that encrypts text with the AES-256 cypher
Do you really want to write this from scratch? If this is for commercial software you really would be better off using a fully FIPS140 3rd party library. Roll your own and you can be sure you'll introduce some exploits along the way.

The Crypto++ package is a completely free, cross platform, FIPS140 compliment library, with support for many encryption types.
http://www.cryptopp.com/
0
 
Dave HoweSoftware and Hardware EngineerCommented:
Crypto++ is a good choice, but TBH I would go with openssl - that way, if you use the build in its FIPS mode, you automagically get to be a FIPS certified crypto program...
0
 
evilrixSenior Software Engineer (Avast)Commented:
>> you automagically get to be a FIPS certified crypto program
I'm sure as long as you use the precompiles versions of Crypto++ the same is also true.

From the main Crypto++ page

"FIPS 140-2 Conformance

The following versions of Crypto++ have been validated by NIST and CSE for FIPS 140-2 level 1 conformance. Because only compiled executable code can receive FIPS validation, these versions are listed separately from the other source-code-only downloads. These download packages include the validated binary object, header files, API reference, and FIPS related documentation. Source code is also included for debugging purposes. (You cannot compile Crypto++ yourself and claim FIPS 140-2 conformance on the resulting module, unless the it goes through the validation process again.)
Because these packages contain compiled executable code, they have been signed with a PGP public key which is included inside the package. You can verify the PGP key's fingerprint by following the certificate link and obtaining a copy of the Crypto++ Library Security Policy from NIST's web site. The fingerprint is given in the Security Policy.

Crypto++ Library 5.0.4 (32-bit Windows DLL, calling application must be compiled with MSVC 6.0) [download package] [download PGP signature] [certificate #343]
Crypto++ Library 5.2.3 (32-bit Windows DLL, calling application must be compiled with MSVC .NET 2003) [download package] [download PGP signature] [certificate #562]
Crypto++ Library 5.3.0 (32-bit and 64-bit Windows DLL, calling application must be compiled with MSVC 2005) [download package] [download PGP signature] [certificate #819] "
0
 
Dave HoweSoftware and Hardware EngineerCommented:
That is not true - OpenSSL is valid for FIPS when compiled in its FIPS mode, and doesn't require a precompiled binary.
AFAIK though, OpenSSL is the only FIPS approved library for which this is true :)
0
 
evilrixSenior Software Engineer (Avast)Commented:
>> AFAIK though, OpenSSL is the only FIPS approved library for which this is true
Fair enough, I'm only going by the details on the Crypto++ website
0
 
Dave HoweSoftware and Hardware EngineerCommented:
yup, I try to avoid marketing fluff - however, validating the binary is much, much cheaper (its just IBM needed to be able to validate openssl across a wide range of platforms, which would have been prohibitive if they needed to validate every possible chipset and unix variant, but fine if they just needed to validate "source for unix" and "source for windows".)

That said, crypto++ *is* evidently FIPS, so that isn't a good reason to use openssl instead. I prefer openssl, but mostly because I am familar with it (almost all the crypto I need to write these days is ssl or x509 certificate related, and openssl is pretty much the defacto standard for such code) - which of course isn't an issue in this context.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.