?
Solved

Writing AES-256 Encrypter/Decrypter in C++

Posted on 2009-04-21
9
Medium Priority
?
4,029 Views
Last Modified: 2012-05-06
Hi everyone,

I'm looking to write a C++ program that encrypts text with the AES-256 cypher and can also decrypt it with a particular key.

I have searched around the web and stumbled upon a few libraries, but I'm unsure as to how to use them.

Thanks
0
Comment
Question by:bswinnerton
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 4

Assisted Solution

by:newbieal
newbieal earned 1200 total points
ID: 24200494
Here is a simple example:
http://www.example-code.com/vcpp/aes_stringEncryption.asp

Hope this helps.
0
 
LVL 5

Author Comment

by:bswinnerton
ID: 24200645
How would I go about installing that library in xcode?
0
 
LVL 4

Accepted Solution

by:
newbieal earned 1200 total points
ID: 24200712
I'm not familiar with xcode, but here is an example of how to install/reference a library:
http://www.rustyrazorblade.com/2008/02/06/external-libraries-in-xcode/

"In XCode, open up the project settings (under the project menu). Go down to search paths, and you can change your Header search paths to the correct locations where you installed whatever youre looking for. In this case, mine was /usr/local/includes and /usr/local/mysql/"

Hope this helps.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 40

Assisted Solution

by:evilrix
evilrix earned 400 total points
ID: 24201527
>> I'm looking to write a C++ program that encrypts text with the AES-256 cypher
Do you really want to write this from scratch? If this is for commercial software you really would be better off using a fully FIPS140 3rd party library. Roll your own and you can be sure you'll introduce some exploits along the way.

The Crypto++ package is a completely free, cross platform, FIPS140 compliment library, with support for many encryption types.
http://www.cryptopp.com/
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 400 total points
ID: 24202343
Crypto++ is a good choice, but TBH I would go with openssl - that way, if you use the build in its FIPS mode, you automagically get to be a FIPS certified crypto program...
0
 
LVL 40

Expert Comment

by:evilrix
ID: 24202353
>> you automagically get to be a FIPS certified crypto program
I'm sure as long as you use the precompiles versions of Crypto++ the same is also true.

From the main Crypto++ page

"FIPS 140-2 Conformance

The following versions of Crypto++ have been validated by NIST and CSE for FIPS 140-2 level 1 conformance. Because only compiled executable code can receive FIPS validation, these versions are listed separately from the other source-code-only downloads. These download packages include the validated binary object, header files, API reference, and FIPS related documentation. Source code is also included for debugging purposes. (You cannot compile Crypto++ yourself and claim FIPS 140-2 conformance on the resulting module, unless the it goes through the validation process again.)
Because these packages contain compiled executable code, they have been signed with a PGP public key which is included inside the package. You can verify the PGP key's fingerprint by following the certificate link and obtaining a copy of the Crypto++ Library Security Policy from NIST's web site. The fingerprint is given in the Security Policy.

Crypto++ Library 5.0.4 (32-bit Windows DLL, calling application must be compiled with MSVC 6.0) [download package] [download PGP signature] [certificate #343]
Crypto++ Library 5.2.3 (32-bit Windows DLL, calling application must be compiled with MSVC .NET 2003) [download package] [download PGP signature] [certificate #562]
Crypto++ Library 5.3.0 (32-bit and 64-bit Windows DLL, calling application must be compiled with MSVC 2005) [download package] [download PGP signature] [certificate #819] "
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 24203146
That is not true - OpenSSL is valid for FIPS when compiled in its FIPS mode, and doesn't require a precompiled binary.
AFAIK though, OpenSSL is the only FIPS approved library for which this is true :)
0
 
LVL 40

Expert Comment

by:evilrix
ID: 24203155
>> AFAIK though, OpenSSL is the only FIPS approved library for which this is true
Fair enough, I'm only going by the details on the Crypto++ website
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 24203199
yup, I try to avoid marketing fluff - however, validating the binary is much, much cheaper (its just IBM needed to be able to validate openssl across a wide range of platforms, which would have been prohibitive if they needed to validate every possible chipset and unix variant, but fine if they just needed to validate "source for unix" and "source for windows".)

That said, crypto++ *is* evidently FIPS, so that isn't a good reason to use openssl instead. I prefer openssl, but mostly because I am familar with it (almost all the crypto I need to write these days is ssl or x509 certificate related, and openssl is pretty much the defacto standard for such code) - which of course isn't an issue in this context.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.
The goal of this video is to provide viewers with basic examples to understand opening and reading files in the C programming language.
Suggested Courses
Course of the Month13 days, 10 hours left to enroll

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question