Ben,
theEncryptor::blowfish(unsigned char *data, int data_len, unsigned char*
key, unsigned char *ivec, int enc)
In this function you are passing key argument as char *, i am not able
to find alice's public key in char* format, we received that in 2 buffers
and we put that in RSA struct. Which one should i use to pass in here.
Thanks.
// Harshvir
On Wed, Jul 21, 2010 at 10:07 AM, Ben Jones <b...@bhjones.com> wrote:
> Ok, well assuming you're talking about C++ which is what I'm using, then to
> create an RSA key pair you do:
>
> // alice would do this
> RSA *rsa = RSA_generate_key(bits, 65537, NULL, NULL);
>
> // alice can then get the public part of the key and send to bob
> const int max_hex_size = (bits / 4) + 1;
> long size = max_hex_size;
> char keyBufferA[size];
> char keyBufferB[size];
> bzero(keyBufferA,size);
> bzero(keyBufferB,size);
> sprintf(keyBufferA,"%s\r\n",BN_bn2hex(rsa->n));
> sprintf(keyBufferB,"%s\r\n",BN_bn2hex(rsa->e));
> int n = send(sock,keyBufferA,size,0);
> char recBuf[2];
> n = recv(sock,recBuf,2,0);
> n = send(sock,keyBufferB,size,0);
> n = recv(sock,recBuf,2,0);
>
> // bob can then receive the public key, so on bob's end:
> int max_hex_size = (bits / 4) + 1;
> char keybufA[max_hex_size];
> bzero(keybufA,max_hex_size);
> char keybufB[max_hex_size];
> bzero(keybufB,max_hex_size);
> int n = recv(sock,keybufA,max_hex_size,0);
> n = send(sock,"OK",2,0);
> n = recv(sock,keybufB,max_hex_size,0);
> n = send(sock,"OK",2,0);
> rsa = RSA_new();
> BN_hex2bn(&rsa->n, keybufA);
> BN_hex2bn(&rsa->e, keybufB);
>
> // bob can then generate symmetric key
> unsigned char* key;
> int n = RAND_bytes(key, bytes); // if n is 0 then system failed in having
> enough entropy to gather a strong key and should be //considered insecure
>
> // bob can then encrypt key with alice's public key, in fact here is a
> snippet of a function
> // note ivec is an intialisation vector. This is often initialized to 0
> (but doing this is very insecure, but its useful
> // to do this for testing purposes)
> void
> theEncryptor::blowfish(unsigned char *data, int data_len, unsigned char*
> key, unsigned char *ivec, int enc)
> {
>
> // hash the key first!
> unsigned char obuf[20];
> bzero(obuf,20);
> SHA1((const unsigned char*)key, 64, obuf);
>
> BF_KEY bfkey;
> int keySize = 20;//strlen((char*)key);
> BF_set_key(&bfkey, keySize, obuf);
>
> //unsigned char ivec[16];
> //memset(ivec, 0, 16);
>
> unsigned char* out=(unsigned char*) malloc(data_len);
> bzero(out,data_len);
> int num = 0;
>
> // enc is whether to encrypt (true) or decrypt (false)
> BF_cfb64_encrypt(data, out, data_len, &bfkey, ivec, &num, enc);
>
> memcpy(data, out, data_len);
> free(out);
> }
>
> // bob is now free to send the ecnrypted key back to alice
>
> Note: you should also look at the open_ssl api. I found this very helpful.
>
> Cheers,
> Ben.
>
>
>
>
> On 21 July 2010 15:41, Harshvir Sidhu <hvssi...@gmail.com> wrote:
>
>> Ben:
>> Yes thats what i need to do. If you can provide some example, that will
>> be great.
>>
>> Thanks.
>>
>> // Harshvir
>>
>>
>> On Wed, Jul 21, 2010 at 9:17 AM, Ben Jones <b...@bhjones.com> wrote:
>>
>>> Well I implemented something very similar recently but using tcp rather
>>> than udp. In my case, alice creates a public-private key pair and sends
>>> public key to bob. Bob then encrypts randomly generated symmetric key (.e.g
>>> blowish, dsa or aes etc.) with public key and sends the result to alice.
>>> Alice then decrypts with her private key. Both alice and bob have knowledge
>>> of symmetric key which can then be used for secure communication.
>>>
>>> A clear problem with this is a man-in-the-middle attack. There are
>>> functions built into the open ssl framework that allows you do create such
>>> keys manually. If that's what you need to do, I can give a more concrete (
>>> albeit probably naive) example...
>>>
>>> Cheers,
>>> Ben.
>>>
>>>
>>> On 21 July 2010 15:02, Harshvir Sidhu <hvssi...@gmail.com> wrote:
>>>
>>>> Hi All,
>>>> I am trying to use encryption over Client/Server machines. My
>>>> requirement is that i have to use winsock UDP functions to send and receive
>>>> data. Is there some mechanism to perform key and cipher exchange in this
>>>> case, like normally SSL_Connect will do this, but in my case i cannot use
>>>> that. Is there some suggestion for this?
>>>>
>>>> // Harshvir
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>
>>
>
>
>
>
