Re: Just Encryption Using Openssl
Well I implemented something very similar recently but using tcp rather than udp. In my case, alice creates a public-private key pair and sends public key to bob. Bob then encrypts randomly generated symmetric key (.e.g blowish, dsa or aes etc.) with public key and sends the result to alice. Alice then decrypts with her private key. Both alice and bob have knowledge of symmetric key which can then be used for secure communication. A clear problem with this is a man-in-the-middle attack. There are functions built into the open ssl framework that allows you do create such keys manually. If that's what you need to do, I can give a more concrete ( albeit probably naive) example... Cheers, Ben. On 21 July 2010 15:02, Harshvir Sidhu hvssi...@gmail.com wrote: Hi All, I am trying to use encryption over Client/Server machines. My requirement is that i have to use winsock UDP functions to send and receive data. Is there some mechanism to perform key and cipher exchange in this case, like normally SSL_Connect will do this, but in my case i cannot use that. Is there some suggestion for this? // Harshvir
Re: Just Encryption Using Openssl
Ok, well assuming you're talking about C++ which is what I'm using, then to
create an RSA key pair you do:
// alice would do this
RSA *rsa = RSA_generate_key(bits, 65537, NULL, NULL);
// alice can then get the public part of the key and send to bob
const int max_hex_size = (bits / 4) + 1;
long size = max_hex_size;
char keyBufferA[size];
char keyBufferB[size];
bzero(keyBufferA,size);
bzero(keyBufferB,size);
sprintf(keyBufferA,%s\r\n,BN_bn2hex(rsa-n));
sprintf(keyBufferB,%s\r\n,BN_bn2hex(rsa-e));
int n = send(sock,keyBufferA,size,0);
char recBuf[2];
n = recv(sock,recBuf,2,0);
n = send(sock,keyBufferB,size,0);
n = recv(sock,recBuf,2,0);
// bob can then receive the public key, so on bob's end:
int max_hex_size = (bits / 4) + 1;
char keybufA[max_hex_size];
bzero(keybufA,max_hex_size);
char keybufB[max_hex_size];
bzero(keybufB,max_hex_size);
int n = recv(sock,keybufA,max_hex_size,0);
n = send(sock,OK,2,0);
n = recv(sock,keybufB,max_hex_size,0);
n = send(sock,OK,2,0);
rsa = RSA_new();
BN_hex2bn(rsa-n, keybufA);
BN_hex2bn(rsa-e, keybufB);
// bob can then generate symmetric key
unsigned char* key;
int n = RAND_bytes(key, bytes); // if n is 0 then system failed in having
enough entropy to gather a strong key and should be //considered insecure
// bob can then encrypt key with alice's public key, in fact here is a
snippet of a function
// note ivec is an intialisation vector. This is often initialized to 0 (but
doing this is very insecure, but its useful
// to do this for testing purposes)
void
theEncryptor::blowfish(unsigned char *data, int data_len, unsigned char*
key, unsigned char *ivec, int enc)
{
// hash the key first!
unsigned char obuf[20];
bzero(obuf,20);
SHA1((const unsigned char*)key, 64, obuf);
BF_KEY bfkey;
int keySize = 20;//strlen((char*)key);
BF_set_key(bfkey, keySize, obuf);
//unsigned char ivec[16];
//memset(ivec, 0, 16);
unsigned char* out=(unsigned char*) malloc(data_len);
bzero(out,data_len);
int num = 0;
// enc is whether to encrypt (true) or decrypt (false)
BF_cfb64_encrypt(data, out, data_len, bfkey, ivec, num, enc);
memcpy(data, out, data_len);
free(out);
}
// bob is now free to send the ecnrypted key back to alice
Note: you should also look at the open_ssl api. I found this very helpful.
Cheers,
Ben.
On 21 July 2010 15:41, Harshvir Sidhu hvssi...@gmail.com wrote:
Ben:
Yes thats what i need to do. If you can provide some example, that will
be great.
Thanks.
// Harshvir
On Wed, Jul 21, 2010 at 9:17 AM, Ben Jones b...@bhjones.com wrote:
Well I implemented something very similar recently but using tcp rather
than udp. In my case, alice creates a public-private key pair and sends
public key to bob. Bob then encrypts randomly generated symmetric key (.e.g
blowish, dsa or aes etc.) with public key and sends the result to alice.
Alice then decrypts with her private key. Both alice and bob have knowledge
of symmetric key which can then be used for secure communication.
A clear problem with this is a man-in-the-middle attack. There are
functions built into the open ssl framework that allows you do create such
keys manually. If that's what you need to do, I can give a more concrete (
albeit probably naive) example...
Cheers,
Ben.
On 21 July 2010 15:02, Harshvir Sidhu hvssi...@gmail.com wrote:
Hi All,
I am trying to use encryption over Client/Server machines. My
requirement is that i have to use winsock UDP functions to send and receive
data. Is there some mechanism to perform key and cipher exchange in this
case, like normally SSL_Connect will do this, but in my case i cannot use
that. Is there some suggestion for this?
// Harshvir
Re: recommended rsa api
note, also see http://stackoverflow.com/questions/2012645/can-you-help-me-get-my-head-around-openssl-public-key-encryption-with-rsa-h-in-c Cheers, Ben. On 20 January 2010 16:22, Anand Patel anand.apa...@gmail.com wrote: For RSA API take a look at http://openssl.org/docs/crypto/rsa.html# -Anand On Wed, Jan 20, 2010 at 11:18 AM, Anand Patel anand.apa...@gmail.comwrote: EVP is oneway of implementing your solution. Look at Example section of http://openssl.org/docs/crypto/EVP_EncryptInit.html# -Anand On Wed, Jan 20, 2010 at 10:14 AM, Alexey Luchko l...@ank-sia.com wrote: Hi! I'm new to openssl. I need to encrypt and decrypt approx 1k block of data with rsa. What is recommended api for the case? I've found RSA_public_encrypt() and RSA_private_decrypt(). It looks like a kind of low level api. But here I've got a problem with OAEP padding. Another one is EVP_PKEY_encrypt() and EVP_PKEY_decrypt(). It is of a higher level. It encodes and decodes correctly only one block for me, but looks like it could operate on block of any size. And I've not found any use cases with google code search. It looks like I missed smth ;) Any advice is very welcome! -- Thanks in advance, Alexey sms stands for save my soul __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Ben H D Jones www.bhjones.com
Re: recommended rsa api
Hi there Alexey
Many people will tell you to use the EVP stuff and quite frankly, they're
most likely right. However, I've not managed to figure out the EVP stuff so
I use the public_encrypt and private_decrypt functions instead. I have
written the following functions to encapsulate the functionality I need.
Adapt them as you like :-)
void
theEncryptor::generateRSAKeyPair(int bits)
{
rsa = RSA_generate_key(bits, 65537, NULL, NULL);
}
int
theEncryptor::publicEncrypt(unsigned char* data, unsigned char*
dataEncrypted,int dataLen)
{
return RSA_public_encrypt(dataLen, data, dataEncrypted, rsa,
RSA_PKCS1_PADDING);
}
int
theEncryptor::privateDecrypt(unsigned char* dataEncrypted,
unsigned char* dataDecrypted)
{
return RSA_private_decrypt(RSA_size(rsa), dataEncrypted,
dataDecrypted, rsa, RSA_PKCS1_PADDING);
}
Then since I am receiving a public key, I have a sockets framework:
void
theEncryptor::receivePublicKeyAndSetRSA(int sock, int bits)
{
int max_hex_size = (bits / 4) + 1;
char keybufA[max_hex_size];
bzero(keybufA,max_hex_size);
char keybufB[max_hex_size];
bzero(keybufB,max_hex_size);
int n = recv(sock,keybufA,max_hex_size,0);
n = send(sock,OK,2,0);
n = recv(sock,keybufB,max_hex_size,0);
n = send(sock,OK,2,0);
rsa = RSA_new();
BN_hex2bn(rsa-n, keybufA);
BN_hex2bn(rsa-e, keybufB);
}
void
theEncryptor::transmitPublicKey(int sock, int bits)
{
const int max_hex_size = (bits / 4) + 1;
long size = max_hex_size;
char keyBufferA[size];
char keyBufferB[size];
bzero(keyBufferA,size);
bzero(keyBufferB,size);
sprintf(keyBufferA,%s\r\n,BN_bn2hex(rsa-n));
sprintf(keyBufferB,%s\r\n,BN_bn2hex(rsa-e));
int n = send(sock,keyBufferA,size,0);
char recBuf[2];
n = recv(sock,recBuf,2,0);
n = send(sock,keyBufferB,size,0);
n = recv(sock,recBuf,2,0);
}
Best Wishes,
Ben.
On 20 January 2010 15:14, Alexey Luchko l...@ank-sia.com wrote:
Hi!
I'm new to openssl.
I need to encrypt and decrypt approx 1k block of data with rsa.
What is recommended api for the case?
I've found RSA_public_encrypt() and RSA_private_decrypt().
It looks like a kind of low level api.
But here I've got a problem with OAEP padding.
Another one is EVP_PKEY_encrypt() and EVP_PKEY_decrypt().
It is of a higher level.
It encodes and decodes correctly only one block for me,
but looks like it could operate on block of any size.
And I've not found any use cases with google code search.
It looks like I missed smth ;)
Any advice is very welcome!
--
Thanks in advance,
Alexey
sms stands for save my soul
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
Ben H D Jones
www.bhjones.com
blowfish.h use in simple server/client application
Hi, (I hope this is the correct list to be asking this, apologies if not)
I am trying to write an application which amongst other things uses the
blowfish implementation (blowfish.h) to transport files over a simple
server/client pair.
However, whilst some files are encrypted, transported, received and
decrypted correctly, some end up being corrupted, after the final decryption
stage. This leads me to think that the encryption routines are not being
called correctly (since I have also tried with equivalent DES library calls,
with the same 'intermittent corruption' results).
The relevant code is pasted below and further mirrored at
http://pastebin.com/d4d166d12.
So it starts with the function send_file (called by a connected client).
This splits the file into chunks. Each 1024 byte chunk is encrypted
separately and then sent. Each chunk is then received by the server in the
receive_file function, decrypted and saved to disc.
Any idea what the problem could be?
Cheers,
Ben.
inline void blowfish(unsigned char *data, int data_len, char* key, int enc)
{
BF_KEY bfkey;
BF_set_key(bfkey, strlen(key)+1, (const unsigned char*)key);
unsigned char ivec[8];
memset(ivec, 0, 8);
unsigned char *out = (unsigned char*) malloc(1024);
bzero(out,1024);
int num = 0;
BF_cfb64_encrypt(data, out, data_len, bfkey, ivec, num, enc);
memcpy(data, out, data_len);
free(out);
}
void
MyFrame::encryptHelper(const char* orig, int inlength)
{
char *pb=(char*)(std::string((passInput-GetValue()).mb_str()).c_str());
blowfish((unsigned char*)orig, inlength, pb, BF_ENCRYPT);
}
void
MyFrame::decryptHelper(const char* orig, int inlength)
{
char *pb=(char*)(std::string((passInput-GetValue()).mb_str()).c_str());
blowfish((unsigned char*)orig, inlength, pb, BF_DECRYPT);
}
int
MyFrame::send_file(int fd)
{
// Note file size and name of file which the receiver is expecting have been
sent
// in a function prior to the call of this one
char rec[10];
struct stat stat_buf;
fstat (fd, stat_buf);
int size=stat_buf.st_size;
while(size 0)
{
char buffer[1030];
bzero(buffer,1030);
bzero(rec,10);
int n;
if(size=1024)
{
n=read(fd, buffer, 1024);
// encrypt is necessary
if(encButtonOn-GetValue()) encryptHelper(buffer,1024);
// Send a chunk of data
n=send(sockFile_, buffer, 1024, 0 );
// Wait for an acknowledgement
n = recv(sockFile_, rec, 10, 0 );
}
else // reamining file bytes
{
n=read(fd, buffer, size);
if(encButtonOn-GetValue()) encryptHelper(buffer,size);
buffer[size]='\0';
n=send(sockFile_,buffer, size, 0 );
n=recv(sockFile_, rec, 10, 0 );
}
}
// Send a 'completion' string
int n = send(sockFile_, COMP,strlen(COMP), 0 );
// Receive an acknowledgemnt
char buf[10];
bzero(buf,10);
n = recv(sockFile_, buf, 10, 0 );
return(0);
}
int
MyFrame::receive_file()
{
// receive file size and send ack
char sizeBuffer[50];
bzero(sizeBuffer,50);
int n;
n=read(sockFile_, sizeBuffer, 50);
n=send(sockFile_,OK, strlen(OK), 0 );
int size = atoi(sizeBuffer);
//std::coutsizestd::endl;
// receive file name and send ack
char saveName[256];
bzero(saveName,256);
n=read(sockFile_, saveName, 256);
n=send(sockFile_,OK,strlen(OK), 0 );
//std::coutsaveName_std::endl;
// start file writing process to local disk
// decrypt first if necessary
if(encButtonOn-GetValue()) decryptHelper(saveName,strlen(saveName));
ofstream outFile(saveName,ios::out|ios::binary|ios::app);
while(size 0)
{
// buffer for storing incoming data
char buf[1030];
bzero(buf,1030);
if(size=1024)
{
// receive chunk of data
n=recv(sockFile_, buf, 1024, 0 );
// decrypt if necessary
if(encButtonOn-GetValue()) decryptHelper(buf,1024);
// write chunk of data to disk
outFile.write(buf,1024);
// send acknowledgement
n = send(sockFile_, OK, strlen(OK), 0 );
}
else
{
n=recv(sockFile_, buf, size, 0 );
if(encButtonOn-GetValue()) decryptHelper(buf,size);
buf[size]='\0';
outFile.write(buf,size);
n = send(sockFile_, OK, strlen(OK), 0 );
}
size -= 1024;
}
outFile.close();
// Receive 'COMP' and send acknowledgement
// ---
char buf[10];
bzero(buf,10);
n = recv(sockFile_, buf, 10, 0 );
n = send(sockFile_, OK, strlen(OK), 0 );
std::coutFile received...std::endl;
return(0);
}
