I'm playing around with AES and write the iv and derived key to the file so that I use it later for decryption...
following function encrypts the file and saves the iv and derived key into the file, it also saves encrypted text into separate file:
void MainWindow::on_button_encrypt() try
{
using namespace std;
using namespace Gtk;
using namespace CryptoPP;
fstream file;
file.open(m_file_name + ".aes", std::ios::out | std::ios::trunc);
if (file.is_open())
{
// get the plain password:
SecByteBlock password;
password_dialog get_passwd(password);
get_passwd.run();
// generate random salt
const int SALT_SIZE = 32;
SecByteBlock salt(SALT_SIZE);
AutoSeededRandomPool prng;
prng.GenerateBlock(salt.BytePtr(), SALT_SIZE);
// derive a key from password and salt:
SecByteBlock key(AES::DEFAULT_KEYLENGTH);
PKCS5_PBKDF2_HMAC<SHA512> gen;
gen.DeriveKey(key.BytePtr(), key.size(), 1, password.BytePtr(), password.size(), salt.BytePtr(), salt.size(), 200);
// genereate random iv:
SecByteBlock iv(AES::BLOCKSIZE);
OS_GenerateRandomBlock(false, iv.BytePtr(), AES::BLOCKSIZE);
// encrypt plain text:
AES::Encryption enc(key.BytePtr(), AES::DEFAULT_KEYLENGTH);
CBC_Mode_ExternalCipher::Encryption mode(enc, iv);
string cipher_text;
StringSink* sink = new StringSink(cipher_text);
StreamTransformationFilter encryptor(mode, sink);
string plain_text = m_file_buffer->get_text();
encryptor.Put(reinterpret_cast<const byte*>(plain_text.c_str()), plain_text.length() + 1);
encryptor.MessageEnd();
// write the result:
file << cipher_text.c_str();
file.close();
file.open(m_file_name + ".key", std::ios::out | std::ios::trunc);
file << key << '\n' << iv;
file.close();
}
}
// catch ...
The above function writes the iv and derived key to the file.
0000000002F9F140
0000000002F9F4E0
Following function is supposed to read the file and decrypt it by using the *.key file:
void MainWindow::on_button_decrypt()
{
using namespace std;
using namespace CryptoPP;
Gtk::MessageDialog info("Info");
fstream file;
file.open("decrypted.txt", ios::out | ios::trunc);
if (file.is_open())
{
// read the key:
fstream stream;
string input;
SecByteBlock key(AES::DEFAULT_KEYLENGTH);
SecByteBlock iv(AES::BLOCKSIZE);
stream.open("test.txt.key", std::ios::in);
if (stream.is_open())
{
getline(stream, input);
key.Assign(reinterpret_cast<const byte*>(input.c_str()), input.size());
input.clear();
getline(stream, input);
iv.Assign(reinterpret_cast<const byte*>(input.c_str()), input.size());
}
else
{
info.set_secondary_text("can't read key file");
info.run();
return;
}
// decrypt:
AES::Decryption dec(key, AES::DEFAULT_KEYLENGTH);
CBC_Mode_ExternalCipher::Decryption mode(dec, iv);
string plain_text;
StringSink* sink = new StringSink(plain_text);
StreamTransformationFilter decryptor(mode, sink);
try
{
// get encrypted text from buffer (obtained from other function):
string cipher_text = m_file_buffer->get_text();
decryptor.Put(reinterpret_cast<const byte*>(cipher_text.c_str()), cipher_text.size());
decryptor.MessageEnd();
file << plain_text;
file.close();
}
catch (CryptoPP::Exception& ex)
{
info.set_secondary_text(ex.what());
info.run();
}
}
}
CryptoPP trows an exception while decrypting saying this:
FileTransformationFilter: ciphertext length is not multiple of a block size.
How ever it does not throw anything if decryption process is done in first function ( on_btn_encrypt() ) no file is read there, so it looks I'm having problem with reading encrypted file but have no idea how?
This is content of encrypted file:
&`OôÍoYjÜMe×Q°Þ
plaintext is:
some text
Do you see what am I missing here? thanks so much!
EDIT:
here are modification which solved the problem as sugested by Qmick and Artjom:
ENCRYPTION
// encrypt the file:
AES::Encryption enc(key.BytePtr(), AES::DEFAULT_KEYLENGTH);
CBC_Mode_ExternalCipher::Encryption mode(enc, iv);
string file = m_file_name + ".aes";
FileSink* sink = new FileSink(file.c_str());
StreamTransformationFilter encryptor(mode, sink);
string plain_text = m_file_buffer->get_text();
encryptor.Put(reinterpret_cast<const byte*>(plain_text.c_str()), plain_text.length());
encryptor.MessageEnd();
// write the key:
file = m_file_name + ".key";
FileSink* out = new FileSink(file.c_str());
Base64Encoder* base64_enc = new Base64Encoder;
base64_enc->Attach(out);
base64_enc->Put(key.BytePtr(), key.size());
base64_enc->MessageEnd();
// write the iv:
file = m_file_name + ".iv";
FileSink* out2 = new FileSink(file.c_str());
Base64Encoder* base64_enc2 = new Base64Encoder;
base64_enc2->Attach(out2);
base64_enc2->Put(iv.BytePtr(), iv.size());
base64_enc2->MessageEnd();
DECRYPTION:
//
// read key
//
string store_key;
StringSink* string_key_in = new StringSink(store_key);
Base64Decoder* base64_key_dec = new Base64Decoder(string_key_in);
string file = "test.txt.key";
FileSource* file_key_in = new FileSource(file.c_str(), true, base64_key_dec);
SecByteBlock key(AES::DEFAULT_KEYLENGTH);
key.Assign(reinterpret_cast<const byte*>(store_key.c_str()), store_key.size());
//
// read iv
//
string store_iv;
StringSink* string_iv_in = new StringSink(store_iv);
Base64Decoder* base64_iv_dec = new Base64Decoder(string_iv_in);
file = "test.txt.iv";
FileSource* file_iv_in = new FileSource(file.c_str(), true, base64_iv_dec);
SecByteBlock iv(AES::BLOCKSIZE);
iv.Assign(reinterpret_cast<const byte*>(store_iv.c_str()), store_iv.size());
// read ciphertext:
string store_ciphertext;
StringSink* ciphertext_in = new StringSink(store_ciphertext);
file = m_file_name;
FileSource* file_ciphertext_in = new FileSource(file.c_str(), true, ciphertext_in);
SecByteBlock cipher_text;
cipher_text.Assign(reinterpret_cast<const byte*>(store_ciphertext.c_str()), store_ciphertext.size());
//
// decrypt:
//
AES::Decryption dec(key, AES::DEFAULT_KEYLENGTH);
CBC_Mode_ExternalCipher::Decryption mode(dec, iv);
file = "decrypted.txt";
FileSink* sink = new FileSink(file.c_str());
StreamTransformationFilter decryptor(mode, sink);
decryptor.Put(cipher_text.BytePtr(), cipher_text.size());
decryptor.MessageEnd();
There is no guarentee cipher text will not contain escape sequence like \n, which make getline() get wrong string(truncated).
So it is recommended to transform the cipher text to hex or something else to avoid escape sequence.
Related
So I have this piece of C# code:
void Decrypt(Stream input, Stream output, string password, int bufferSize) {
using (var algorithm = Aes.Create()) {
var IV = new byte[16];
input.Read(IV, 0, 16);
algorithm.IV = IV;
var key = new Rfc2898DeriveBytes(password, algorithm.IV, 100);
algorithm.Key = key.GetBytes(16);
using(var decryptor = algorithm.CreateDecryptor())
using(var cryptoStream = new CryptoStream(input, decryptor, CryptoStreamMode.Read)) {
CopyStream(cryptoStream, output, bufferSize);
}
}
}
and I am trying to translate this into C++ with CryptoPP.
So this is what I have written:
void decrypt(std::ifstream& in_file, std::ofstream& out_file, std::string_view password, size_t bufSize) {
using namespace CryptoPP;
// Get IV
byte iv[16];
in_file.read(reinterpret_cast<char*>(iv), sizeof(iv));
// Read cypher
std::string cypher;
while (in_file && cypher.size() != bufSize) {
char c;
in_file.read(&c, 1);
cypher.push_back(c);
}
// Get key
byte key[16];
PKCS5_PBKDF2_HMAC<SHA1> pbkdf2;
pbkdf2.DeriveKey(key, sizeof(key), 0, reinterpret_cast<const byte*>(password.data()), password.size(), iv, sizeof(iv), 100);
// Decrypt
CTR_Mode<AES>::Decryption decrypt(key, sizeof(key), iv);
std::string output;
StringSource(cypher, true, new StreamTransformationFilter(decrypt, new StringSink(output)));
// Write output to file
out_file.write(output.data(), output.size());
}
However, from this function, I am only getting back trash data. What could I be doing wrong?
Thanks
Tuxifan!
So I found the solution! First of all, as #mbd mentioned, C# uses CBC by default. Additionally, I need to cut away the rest of the data like this:
while ((cipher.size() % 16) != 0) {
cipher.pop_back();
}
I'm trying to encrypt a file using AES EAX mode and CryptoPP library.
Here is the main() content:
SecByteBlock key(AES::MAX_KEYLENGTH);
rnd.GenerateBlock(key, key.size());
ArraySource as(key.begin(), key.size(), true, new FileSink("key.bin"));
SecByteBlock iv(AES::BLOCKSIZE);
rnd.GenerateBlock(iv, AES::BLOCKSIZE);
EAX<AES>::Encryption encryptor;
encryptor.SetKeyWithIV(key, key.size(), iv, iv.size());
FileSink file("image.jpg.enc");
ArraySource write_iv(iv, iv.size(), true, new Redirector(file));
FileSource write_ciphertext("image.jpg", true, new AuthenticatedEncryptionFilter(encryptor, new Redirector(file)));
const int delete_file = std::remove("image.jpg");
std::cout << delete_file << std::endl;
std::cout << "Error code is:" << GetLastError();
return 0;
The encryption part ends successfully,however,removing the original file (image.jpg) fails.The output I get is:
Error code is:32
Which is an ERROR_SHARING_VIOLATION, meaning that "The process cannot access the file because it is being used by another process."
My question is : How can I close the file after the Filesource line,to be able to delete the file after ? With a classic ifstream ,it would be file.close(), but how can i do it with Crypto++ ?
I'm not familiar with crypto++ but if they're following the RAII pattern then triggering the ~FileSource destructor should be sufficient to close the handle of the file.
In C++ you would use an anonymous scope to define the lifetime of an automatic variable. Anonymous scopes are defined using curly braces without any keywords:
using namespace std;
...
encryptor.SetKeyWithIV(key, key.size(), iv, iv.size());
// begin an anonymous scope:
{
FileSink file ( "image.jpg.enc" );
ArraySource write_iv ( iv, iv.size(), true, new Redirector( file ) );
FileSource write_ciphertext ( "image.jpg", true, new AuthenticatedEncryptionFilter( encryptor, new Redirector( file ) ) );
}
// end the scope, causing all objects declared within to have their destructors called
const int delete_file = remove("image.jpg");
cout << delete_file << endl;
cout << "Error code is:" << GetLastError();
...
BTW, I noticed you use new without delete. I believe you can make those argument objects also automatic, like so:
using namespace std;
...
encryptor.SetKeyWithIV(key, key.size(), iv, iv.size());
// begin an anonymous scope:
{
FileSink file ( "image.jpg.enc" );
Redirector write_redir ( file );
ArraySource write_iv ( iv, iv.size(), true, &write_redir );
AuthenticatedEncryptionFilter filter ( encryptor, &write_redir )
FileSource write_ciphertext( "image.jpg", true, &filter );
}
// end the scope, causing all objects declared within to have their destructors called
const int delete_file = remove("image.jpg");
cout << delete_file << endl;
cout << "Error code is:" << GetLastError();
...
I am looking for a bit of help with my encode/decode functions on cross platforms. Currently the code works across windows OS's but fails on linux. Currently it is untested on Mac.
void tradingDialog::on_SaveKeys_clicked()
{
// Encryption properties store iv and password information
EncryptionProperties props;
// Generate a 256 bit random IV from 4 separate 64 bit numbers
props.iv = crypto_random();
props.iv2 = crypto_random();
props.iv3 = crypto_random();
props.iv4 = crypto_random();
// What cipher function do we require?
props.cipher = Algorithm::AES;
// Qstring to string
string password = ui->PasswordInput->text().toUtf8().constData();
// the password used for encryption / decryption
props.password = string(password);
/*========== The main cryptostreampp usage ==========*/
boost::filesystem::path pathAPI = GetDataDir() / "APIcache.txt";
// Create a stream in output mode to create a brand new file called apicache.txt
//CryptoStreamPP stream(pathAPI.string(), props, std::ios::out | std::ios::binary | std::ios::trunc);
CryptoStreamPP stream(pathAPI.string(), props, std::ios::out | std::ios::binary | std::ios::trunc);
// ------------------------------------------------------
// NOTE:
// After creating the stream, there will be a short pause
// as the key stream is initialized. This accounts for
// one million iterations of PBKDF2
// ------------------------------------------------------
// write to the stream as you would a normal fstream. Normally
// you would write a buffer of char data. In this example,
// we write a string which is basically the same thing.
// Stream operator support to be properly added in future.
// qstrings to utf8, add to byteArray and convert to const char for stream
const QByteArray byteArray = (ui->ApiKeyInput->text().toUtf8() + ui->SecretKeyInput->text().toUtf8());
const char *API = byteArray.constData();
stream.write(API, 64);
// make sure stream is flushed before closing it
stream.flush();
stream.close();
}
void tradingDialog::on_LoadKeys_clicked()
{
// Encryption properties store iv and password information
EncryptionProperties props;
// Generate a 256 bit random IV from 4 separate 64 bit numbers
props.iv = crypto_random();
props.iv2 = crypto_random();
props.iv3 = crypto_random();
props.iv4 = crypto_random();
// What cipher function do we require?
props.cipher = Algorithm::AES;
// Qstring to string
string password = ui->PasswordInput->text().toUtf8().constData();
// the password used for encryption / decryption
props.password = string(password);
boost::filesystem::path pathAPI = GetDataDir() / "APIcache.txt";
// Create a stream in input mode to open a file named APIcache.txt
CryptoStreamPP stream(pathAPI.string(), props, std::ios::in | std::ios::binary);
// Read in a buffer of data
{
QString Key = "";
stream.seekg(0);
char buffer[33];
stream.read(buffer, 32);
buffer[32] = '\0';
// Should print out "api key 32 digit"
Key = buffer;
ui->ApiKeyInput->setText(Key);
}
stream.flush();
// now seek to digit 32 and read in api secret
{
QString Secret = "";
stream.seekg(32);
char buffer[33];
stream.read(buffer, 32);
buffer[32] = '\0';
// Should print out "api secret 32 digit"
Secret = buffer;
ui->SecretKeyInput->setText(Secret);
}
stream.flush();
stream.close();
}
When printing "password" and "API" in "on_SaveKeys_clicked()". Both are correct.
When printing "password" in "on_LoadKeys_clicked()" it is correct.
When printing "Key" in "on_LoadKeys_clicked()" it is incorrect.
When printing "Secret" in "on_LoadKeys_clicked()" it is incorrect.
CryptoStreamPP can be found at https://github.com/benhj/CryptoStreamPP/tree/master/cryptostreampp
I have a Java code for encryption in place as follows!
private static byte[] encrypt(byte[] raw, byte[] clear) throws
Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = null;
if(isIVUsedForCrypto) {
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(IV));
}
else
{
cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
}
byte[] encrypted = cipher.doFinal(clear);
return encrypted;
}
public static byte[] toByte(String hexString) {
int len = hexString.length()/2;
byte[] result = new byte[len];
try{
for (int i = 0; i < len; i++) {
result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2),16).byteValue();
}
}catch (Exception e) {
}
return result;
}
public static String toHex(byte[] buf) {
if (buf == null)
return "";
StringBuffer result = new StringBuffer(2*buf.length);
for (int i = 0; i < buf.length; i++) {
appendHex(result, buf[i]);
}
return result.toString();
}
private final static String HEX = "0123456789ABCDEF";
private static void appendHex(StringBuffer sb, byte b) {
sb.append(HEX.charAt((b>>4)&0x0f)).append(HEX.charAt(b&0x0f));
}
From Java main method:
byte[] result = encrypt(toByte(rawKey), plaintext.getBytes());
I need to write the C++ equivalent for the above methods (in java). I am not aware of the C++ classes for Cryptography and would like someone to please provide an example showing the same.
Thanks in advance
EDIT
My raw key would be in hexadecimal like -> 729308A8E815F6A46EB3A8AE6D5463CA7B64A0E2E11BC26A68106FC7697E727E
and my final encrypted password is --> 812DCE870D82E93DB62CDA66AAF37FB2
This works in Java but I need a similar solution for C++
Try this:
#include <crypto++/aes.h>
#include <crypto++/modes.h>
#include <crypto++/filters.h>
#include <crypto++/hex.h>
#include <crypto++/sha.h>
#include <crypto++/md5.h>
QString Foo::decrypt(const QString &password)
{
string plain;
string encrypted = password.toStdString();
// Hex decode symmetric key:
HexDecoder decoder;
decoder.Put( (byte *)PRIVATE_KEY,32*2 );
decoder.MessageEnd();
word64 size = decoder.MaxRetrievable();
char *decodedKey = new char[size];
decoder.Get((byte *)decodedKey, size);
// Generate Cipher, Key, and CBC
byte key[ AES::MAX_KEYLENGTH ], iv[ AES::BLOCKSIZE ];
StringSource( reinterpret_cast<const char *>(decodedKey), true,
new HashFilter(*(new SHA256), new ArraySink(key, AES::MAX_KEYLENGTH)) );
memset( iv, 0x00, AES::BLOCKSIZE );
try {
CBC_Mode<AES>::Decryption Decryptor
( key, sizeof(key), iv );
StringSource( encrypted, true,
new HexDecoder(new StreamTransformationFilter( Decryptor,
new StringSink( plain ) ) ) );
}
catch (Exception &e) { // ...
}
catch (...) { // ...
}
return QString::fromStdString(plain);
}
QString Foo::encrypt(const QString &password)
{
string plain = password.toStdString();
string ciphertext;
// Hex decode symmetric key:
HexDecoder decoder;
decoder.Put( (byte *)PRIVATE_KEY, 32*2 );
decoder.MessageEnd();
word64 size = decoder.MaxRetrievable();
char *decodedKey = new char[size];
decoder.Get((byte *)decodedKey, size);
// Generate Cipher, Key, and CBC
byte key[ AES::MAX_KEYLENGTH ], iv[ AES::BLOCKSIZE ];
StringSource( reinterpret_cast<const char *>(decodedKey), true,
new HashFilter(*(new SHA256), new ArraySink(key, AES::MAX_KEYLENGTH)) );
memset( iv, 0x00, AES::BLOCKSIZE );
CBC_Mode<AES>::Encryption Encryptor( key, sizeof(key), iv );
StringSource( plain, true, new StreamTransformationFilter( Encryptor,
new HexEncoder(new StringSink( ciphertext ) ) ) );
return QString::fromStdString(ciphertext);
}
Update:
Use above code as follows:
//...
#define PRIVATE_KEY "729308A8E815F6A46EB3A8AE6D5463CA7B64A0E2E11BC26A68106FC7697E727E37011"
QString encrypted = Foo::encryptPassword("test");
// use encrypted
Personally I don't like to reveal private key in source code. So I'll pass it to compiler in command line:
g++ -DPRIVATE_KEY \"\"\"123...\"\"\" ...
Where PRIVATE_KEY is your private key in plain text. If you have the key in HEX encode, just remove Hex decode symmetric key step.
I want to make program that encrypts (later decrypts) user inputted string.
Here is beginning for encryption:
QString getData = ui->text->toPlainText(); //Data to process
std::string output; //Result will be Base32 encoded string, so std::string is fine.
Now, I have to convert QString to char* or std::string so it can be accepted with Crypto++. I thought that QByteArray would be fine, as it has .data() function, which returns char *. (getData always 17 or more bytes long: CryptoPP requires at least 17 bytes for AES encryption).
So, I have used following code:
QByteArray data;
data.append(getData);
//Creating key and iv:
//Creating AES encryptor:
//Encrypting AES and Base32:
CryptoPP::StringSource ss((const byte*)data.data(), data.size() , true,
new CryptoPP::StreamTransformationFilter( Encryptor,
new CryptoPP::Base32Encoder(
new CryptoPP::StringSink(output)
) // Base32Encoder
) // StreamTransformationFilter
); // StringSource
ui->text->clear();
getData = output.c_str();
ui->text->setText(getData);
Everything is seems to be fine. But I want it to support non-ASCII characters (I mean russian, lithuanian etc.). After decryption they change to ?. How could I fix this? I understand, that std::string doesn`t support them.
EDIT: Here is updated code:
Encryption:
QString getData = ui->text->toPlainText(); //Data to process
std::string output;
QByteArray data = getData.toUtf8();
//Creating key and iv: <..>
//Creating AES encryptor: <..>
//Encrypting AES and Base32:
CryptoPP::StringSource ss((const byte*) data.data(),getData.size()*2, true,
new CryptoPP::StreamTransformationFilter( Encryptor,
new CryptoPP::Base32Encoder(
new CryptoPP::StringSink(output)
) // Base32Encoder
) // StreamTransformationFilter
); // StringSource
ui->text->clear();
getData = output.c_str();
ui->text->setText(getData);
And decryption:
QString getData = ui->text->toPlainText();
QByteArray data;
data.append(getData);
std::string output;
//Creating key and iv:
byte key[ CryptoPP::AES::DEFAULT_KEYLENGTH ],
iv[ CryptoPP::AES::BLOCKSIZE ];
//Memsetting them: (randomization needed)
::memset( key, 0x01, CryptoPP::AES::DEFAULT_KEYLENGTH );
::memset( iv, 0x01, CryptoPP::AES::BLOCKSIZE );
//Creating AES decryptor:
CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption decryptor( key, sizeof(key), iv );
//Decrypting Base32 and AES
CryptoPP::StringSource ss((const byte*) data.data(), data.size(), true,
new CryptoPP::Base32Decoder(
new CryptoPP::StreamTransformationFilter( Decryptor,
new CryptoPP::StringSink(output)
) // StreamTransformationFilter
) // Base32Encoder
); // StringSource
ui->text->clear();
getData = QString::fromUtf8(output.c_str());
ui->text->setText(getData);
Does it have any bugs I have missed?
I think you're losing data when converting from QString to QByteArray. Try this:
QByteArray data = getData.toUtf8();
...
getData = QString::fromUtf8( output.c_str() );
Use reinterpret_cast<byte*>(QString::data()) instead. Don't try to actually do code page conversion here -- AES does not care. Use an ArraySink instead of a StringSink.
Keep in mind that the size of the actual QString::data() buffer is twice the number of characters contained there, because it uses UTF-16.