I need to encryption several pieces of text in a file along side unencrypted text in the same file. All the data is Unicode text.
In all the encryption libraries I have looked at Crypto++ Botan Etc... None of them "appear" to provide Unicode aware methods for encrypting / decrypting data E.G. data can be passed in/out using char, string instead of wchar wstring. Does this matter? Just looking for some guidance.
Encryption libraries will use your data as a binary blob, not as characters. So it doesn't matter in what encoding the data is.
Encoding only affects interpretation of the data, not the data itself.
In other words: It doesn't matter
Encryption works at byte level. It always requires binary blob as an input. So It does not matter in which encoding you are using to interpret data.
Related
I am doing this small university project, where I have to create a console-based text editor with some features, and making files password protected is one of them. As I said, it's a university project for an introductory OOP course, so it doesn't need to be the most secure thing on planet. I am planning to use a simple Caesar cipher to encrypt my file.
The only problem is the password. I'll use the password as the encryption key and it will work, but the problem is handling the case where the password is wrong. If no checks are placed then it would just show gibberish, but I want to make it so that it displays a message in case of a wrong password.
The idea I have come up with is to somehow store the hash of the unencrypted file in that text file (but it shouldn't show that hash when I open the file up with notepad) and after decrypting with the provided password, I can just hash the contents and check if it matches with the hidden hash stored in that file. Is it possible?
I am using Windows, by the way, and portability is not an issue.
In general, you can't theoretically design a data format where nothing but plain text is a valid subset of it, but there can also be metadata (hash or something else). Just think about it: how do you store something other than text (i. e. metadata) in a file where every single byte is to be interpreted as text?
That said, there are some tricks to hide the metadata in plain sight. With Unicode, the palette of tricks is wider. For example, you can use spacelike characters to encode metadata or indicate metadata presence in the way that the user won't notice. Consider Unicode BOM. It's the "zero-length space" character. Won't be seen in Notepad, serves as metadata. You could so something similar.
They already mentioned alternative data streams. While one of those could work to keep the metadata, an alternative data stream doesn't survive archival, e-mailing, uploading to Google Drive/OneDrive/Dropbox, copying with a program that is not aware of it, or copying to a filesystem that doesn't support it (e. g. a CD or a flash drive with FAT).
So I was looking at ways to lock file folders with a password in windows, and this type of security is not really supported.
Given I know C++ I was wondering if I could simply do this myself.
It would be simple enough, in the case of a text file, to copy the entire contents of the file into a C-string. I could then use basic logic to prompt for a password, if it matches, use an fstream overload and insert the whole string into a text file.
Then, simply wipe the file when I'm done using it.
I basically know how to do this, and the result would be a string containing the document compiled into a .exe which I assume would be unreadable. The thing is, I've never really studied encryption or computer security so I'm wondering how secure this would be, or if there is a better way to do this?
Could it be done on photo or video files as well, if so, how?
How hard would it be to reverse (decompile) the process?
What types of things could I do to make reversal more difficult, ie. using multiple strings, or mixing in random characters?
I'm not looking to hide super-sensitive files, I'm just curious about encryption basics.
Never implement crypto yourself - it is destined to fail. Use well reviewed libraries such as OpenSSL. A good example of using AES for file encryption: Encrypting and decrypting a small file using openssl
Using such simple approach will let you encrypt any file. And it will be secure. Why settle for weak encryption if you can have strong encryption?
If you don't want to write a program, just get, for example, OpenSSL and use the terminal: openssl des3 -salt -in file.txt -out file.des3
I have encrypted a file with openssl, now I would like to read the encrypted file (actually parse that file) without decrypting it. Basically I want to see if the encrypted file contains a certain word. How can I do that? I searched different blogs and posts and the only solution I could come up with is to decrypt the file (which creates a new READABLE file), search the word in the decrypted file and then remove it. Since I don't like having to create a decrypted copy of the file and then remove it, is there any way that I can parse/read the file without decrypting it? I should probably mention that I am using c++, but I don't think it really matters, am I correct?
Thanks in advance for all the help you can give me.
There is no way to parse a file that is encrypted (at least if you are using a reasonable, not trivially breakable - pretty much everything beyond a Ceasar cipher or a XOR cipher counts as "not trivially breakable" in this context).
In other words, you will need to find a way to decrypt the content - one solution is of course to decrypt to memory, or to stdout and use a pipe to read from the file.
An example (written here as a general idea, the exact code may need some adjusting):
FILE* p = popen("openssl des3 -d -in myfile.encrypted", "r");
int ch;
while((ch = fgetc(p)) != EOF)
{
... process a character at a time ...
}
pclose(p);
I have encrypted a file with openssl, now I would like to read the encrypted file (actually parse that file) without decrypting it... to see if the encrypted file contains a certain word.
To preserve semantic security, you need to use a homomorphic encryption scheme. OpenSSL does not support those cryptosystems, so its probably not possible using OpenSSL.
If you don't care about semantic security, then you can probably use any number of schemes. Mats gave you a couple of them. But they will leak information like a sieve and are probably trivial to break with simple techniques like frequency analysis.
You might want to read up on Fully Homomorphic Encryption and Somewhat Homomorphic Encryption schemes. If the scheme is built on a lattice, then the NTRU library might offer the scheme or a useful primitive. Shoup's NTL library might also offer the scheme or primitives. (I don't know because I don't use FHE or SHE schemes).
You should also talk to the folks on security.stackexchange.com or crypto.stackexchange.com.
I wrote a C++ program to retrieve some text data from MS-Active Directory and save them into a Sqlite3 database, however I have a problem, the utf-8 encoding.
According to some readings, data from active directory is UTF-8 encoded, but when reading from C++, it treats as a “wide char” (wchar_t) that Sqlite3 (which is utf-8 default) does not accept as UTF-8 because it uses only “char” into the parameter of its “sqlite3_bind_text” unless I use sqlite3_bind_text16, but I do not wish to do it because it increases the size of database.
I tried to convert from "wchar_t" to "char" using the function "wcstombs_s", but resulting data are not correct.
I read that the only way would be to use MultiByteToWideChar or WideCharToMultiByte, but I didn’t give a try because I read that the cost of convertion is quite expensive.
I would like to know if anybody of you had a similar situation and found a clean and effective solution for this matter.
Many Thanks!
Using sqlite3_bind_text16 on a database created with the UTF-8 encoding doesn't increase its size, the strings are converted on the fly to UTF-8.
See the paragraph "Support for UTF-8 and UTF-16" on this page.
is there some way to convert a base64 string into an image; in Visual C++? I got an image as a result of getting the image from an url, encoded as a base64 so, I need to get it back.
I'm really lost in this matter; I'm using Visual C++ 2010.
So far I've been digging about GDI+ but I don't know if it is correct.
Thanks.
Convert into bytes, convert bytes into bitmap, (optional) bitblt bitmap onto window.
How do I base64 encode (decode) in C?
How can I create an Image in GDI+ from a Base64-Encoded string in C++?
You need to know what type of image the resulting bytes are. Then you need to find an algorithm that can understand that, or just save the bytes as a file type (if it is already built with header info and everything).
If it's just a bitmap (like a MFC bitmap), you'll need a way to convert that into an image, if you intend to save it. If you just intend to display it and it's already a bitmap, then just use the GDI methods.
Boost is a great set of libraries when it comes C++ and it's documentation can be found here.
So we have a encode and decode supported by Boost.
A more detailed implementation of Boost Base64 encode-decode can be found here.
Another useful library is of Microsoft CPPRESTSDK, also known as Casablanca project. Under this they have defined a utility::conversion namespace which deals with all different type of encoding-decoding which one can come across while developing an API. Among this from_base64 (const utility::string_t &str), which can be used to decode the given base64 string to a byte array.