On Wed, Aug 8, 2012 at 3:47 PM, exocoder
<exocoder@gmail.com> wrote:
Thank you Wil, Just been studying the example code in the link you
kindly provided. I notice though, that these examples encrypt the entire
file in memory before calling 'EVP_CipherFinal_ex( ... )'. My
understanding is that without calling this function, decryption of the
file will fail. I not sure how compatible this would be with a
boost.Iostream filter, which will write the encrypted data on the fly?
I guess I could just place the data into a memory buffer, and calling
EVP_CypherFinal_ex then writing the data when close is called, but this
feels like an ugly solution, that would break the expected operation of
an iostream.
You can't encrypt or decrypt anything with a block cipher without some kind of finalization of the operation. Finalizing on close seems appropriate. Otherwise, you'll have to use a stream cipher, like RC4, but that would really limit the capabilities of the filter.
Sorry for the delay, cheers,
Will
On Wed, 2012-08-08 at 13:29 -0500, Will Mason wrote:
> Hello,
>
> On Wed, Aug 8, 2012 at 1:10 PM, exocoder <exocoder@gmail.com> wrote:
> Thank you for the info Neil,
> I am looking at the example that you pointed to, need to get
> my head around the issues of
> initialising/closing OpenSSL in the filter. It seems that
> every OpenSSL example uses a different
> interface :(
>
>
> I think the OpenSSL EVP interface is the one you
> want: http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#
>
>
> Cheers,
> Will
>
>
>
> Again Thank you for the advice.
>
> On Mon, 2012-08-06 at 15:40 -0600, Neil Nelson wrote:
> > exocoder,
> >
> > Upon just reading the docs at
> >
> >
> http://www.boost.org/doc/libs/1_50_0/libs/iostreams/doc/index.html
> >
> > and particularly
> >
> > 2.2.8. Multi-Character Filters
> >
> > It looks like you could take the code from the following
> page
> >
> >
> http://stackoverflow.com/questions/1007337/encrypting-and-decrypting-a-small-file-using-openssl
> >
> > with the critical line being
> >
> > AES_cfb128_encrypt(indata, outdata, bytes_read, &key,
> ivec, &num,
> > AES_ENCRYPT);
> >
> > that reads and writes to memory buffers. Two other aspects
> are: (1)
> > software using encryption is export restricted and you can
> research that
> > if needed for your application, (2) key management is likely
> the more
> > complicated part, and (3) use of initialization vectors
> (added random
> > bytes at the beginning of the input data).
> >
> > Neil Nelson
> >
> > > I am currently looking at using OpenSSL to write
> information to an
> > > encrypted file on-the-fly so to speak. I have been
> researching my
> > > options for doing this, and have come across the
> Boost.Iostream library,
> > > which promises to be a very elegant solution (The
> documentation even
> > > suggests that filters can be written to provide
> encryption/decryption
> > > using OpenSSL).
> > > It would seem that my best approach would be to use the
> BIO_f* interface
> > > to encrypt a memory buffer, which could be written by
> overloading
> > > write(). However the OpenSSL documentation is particularly
> sparse when
> > > it comes to file/memory encryption and I would appreciate
> any advice on
> > > how to do this.
> > > Thank you in advance for any help proffered.
> >
> > _______________________________________________
> > Boost-users mailing list
> > Boost-users@lists.boost.org
> > http://lists.boost.org/mailman/listinfo.cgi/boost-users
>
>
>
> _______________________________________________
> Boost-users mailing list
> Boost-users@lists.boost.org
> http://lists.boost.org/mailman/listinfo.cgi/boost-users
>
> _______________________________________________
> Boost-users mailing list
> Boost-users@lists.boost.org
> http://lists.boost.org/mailman/listinfo.cgi/boost-users
_______________________________________________
Boost-users mailing list
Boost-users@lists.boost.org
http://lists.boost.org/mailman/listinfo.cgi/boost-users