Crypto libs
-
I use Kellerman's crypto library, but for openssl I had to use the win32 openssl binaries because .net is a pain in the ass where ssl is concerned. All I wanted to do was verify a signature and could never finger out how to do it in .net (despite all appearances leading me to believe it was entirely possible).
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001I'm leaning towards OpenSSL partly because it's used so much. But I lilked the Crypto++ lib because it's in C++ and easy to incorporate/expand upon.
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
-
Jim Crafton wrote:
Has anyone dealt much with this?
Yes for many years before I started working in .net and didn't need it anymore. At a glance of OpenSSL it's for implementing SSL and TLS, you're comparing apples and oranges. Crypto++ is a complete library of pretty much anything encryption releated. Sorry but from your question and the two things involved I don't believe you've actually read up on them in any detail.
Cum catapultae proscriptae erunt tum soli proscripti catapultas habebunt
Actually OpenSSL has both cryptography and SSL/TLS implementation. It used for SSL/TLS, but to achieve this it supports all sorts of crypto algorithms, much like Crypto++ does. It's entirely possible to use the OpenSSL libs only for cryptographic functions, and not for SSL, so at that point you would be comparing apples to apples. Crypto++ seems like a nicer API and appears to be more extensible, but I don't know how much that really matters.
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
-
Actually OpenSSL has both cryptography and SSL/TLS implementation. It used for SSL/TLS, but to achieve this it supports all sorts of crypto algorithms, much like Crypto++ does. It's entirely possible to use the OpenSSL libs only for cryptographic functions, and not for SSL, so at that point you would be comparing apples to apples. Crypto++ seems like a nicer API and appears to be more extensible, but I don't know how much that really matters.
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
I apologize then, I did exactly what I accused you of doing, sorry. :) Wikipedia is clearly not the best source for detailed information on a lot of things, it gave the impression that OpenSSL was strictly about SSL and TLS. I do know Crypto++ from having written my own wrapper for it many years ago and using it in a few commercial apps. One thing I know about Crypto++ is it's been around forever and is very mature and well tested.
Cum catapultae proscriptae erunt tum soli proscripti catapultas habebunt
-
I apologize then, I did exactly what I accused you of doing, sorry. :) Wikipedia is clearly not the best source for detailed information on a lot of things, it gave the impression that OpenSSL was strictly about SSL and TLS. I do know Crypto++ from having written my own wrapper for it many years ago and using it in a few commercial apps. One thing I know about Crypto++ is it's been around forever and is very mature and well tested.
Cum catapultae proscriptae erunt tum soli proscripti catapultas habebunt
John Cardinal wrote:
Wikipedia is clearly not the best source for detailed information on a lot of things
Is that the sound of bursting bubbles I hear. ;P
Chris Meech I am Canadian. [heard in a local bar] Donate to help Conquer Cancer[^]
-
(I do not think this is a programming question per se - sue me if I'm wrong) If you wanted to create a small, easy to use, cross platform wrapper classes around common crypto functions and support SSL, things like MD5 hashing, DES encryption, and RSA pub/priv kets, etc how might you do it? Assuming a Win32 port first one approach would be to wrap the MS Win32 functions, but this obviously doens't help much for other platforms. The other, which I'm strongly leaning towards, is to use OpenSSL as the basis for wrapping. Yet another would be to use some other 3rd party library. I notice that alot of of Jeff Walton's article reference a 3rd part lib called Crypto ++ which implements alot of the cryptographic things I'd like, such as MD5, encryption, but not SSL. Has anyone dealt much with this? If I'm down to choosing between Crypto++ and OpenSSL which one might you pick?
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
i've used Crypto++ for years. it's huge, sparsely-documented, and is probably the pinnacle of obfuscation from abstract design. but, it's complete, and extremely powerful - if encryption is your goal, chances are it can do what you want. the tricky part is figuring out how to tell it to do what you want.
-
John Cardinal wrote:
Wikipedia is clearly not the best source for detailed information on a lot of things
Is that the sound of bursting bubbles I hear. ;P
Chris Meech I am Canadian. [heard in a local bar] Donate to help Conquer Cancer[^]
-
I apologize then, I did exactly what I accused you of doing, sorry. :) Wikipedia is clearly not the best source for detailed information on a lot of things, it gave the impression that OpenSSL was strictly about SSL and TLS. I do know Crypto++ from having written my own wrapper for it many years ago and using it in a few commercial apps. One thing I know about Crypto++ is it's been around forever and is very mature and well tested.
Cum catapultae proscriptae erunt tum soli proscripti catapultas habebunt
John Cardinal wrote:
Wikipedia is clearly not the best source for detailed information on a lot of things
And yet, if you want to know all about the Silver Surfer and the Fantastic Four, damn! :)
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
-
i've used Crypto++ for years. it's huge, sparsely-documented, and is probably the pinnacle of obfuscation from abstract design. but, it's complete, and extremely powerful - if encryption is your goal, chances are it can do what you want. the tricky part is figuring out how to tell it to do what you want.
Chris Losinger wrote:
the tricky part is figuring out how to tell it to do what you want.
The documentation itself is encrypted. Hahahahaha! Errr.. :doh:
"If you think of yourselves as helpless and ineffectual, it is certain that you will create a despotic government to be your master. The wise despot, therefore, maintains among his subjects a popular sense that they are helpless and ineffectual." - Frank Herbert
-
(I do not think this is a programming question per se - sue me if I'm wrong) If you wanted to create a small, easy to use, cross platform wrapper classes around common crypto functions and support SSL, things like MD5 hashing, DES encryption, and RSA pub/priv kets, etc how might you do it? Assuming a Win32 port first one approach would be to wrap the MS Win32 functions, but this obviously doens't help much for other platforms. The other, which I'm strongly leaning towards, is to use OpenSSL as the basis for wrapping. Yet another would be to use some other 3rd party library. I notice that alot of of Jeff Walton's article reference a 3rd part lib called Crypto ++ which implements alot of the cryptographic things I'd like, such as MD5, encryption, but not SSL. Has anyone dealt much with this? If I'm down to choosing between Crypto++ and OpenSSL which one might you pick?
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
Jim Crafton wrote:
Has anyone dealt much with this?
Yes, but if I told you I might have to... well you know the rest... :rolleyes: There is some issues at work for using free, so some projects want it, others I have to use commercial equivalents, so we tend to use a lot of wrappers. For the same reason one of our team came up with a great plug-in set. I'm in the 6 one way, half a dozen the other. I like both for different reasons. :) But I am not sure they cover the same uses. I would ask what you are trying to encrypt? do you need SSL streams? are you trying to encrypt your own data or communicate directly with another computer? Break it down into your physical use structure, what will you use it for, what will you use it on? who is the user of it? How about pulling both together so that you can encrypt just about everything under the sun and still do SSL communicaton streams?
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb)
-
Jim Crafton wrote:
Has anyone dealt much with this?
Yes, but if I told you I might have to... well you know the rest... :rolleyes: There is some issues at work for using free, so some projects want it, others I have to use commercial equivalents, so we tend to use a lot of wrappers. For the same reason one of our team came up with a great plug-in set. I'm in the 6 one way, half a dozen the other. I like both for different reasons. :) But I am not sure they cover the same uses. I would ask what you are trying to encrypt? do you need SSL streams? are you trying to encrypt your own data or communicate directly with another computer? Break it down into your physical use structure, what will you use it for, what will you use it on? who is the user of it? How about pulling both together so that you can encrypt just about everything under the sun and still do SSL communicaton streams?
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb)
I'm trying to wrap a new bit of kit for the VCF that supports SSL and encryption. Basically so we can add another "bullet point" for the various features that the the framework supports. The Qt framework does this using OpenSSL. So before I got too deep into I thought I'd ask others here what their experience had been. So I'm trying to package things up with a (hopefully) simple to use API. On top of this there may be a project at work where I will need to use SSL sockets for an app we have at work.
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
-
John Cardinal wrote:
Wikipedia is clearly not the best source for detailed information on a lot of things
And yet, if you want to know all about the Silver Surfer and the Fantastic Four, damn! :)
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
Jim Crafton wrote:
And yet, if you want to know all about the Silver Surfer and the Fantastic Four, damn!
But if you want to know about the Anasazi peoples, *I* could write something better, more current in historical discoveries, and I am "just" a bloody computer programmer!!
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb)
-
(I do not think this is a programming question per se - sue me if I'm wrong) If you wanted to create a small, easy to use, cross platform wrapper classes around common crypto functions and support SSL, things like MD5 hashing, DES encryption, and RSA pub/priv kets, etc how might you do it? Assuming a Win32 port first one approach would be to wrap the MS Win32 functions, but this obviously doens't help much for other platforms. The other, which I'm strongly leaning towards, is to use OpenSSL as the basis for wrapping. Yet another would be to use some other 3rd party library. I notice that alot of of Jeff Walton's article reference a 3rd part lib called Crypto ++ which implements alot of the cryptographic things I'd like, such as MD5, encryption, but not SSL. Has anyone dealt much with this? If I'm down to choosing between Crypto++ and OpenSSL which one might you pick?
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
Crypto++ has FIPS certified dll's, this is important for those that know what it means. http://www.codeproject.com/lounge.asp?msg=2222142&mode=all&userid=59123#xx2222142xx[^] Other libraries to look at: Botan: http://botan.randombit.net/[^] LibTomCrypt: http://www.libtom.org/[^] If supporting SSL is a big concern you will likely end up using OpenSSL. Trying to impliment SSL/TLS yourself, and getting it right, isn't trivial.
...cmk The idea that I can be presented with a problem, set out to logically solve it with the tools at hand, and wind up with a program that could not be legally used because someone else followed the same logical steps some years ago and filed for a patent on it is horrifying. - John Carmack
-
I'm leaning towards OpenSSL partly because it's used so much. But I lilked the Crypto++ lib because it's in C++ and easy to incorporate/expand upon.
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
OpenSSL is a very good library for encryption, ssl and some pki as well. It is being used almost everywhere. It is very easy to wrap in C++ because of its object oriented nature (even though its written in C). I have been able to wrap it up very close in the style of an excellent JAVA toolkit IAIK. I am using it for more than two years in many commercial applications and we have even one a project only because we were proposing OpenSSL in it. I dont have much idea of crypto++ so cant comment much on this library although i have plans to have a look at it :) My recommendation is that you will enjoy working in OpenSSL. Regards,
-
(I do not think this is a programming question per se - sue me if I'm wrong) If you wanted to create a small, easy to use, cross platform wrapper classes around common crypto functions and support SSL, things like MD5 hashing, DES encryption, and RSA pub/priv kets, etc how might you do it? Assuming a Win32 port first one approach would be to wrap the MS Win32 functions, but this obviously doens't help much for other platforms. The other, which I'm strongly leaning towards, is to use OpenSSL as the basis for wrapping. Yet another would be to use some other 3rd party library. I notice that alot of of Jeff Walton's article reference a 3rd part lib called Crypto ++ which implements alot of the cryptographic things I'd like, such as MD5, encryption, but not SSL. Has anyone dealt much with this? If I'm down to choosing between Crypto++ and OpenSSL which one might you pick?
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
Ghaaa... Yes those crypto libs are a big problem, but what about those bald face conservatives :)
MrPlankton
-
(I do not think this is a programming question per se - sue me if I'm wrong) If you wanted to create a small, easy to use, cross platform wrapper classes around common crypto functions and support SSL, things like MD5 hashing, DES encryption, and RSA pub/priv kets, etc how might you do it? Assuming a Win32 port first one approach would be to wrap the MS Win32 functions, but this obviously doens't help much for other platforms. The other, which I'm strongly leaning towards, is to use OpenSSL as the basis for wrapping. Yet another would be to use some other 3rd party library. I notice that alot of of Jeff Walton's article reference a 3rd part lib called Crypto ++ which implements alot of the cryptographic things I'd like, such as MD5, encryption, but not SSL. Has anyone dealt much with this? If I'm down to choosing between Crypto++ and OpenSSL which one might you pick?
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
I have used OpenSSL for a number of years on a project that runs on both Windows and Linux. As someone else has already said writing a wrapper is fairly easy. I, like you, originally looked at Crypto++ but OpenSSL had everything I needed and is widely used.
