Re: [Boost-users] boost.Iostream OpenSSL Filter

8 Aug 2012

      Thank you Wil, Just been studying the example code in the link you
kindly provided. I notice though, that these examples encrypt the entire
file in memory before calling 'EVP_CipherFinal_ex( ... )'. My
understanding is that without calling this function, decryption of the
file will fail. I not sure how compatible this would be with a
boost.Iostream filter, which will write the encrypted data on the fly?

I guess I could just place the data into a memory buffer, and calling
EVP_CypherFinal_ex then writing the data when close is called, but this
feels like an ugly solution, that would break the expected operation of
an iostream.

On Wed, 2012-08-08 at 13:29 -0500, Will Mason wrote:
...
Hello,
On Wed, Aug 8, 2012 at 1:10 PM, exocoder  wrote:
        Thank you for the info Neil,
        I am looking at the example that you pointed to, need to get
        my head around the issues of
        initialising/closing OpenSSL in the filter. It seems that
        every OpenSSL example uses a different
        interface :(
I think the OpenSSL EVP interface is the one you
want: http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#
Cheers,
Will
Again Thank you for the advice.
On Mon, 2012-08-06 at 15:40 -0600, Neil Nelson wrote:
        > exocoder,
        >
        > Upon just reading the docs at
        >
        >
        http://www.boost.org/doc/libs/1_50_0/libs/iostreams/doc/index.html
        >
        > and particularly
        >
        >      2.2.8. Multi-Character Filters
        >
        > It looks like you could take the code from the following
        page
        >
        >
        http://stackoverflow.com/questions/1007337/encrypting-and-decrypting-a-small...
        >
        > with the critical line being
        >
        >      AES_cfb128_encrypt(indata, outdata, bytes_read, &key,
        ivec, &num,
        > AES_ENCRYPT);
        >
        > that reads and writes to memory buffers. Two other aspects
        are: (1)
        > software using encryption is export restricted and you can
        research that
        > if needed for your application, (2) key management is likely
        the more
        > complicated part, and (3) use of initialization vectors
        (added random
        > bytes at the beginning of the input data).
        >
        > Neil Nelson
        >
        > > I am currently looking at using OpenSSL to write
        information to an
        > > encrypted file on-the-fly so to speak. I have been
        researching my
        > > options for doing this, and have come across the
        Boost.Iostream library,
        > > which promises to be a very elegant solution (The
        documentation even
        > > suggests that filters can be written to provide
        encryption/decryption
        > > using OpenSSL).
        > > It would seem that my best approach would be to use the
        BIO_f* interface
        > > to encrypt a memory buffer, which could be written by
        overloading
        > > write(). However the OpenSSL documentation is particularly
        sparse when
        > > it comes to file/memory encryption and I would appreciate
        any advice on
        > > how to do this.
        > > Thank you in advance for any help proffered.
        >
        > _______________________________________________
        > Boost-users mailing list
        > Boost-users@lists.boost.org
        > http://lists.boost.org/mailman/listinfo.cgi/boost-users
_______________________________________________
        Boost-users mailing list
        Boost-users@lists.boost.org
        http://lists.boost.org/mailman/listinfo.cgi/boost-users
_______________________________________________
Boost-users mailing list
Boost-users@lists.boost.org
http://lists.boost.org/mailman/listinfo.cgi/boost-users