Re: [Boost-users] boost.Iostream OpenSSL Filter

Hello, On Wed, Aug 8, 2012 at 3:47 PM, exocoder wrote:

Thank you Wil, Just been studying the example code in the link you kindly provided. I notice though, that these examples encrypt the entire file in memory before calling 'EVP_CipherFinal_ex( ... )'. My understanding is that without calling this function, decryption of the file will fail. I not sure how compatible this would be with a boost.Iostream filter, which will write the encrypted data on the fly?

I guess I could just place the data into a memory buffer, and calling EVP_CypherFinal_ex then writing the data when close is called, but this feels like an ugly solution, that would break the expected operation of an iostream.

You can't encrypt or decrypt anything with a block cipher without some kind of finalization of the operation. Finalizing on close seems appropriate. Otherwise, you'll have to use a stream cipher, like RC4, but that would really limit the capabilities of the filter. Sorry for the delay, cheers, Will

On Wed, 2012-08-08 at 13:29 -0500, Will Mason wrote:

...

Hello,

On Wed, Aug 8, 2012 at 1:10 PM, exocoder wrote: Thank you for the info Neil, I am looking at the example that you pointed to, need to get my head around the issues of initialising/closing OpenSSL in the filter. It seems that every OpenSSL example uses a different interface :(

I think the OpenSSL EVP interface is the one you want: http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#

Cheers, Will

Again Thank you for the advice.

On Mon, 2012-08-06 at 15:40 -0600, Neil Nelson wrote: > exocoder, > > Upon just reading the docs at > >

http://www.boost.org/doc/libs/1_50_0/libs/iostreams/doc/index.html

...

> > and particularly > > 2.2.8. Multi-Character Filters > > It looks like you could take the code from the following page > >

http://stackoverflow.com/questions/1007337/encrypting-and-decrypting-a-small...

...

> > with the critical line being > > AES_cfb128_encrypt(indata, outdata, bytes_read, &key, ivec, &num, > AES_ENCRYPT); > > that reads and writes to memory buffers. Two other aspects are: (1) > software using encryption is export restricted and you can research that > if needed for your application, (2) key management is likely the more > complicated part, and (3) use of initialization vectors (added random > bytes at the beginning of the input data). > > Neil Nelson > > > I am currently looking at using OpenSSL to write information to an > > encrypted file on-the-fly so to speak. I have been researching my > > options for doing this, and have come across the Boost.Iostream library, > > which promises to be a very elegant solution (The documentation even > > suggests that filters can be written to provide encryption/decryption > > using OpenSSL). > > It would seem that my best approach would be to use the BIO_f* interface > > to encrypt a memory buffer, which could be written by overloading > > write(). However the OpenSSL documentation is particularly sparse when > > it comes to file/memory encryption and I would appreciate any advice on > > how to do this. > > Thank you in advance for any help proffered. > > _______________________________________________ > Boost-users mailing list > Boost-users@lists.boost.org > http://lists.boost.org/mailman/listinfo.cgi/boost-users

_______________________________________________ Boost-users mailing list Boost-users@lists.boost.org http://lists.boost.org/mailman/listinfo.cgi/boost-users

_______________________________________________ Boost-users mailing list Boost-users@lists.boost.org http://lists.boost.org/mailman/listinfo.cgi/boost-users

_______________________________________________ Boost-users mailing list Boost-users@lists.boost.org http://lists.boost.org/mailman/listinfo.cgi/boost-users