DefaultEncryptorWithMAC
Documentation |
#include <cryptopp/default.h>
|
DefaultEncryptorWithMAC is a class for encrypting and decrypting data with an authentication tag to detect tampering. The counterpart to DefaultEncryptorWithMAC
is DefaultDecryptorWithMAC
.
Algorithms
Crypto++ 6.0 and above DefaultEncryptorWithMAC uses AES as the default encryptor and SHA256 as the default hash for the MAC. The block ciper is operated in CBC Mode. Crypto++ 5.6.5 and below DefaultEncryptorWithMAC uses 2-key Triple DES as the default encryptor (i.e., DES_EDE2
), and SHA1 as the default hash for the MAC. The block ciper is operated in CBC Mode. If you are using Crypto++ 6.0 then LegacyEncryptorWithMAC provides the old interop.
The password is mashed rather than derived using a Password Based Key Derivation Function. Each run through the DefaultEncryptorWithMAC produces a different result due to the use of a salt based on time
and clock
. If you perform two encryptions in quick succession it is possible to reuse a salt which is usually bad for security.
You can change the default ciphers. To do so, locate the following around line 12 in default.h and change it to whatever you like, like:
typedef Camellia Default_BlockCipher; typedef Whirlpool DefaultHashModule; typedef HMAC<DefaultHashModule> DefaultMAC;
Constructors
DefaultEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL);
DefaultEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL);
const char *passphrase
- the password as a NULL
terminated c-string.
const byte *passphrase
- the password as a byte array.
size_t passphraseLength
- the lenght of the password's byte array.
BufferedTransformation *attachment
- an attached transformation, such as a Filter or Sink. Use NULL
if there is no filter or sink.
Encrypting a String
The following encrypts and decrypts a string.
string message = "Now is the time for all good men to come to the aide of their country"; string password = "super secret password"; string encrypted, decrypted; cout << "Message: " << message << endl; cout << "Password: " << password << endl; StringSource ss1(message, true, new DefaultEncryptorWithMAC( (byte*)&password[0], password.size(), new HexEncoder( new StringSink(encrypted) ) ) ); cout << "Encrypted: " << encrypted << endl; StringSource ss2(encrypted, true, new HexDecoder( new DefaultDecryptorWithMAC( (byte*)&password[0], password.size(), new StringSink(decrypted) ) ) ); cout << "Decrypted: " << decrypted << endl;
A typical run of the program is below. The output will differ between runs due to the use of a salt based on time
and clock
.
$ ./cryptopp-test.exe Message: Now is the time for all good men to come to the aide of their country Password: super secret password Encrypted: D8667AC7F6037B8577CCB9D75D2B9DE9166ED7286A3DFCF2BD6D07037864614C950D0D5DA9BAA658 D0D1E5CEB38C24D372F8C5B010335DB583676AA3FA31EB0C2CEC018F0AE0ACBE8F216B241B99DD0C C41D0E7B7CACFDDFEBDFE61F6A3CCB15E08E6E23078A49A90BDC95360C4AF3A5 Decrypted: Now is the time for all good men to come to the aide of their country
Encrypting a File
Encrypting a file is not much different than encrypting a string - you just have to use a FileSource rather than a StringSource. The following encrypts and decrypts the same string of text, but does so from a file named secret-message.txt
.
$ cat secret-message.txt Now is the time for all good men to come to the aide of their country
The program below stores the result of its operations in a string via a StringSink. To save the contents to a file, simply use a FileSink.
string password = "super secret password"; string encrypted, decrypted; cout << "Password: " << password << endl; FileSource fs1("./secret-message.txt", true, new DefaultEncryptorWithMAC( (byte*)&password[0], password.size(), new HexEncoder( new StringSink(encrypted) ) ) ); cout << "Encrypted: " << encrypted << endl; StringSource ss1(encrypted, true, new HexDecoder( new DefaultDecryptorWithMAC( (byte*)&password[0], password.size(), new StringSink(decrypted) ) ) ); cout << "Decrypted: " << decrypted << endl;
A typical run of the program is below.
$ ./cryptopp-test.exe Password: super secret password Encrypted: C96C79081BD217729DA63EF799BB75AB5CE375A0517E20F950FD87ECB8847246BB84D1C40A5B3C66 964B6267C0B0DC7DA91744A32BDFDFF9BCEE677CAD53593B519D9BC4F06EC26AE94E8DBEC39BAC15 C41094BBF4097955785A7FE78C4CA6E2C278CBCE1C955DAF4850F20649AE2D4E Decrypted: Now is the time for all good men to come to the aide of their country
Downloads
cryptopp-default-encryptor-test.zip - Example of DefaultEncryptorWithMAC and DefaultDecryptorWithMAC