RSA and DES encryption and decryption with C++ on Windows

John Alway jalway at gmail.com
Sun Apr 10 18:55:41 UTC 2022


Thank you and Kenneth for your replies.

I was given this task by someone with all of these specifics, including the
site to download the library.  Most of the terminology about encryption I'm
not familiar with, but I'm learning.   I've passed both of your posts and
the wisdom in them on to him to see what he wants to do next.       Thanks
again!

Regards,
...John

<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Virus-free.
www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

On Sun, Apr 10, 2022 at 10:38 AM Michael Wojcik <
Michael.Wojcik at microfocus.com> wrote:

> > From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of
> John Alway
> > Sent: Saturday, 9 April, 2022 19:45
>
> > From this site https://slproweb.com/products/Win32OpenSSL.html
> >  I downloaded " Win32 OpenSSL v3.0.2" MSI
>
> Well, I suppose that's one option. Personally I would not use a build from
> some random website; I'd build it myself, after verifying the signature on
> the tarball.
>
> > Anyway, the long and short of it is that I am having a bear of a time
> getting things
> > to work.  I did get base64 coding/encoding working, and I was able to
> get
> > this guys example working: ...
> > However, his second example ... only half worked for me.  The
> encryption worked, but
> > the decryption threw an error in EVP_DecryptFinal_ex, where it returned
> error code
> > 0.
>
> (Writing code based on videos? Seems baffling to me. Anyway...)
>
> Many examples of using OpenSSL you might find online are not of
> particularly good quality. Many examples will be for older OpenSSL
> releases; the API has changed periodically.
>
> I recommend you use a decent source, such as the OpenSSL Wiki, which can
> be found by going to openssl.org and looking around. (I'm not digging up
> a link because this will be a good exercise.) The wiki is haphazard and of
> mixed quality, which of course is the nature of a wiki, but at least much
> of it has been examined by people with some measure of OpenSSL experience.
>
> > Anyway, I'm trying to encrypt/decrypt using RSA and DES schemes.  I've
> tried some of
> > the older code examples I could find, but some of the functions weren't
> recognized by
> > my header files.
>
> Kenneth Goldman has already pointed out that your choice of encryption
> algorithms is suspect. To that I'd add:
>
> - RSA as an asymmetric cipher is no longer preferred. It's useful
> primarily when you need to support peers who don't do anything better. That
> might be true in your case, but you've failed to tell us anything about
> your use case. That's a significant omission. When posting to
> openssl-users, it's almost always a good idea to explain your use case.
>
> - DES is only useful if you have to support it for backward compatibility,
> or for academic interest.
>
> - A cryptosystem is not just a cryptographic algorithm (which is what RSA
> and DES are; they are not "schemes", which suggests something more
> complete). It is very easy to misuse cryptographic algorithms in ways which
> defeat security for all but the most naive attacks. If you're not a
> cryptographer, you should not create your own cryptosystems, even using
> well-known algorithms, except for experimentation or learning purposes.
> Don't use homemade cryptosystems in production.
>
> - If all you want is to encrypt some data, and do ... something ... with
> asymmetric crypography, and you're running on Windows, then why are you
> using OpenSSL? OpenSSL is a reasonably good choice for a cryptographic
> library if you're on Linux or UNIX, or you need to be cross-platform. If
> you're only working with Windows, it's come with cryptographic APIs since
> at least the Windows XP days. Those are designed to be convenient for
> Windows developers, and you get OS key management in the bargain.
>
> > Can anyone help me with this?  I want to encrypt fairly long strings.  A
> few hundred
> > bytes or so.   Maybe longer.
>
> Those aren't "long" for symmetric-encryption purposes. They may start to
> be troublesome for asymmetric encryption, but if you're encrypting
> application data asymmetrically you're Doing It Wrong anyway.
>
> >  If I can do a continuous stream of blocks that would be great, as well.
>
> "A continuous stream of blocks" could mean any number of things. To a
> first approximation, of course you can; but there isn't enough information
> here for us to discern what you're actually trying to do.
>
> > Also, is there an efficient way to search this email list?  I was trying
> to search
> > for similar questions but wasn't able.
>
> Possibly your questions are too broad and vague? There will be many
> discussions of encryption, for example.
>
> If you need to use cryptography, it really helps to either use an API with
> high-level abstractions to minimize what might go wrong; or learn the
> basics of modern cryptography first, e.g. from a book like /Applied
> Cryptography/ or /Cryptographic Engineering/, before wading into writing
> code. Modern cryptography is complicated and easy to get wrong. I've seen
> plenty of cases where someone uses a cipher in a way that's obviously
> broken even to someone with only moderate practical experience in the field.
>
> > I guess I could use google and the email list name?
>
> I've never had a problem just using a web search engine (DDG, in my case)
> to search for past discussions on the list. It's not impossible that
> someone has a searchable archive of it somewhere. (I also save messages
> that seem like they might be particularly useful, but to be honest I rarely
> refer to my own collection because a web search generally finds what I
> need.)
>
> --
> Michael Wojcik
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220410/d96af756/attachment.htm>


More information about the openssl-users mailing list