C: DES Encryption problem_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-28 18:48 出处：网络

I was looking for examples how to encode stuff in C using DES cypher and openssl headers and I found this one: http://www.codealias.info/technotes/des_encryption_using_openssl_a_simple_example

The code is almost perfect but I'm not so expert in this stuff and my C knowledge in C is not so big since I use it on PIC and AVR micro controllers...

Anyway in the code:

printf("Clear text\t : %s \n",clear);
memcpy(encrypted,Encrypt(key,clear,sizeof(clear)), sizeof(clear));
printf("Encrypted text\t : %s \n",encrypted);
memcpy(decrypted,Decrypt(key,encrypted,sizeof(clear)), sizeof(clear));
printf("Decrypted text\t : %s \n",decrypted);

As you can see, sizeof开发者_如何学JAVA(clear) is used as the size of the string... the problem is that on the example we know the size of the text string... but when I'm sending this text over the network the other computer don't know it...

How can solve this issue... I don't understand so well why I need to have the size of the original string to decrypt :S

Thanks!!

The world is full of bad security systems designed by people who read Applied Cryptography.

Don't send your own 'encryptyed' stuff on wire. You're missing an HMAC, you're missing a key exchange protocol, you're missing a wire frame protocol (which is exactly the answer to your question 'how do I know the size'). Just use an off-the-shelf protocol like TLS/SSL. gnu-tls offers a easy to use API for SSL/TLS, openssl also supports it but is notoriously cumbersome to use. Whatever you do, don't start writing your own protocol, you'll come up with yet another broken 'encryption' protocol because of a bad key exchange or a 'optimized nonce' or a missing frame signature or whatever.

Here is a simple example using gnu-tls: Simple client example using the C++ API

In the implementations I have seen of DES, I only ever recall seeing plaintext and ciphertext of the same size. Wikipedia seems to confirm this. Since DES works on 64-bit chunks, that would make since as long as the code implementing DES properly pads the input to match those 64-bit boundaries. In fact, that's pretty much the definition of a block cipher (which is what DES is).

Thus I would wager you will see it work flawlessly with the other computer using the size of the encrypted text. A few tests of your own should be able to confirm this absolutely.

Also, I firmly agree with the Jeremy's comment that DES is a poor choice of encryption algorithm for most situations. Triple DES or AES are much better options.