|
Boost Users : |
Subject: Re: [Boost-users] boost.Iostream OpenSSL Filter
From: exocoder (exocoder_at_[hidden])
Date: 2012-08-08 16:47:08
Thank you Wil, Just been studying the example code in the link you
kindly provided. I notice though, that these examples encrypt the entire
file in memory before calling 'EVP_CipherFinal_ex( ... )'. My
understanding is that without calling this function, decryption of the
file will fail. I not sure how compatible this would be with a
boost.Iostream filter, which will write the encrypted data on the fly?
I guess I could just place the data into a memory buffer, and calling
EVP_CypherFinal_ex then writing the data when close is called, but this
feels like an ugly solution, that would break the expected operation of
an iostream.
On Wed, 2012-08-08 at 13:29 -0500, Will Mason wrote:
> Hello,
>
> On Wed, Aug 8, 2012 at 1:10 PM, exocoder <exocoder_at_[hidden]> wrote:
> Thank you for the info Neil,
> I am looking at the example that you pointed to, need to get
> my head around the issues of
> initialising/closing OpenSSL in the filter. It seems that
> every OpenSSL example uses a different
> interface :(
>
>
> I think the OpenSSL EVP interface is the one you
> want: http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#
>
>
> Cheers,
> Will
>
>
>
> Again Thank you for the advice.
>
> On Mon, 2012-08-06 at 15:40 -0600, Neil Nelson wrote:
> > exocoder,
> >
> > Upon just reading the docs at
> >
> >
> http://www.boost.org/doc/libs/1_50_0/libs/iostreams/doc/index.html
> >
> > and particularly
> >
> > 2.2.8. Multi-Character Filters
> >
> > It looks like you could take the code from the following
> page
> >
> >
> http://stackoverflow.com/questions/1007337/encrypting-and-decrypting-a-small-file-using-openssl
> >
> > with the critical line being
> >
> > AES_cfb128_encrypt(indata, outdata, bytes_read, &key,
> ivec, &num,
> > AES_ENCRYPT);
> >
> > that reads and writes to memory buffers. Two other aspects
> are: (1)
> > software using encryption is export restricted and you can
> research that
> > if needed for your application, (2) key management is likely
> the more
> > complicated part, and (3) use of initialization vectors
> (added random
> > bytes at the beginning of the input data).
> >
> > Neil Nelson
> >
> > > I am currently looking at using OpenSSL to write
> information to an
> > > encrypted file on-the-fly so to speak. I have been
> researching my
> > > options for doing this, and have come across the
> Boost.Iostream library,
> > > which promises to be a very elegant solution (The
> documentation even
> > > suggests that filters can be written to provide
> encryption/decryption
> > > using OpenSSL).
> > > It would seem that my best approach would be to use the
> BIO_f* interface
> > > to encrypt a memory buffer, which could be written by
> overloading
> > > write(). However the OpenSSL documentation is particularly
> sparse when
> > > it comes to file/memory encryption and I would appreciate
> any advice on
> > > how to do this.
> > > Thank you in advance for any help proffered.
> >
> > _______________________________________________
> > Boost-users mailing list
> > Boost-users_at_[hidden]
> > http://lists.boost.org/mailman/listinfo.cgi/boost-users
>
>
>
> _______________________________________________
> Boost-users mailing list
> Boost-users_at_[hidden]
> http://lists.boost.org/mailman/listinfo.cgi/boost-users
>
> _______________________________________________
> Boost-users mailing list
> Boost-users_at_[hidden]
> http://lists.boost.org/mailman/listinfo.cgi/boost-users
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net