Menu
I want to be able to sign a file. By that I mean that the recipient can check that the file is indeed from me and can view its content. Is there any simple way to do that in C++?
I just had a look at the PGP article on Wikipedia but they lost me somewhere in the middle of "hashing, data compression, symmetric-key cryptography, and, finally, public-key cryptography". Ideally, I would like a library which has a function signString(string, privateykey) and the recipient would have function readSignedString(string, publickey). Any suggestion?
Edit:
I'm not sure I'm using the right approach, so here is what I'm trying to do:
I want to implement some simple piracy protection in my desktop application. So when the user buy a license, I send them a signed file containing their name and email. The user then install the file and the app reads it: it checks the signature validity and displays the name/email (in the About box). To make sure that crackers cannot generate these files, I need to make sure that the key to decrypt the file is not the same as the one to encrypt it. Is there any simple way to implement this?
958
Modern cryptographic algorithms can be implemented using dedicated cryptographic hardware or software running on general-purpose hardware. For various reasons, dedicated cryptographic hardware provides a better solution for most applications.
Public key cryptography involves a pair of keys known as a public key and a private key (a public key pair), which are associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data. Each public key is published and the corresponding private key is kept secret.
The public key algorithms in use today are: Rivest-Shamir-Adleman (RSA) Elliptic Curve Digital Signature Algorithm (ECDSA) Digital Signature Algorithm (DSA)
OpenSSL is almost what you need. It doesn't have two such functions, but it's almost as easy. First of all, every digital signature requires a hash algorithm. The reason is that you don't encrypt the file, you only encrypt the file hash (it would take too long to verify otherwise).
With OpenSSL you can use something like this:
#include <openssl/evp.h>
EVP_MD_CTX ctx;
unsigned char signature[SIGNATURE_LEN];
int signature_len;
EVP_SignInit(&ctx, EVP_sha1());
EVP_SignUpdate(&ctx, data, size);
EVP_SignFinal(&ctx, signature, &signature_len, pkey);
And pretty much the same for validating the signature, only using EVP_ValidateInit, EVP_ValidateUpdate and EVP_ValidateFinal. The last function returns 0/1 to say whether validation succeeded or not.
You still need to get the key into the application, there are quite a few functions to do that, depending on where you read it from (file/memory/certificate etc.)
104
You can also use Keyczar for encrypting and decrypting your file.
But actually you can't crack-proof your program like this, It makes it harder, but crackers can disassemble your program, find the function that checks the validity of those signed files, and change it to accept any kinds of files.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
