1

I am writing an application which has an authenticity mechanism, using HMAC-sha1, plus a CBC-blowfish pass over the data for good measure. This requires 2 keys and one ivec.

I have looked at Crypto++ but the documentation is very poor (for example the HMAC documentation). So I am going oldschool and use Openssl. Whats the best way to generate and load these keys using library functions and tools ? I don't require a secure-socket therefore a x.509 certificate probably does not make sense, unless, of-course, I am missing something.

So, do I need to write my own config file, or is there any infrastructure in openssl for this ? If so, could you direct me to some documentation or examples for this.

Hassan Syed
  • 20,075
  • 11
  • 87
  • 171
  • Yeah the Crypto++ documentation is doxygen at best and vague ill fitting static html pages at worst. Which is a shame as when you (finally) figure out how to use it, it is a good library. – Konrad Mar 23 '10 at 10:21
  • Agreed, and to add to you comment, I used to think openssl was badly documented when I first used it, but compared to Crypto++ the source code layout and the function naming conventions are very intuitive and serve as good documentation. The mapping from texts on encryption and the library lost very little in translation. – Hassan Syed Mar 23 '10 at 10:36

2 Answers2

1

Although it doesn't answer your question directly, if you are looking at this as a method of copy protection for your program, the following related questions may make for interesting reading.

Community
  • 1
  • 1
Konrad
  • 39,751
  • 32
  • 78
  • 114
  • 1
    Thank you for the links, I will look at them. The system is for handing out login tokens, similar to Kerberos tokens, embedded into HTTP cookies. I personally would have just used Kerberos and webauth, instead of re-inventing the wheel, but I do what I am told :P – Hassan Syed Mar 23 '10 at 10:28
0

This is the solution I am going for atm. Unless of course someone comes up with a better one, or one that solves my specific problem.

I will put three files in /etc/acme/auth/file1 file2 and file3, binary files with randomly generates numbers for the 2 keys and the ivec, and do the same in windows but under c:\etc\acme\auth.

Hassan Syed
  • 20,075
  • 11
  • 87
  • 171
  • Can I suggest (for Windows) you use a subdirectory in your application directory? Nothing annoys me more than applications polluting my filesystem. :-) – Konrad Mar 23 '10 at 11:32
  • The library will be a nginx module, Perhaps I can place it under a directory relative to the nginx install location. I will have to investigate that further, in all likelihood the server will only run under linux. – Hassan Syed Mar 23 '10 at 11:36