0

If I was going to encrypt a byte array maybe using AES or DES. I know how I'd do it in C#, but not C++. Any help would be greatly, appreciated, thanks.

Kraz
  • 13
  • 6
  • Perhaps post your c# code – Grantly Jul 18 '15 at 13:36
  • 2
    Do you want to implement AES yourself(lacks of testing, not recommended) or use a 3rd party library (crypto, openssl, etc)? Narrow down the scope, read their manual and example and ask if you still have question. – Non-maskable Interrupt Jul 18 '15 at 13:47
  • I'd prefer if it was possible without using a library :/ – Kraz Jul 18 '15 at 14:35
  • please refer to the below link for the detailed discussion http://stackoverflow.com/questions/2489379/encrypt-decrypt-with-aes-using-c-c – Validus Oculus Jul 18 '15 at 15:32
  • Sure it is possible to do it yourself without library. However I would advice against doing so except for education purpose. It's not funny, and you really want a security routine to be rock solid, tested against all sort of implementation errors and conner cases, and meet the standards (e.g. padding). – Non-maskable Interrupt Jul 18 '15 at 16:44

1 Answers1

1

Against rolling your own encryption on production code

You'd prefer not using any library, here you can find the official AES (Rijndael) specifications.
They are quite concise and simple, you have got to have, of course, the minimal mathematical background for developing encryption schemes. In this case the Finite Fields will do.

Let me kindly warn you about this choice of your unless you are doing it for studying how ciphers work.
An encryption algorithm is most of the time useless, you need an encryption scheme.
For example without also implementing a CBC chaining, you are basically doing nothing.
So you also have to implement the block cipher mode.

It takes a lot of time, but most importantly: you absolutely have to fully understand, mathematically and programmatically (even at a lower level) every aspect of the algorithm.
You may swap two instruction or perform a simple innocent optimization and your whole scheme is broken. Think of Heartbleed.

Libraries like OpenSSL do encryption since a long time ago, they really know what they are doing.
Furthermore such libraries are easy to use!

Community
  • 1
  • 1