5

I want to have a program like this:

scanf("%s", name);
scanf("%s", id);
scanf("%d", &age);

Now I want to write name, id and age to a file, but the file should be encrypted, so that only my program can read back the data it wrote.

Do I need to use one of the encryption libraries mentioned here (they all are pretty heavy duty libraries, I just need to encrypt a text file), or is there any other simpler method?

If an encryption library is the solution, which one is best suited for a simple text file encryption?

Community
  • 1
  • 1
Lazer
  • 90,700
  • 113
  • 281
  • 364
  • 3
    If you start with the encryption of files I recommend you to think also about where you should hold the password/key used for file encryption. – Oleg Aug 01 '10 at 13:31

6 Answers6

8

If you want security, it is a mistake to roll your own encryption library. Use a well established encryption library (even if it may seem bloated), and leave security and its proper implementation to the experts.

If you can use C++, I suggest Crypto++, and if you can't use C++, then I suggest you implement a C wrapper library around Crypto++. Another possibility is libcrypto, although it lacks support for AES.

I should warn you, though, that if the program and the text file are on the same machine, you will need to have the password supplied externally (e.g. by the user); passwords that are embedded in programs are easily extracted, and offer no security at all. If the program is inaccessible (e.g. it is located on a webserver, and someone with the text file won't have access to the executable), then it is ok.

Michael Aaron Safyan
  • 93,612
  • 16
  • 138
  • 200
3

Better use a symmetric-key algorithm, as AES. You can find small sourcecodes here for instance.

If your applications are critical, then you should use the libraries you linked to.

Wok
  • 4,956
  • 7
  • 42
  • 64
2

Do you need strong encryption? Do the people you are protecting the file from have access to the executable and have the skills to disassemble and analyse it? Do hey have cryptanalytic skills? If not, you can use very simple XOR-based cipher.

  1. Use a program to generate a LONG random string of characters, e.g "837es238aj983", but longer than any string you may read from input (it does not need to be readable).
  2. Generate a random integer.
  3. Store the random string and integer as global variables in your C program.
  4. XOR each age you read with your random integer and save the XORed value to the file.
  5. XOR each character in the strings you read from input with the character at the same index in your random string. Save the XORed value to the file.
  6. When you read the values from file, you XOR again with your random keys and obtain the original values.
Mau
  • 14,234
  • 2
  • 31
  • 52
  • 6
    -1. Don't implement your own crypto, ever. If you need it to be secure, use real crypto. If you don't need it to be secure, don't encrypt it in the first place. – SecurityMatt Jan 02 '13 at 12:52
0

If you're using Windows, consider using the Windows Encryption APIs which are available from both C and C++:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa382358(v=vs.85).aspx

SecurityMatt
  • 6,593
  • 1
  • 22
  • 28
0

For a simple text file that you read / write in one go I'd use a stream cipher, e.g. RC4.

Assuming you're using an embedded secret key RC4 is easy enough to implement yourself, or there should be plenty of lightweight implementations out there.

Rup
  • 33,765
  • 9
  • 83
  • 112
  • But how would you consume the IV? That's quite difficult with RC4. – CodesInChaos Jan 02 '13 at 13:11
  • You typically combine the IV with the password or other shared secret in the input for the key generation step, e.g. either append or prepend it to the password. – Rup Jan 04 '13 at 07:57
-3
Public Class Tester
    Public Shared Sub Main()
        Try
            Dim myDESProvider As DESCryptoServiceProvider = New DESCryptoServiceProvider()
            myDESProvider.Key = ASCIIEncoding.ASCII.GetBytes("12345678")
            myDESProvider.IV = ASCIIEncoding.ASCII.GetBytes("12345678")
            Dim myICryptoTransform As ICryptoTransform = myDESProvider.CreateEncryptor(myDESProvider.Key, myDESProvider.IV)
            Dim ProcessFileStream As FileStream = New FileStream("Encrypted.txt", FileMode.Open, FileAccess.Read)
            Dim ResultFileStream As FileStream = New FileStream("Decrypted.txt", FileMode.Create, FileAccess.Write)
            Dim myCryptoStream As CryptoStream = New CryptoStream(ResultFileStream, myICryptoTransform, CryptoStreamMode.Write)
            Dim bytearrayinput(ProcessFileStream.Length - 1) As Byte
            ProcessFileStream.Read(bytearrayinput, 0, bytearrayinput.Length)
            myCryptoStream.Write(bytearrayinput, 0, bytearrayinput.Length)
            myCryptoStream.Close()
            ProcessFileStream.Close()
            ResultFileStream.Close()
         Catch ex As Exception
            Console.WriteLine(ex.Message)
        End Try
        Console.ReadLine()
    End Sub
End Class
David Buck
  • 3,752
  • 35
  • 31
  • 35
Solomon Hg
  • 1
  • While this code may solve the question, [including an explanation](https://meta.stackexchange.com/q/114762) of how and why this solves the problem would really help to improve the quality of your post, and probably result in more up-votes. Remember that you are answering the question for readers in the future, not just the person asking now. Please edit your answer to add explanations and give an indication of what limitations and assumptions apply. – David Buck Mar 24 '20 at 14:38