is any documentation for programmers?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

is any documentation for programmers?

cy pher
Hi!

I'm newbie at using openssl libs, and i need a documantation where i can
read about the function of libssl,
for example: i want to use aes for message encrypting, and i have to
know things like what length of key can i use..
I tried some keys and i found that the key length must be 16 or 32bytes,
but i'm not sure about things what i found out..
So if there is any online documentation of using libssh in programming
in c, please somebody tell me, where can i find it.

Thanks.
CyPher
--
  cy pher
  [hidden email]

--
http://www.fastmail.fm - Same, same, but different…

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: is any documentation for programmers?

Marek.Marcola
Hello,
> I'm newbie at using openssl libs, and i need a documantation where i can
> read about the function of libssl,
> for example: i want to use aes for message encrypting, and i have to
> know things like what length of key can i use..
> I tried some keys and i found that the key length must be 16 or 32bytes,
> but i'm not sure about things what i found out..
> So if there is any online documentation of using libssh in programming
> in c, please somebody tell me, where can i find it.

O'Reilly: Secure Programming Cookbook for C and C++

It is not online and not free ...
but is very good and You will find there answers to your questions.
Worth to buy.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: is any documentation for programmers?

Alexis Lefort
Hi,

There is another book from O'Reilly: "Network Security with OpenSSL", from John Viega, Matt Messier and Pravir Chandra.

Hope it will help ;)

Marek Marcola a écrit :
Hello,
  
I'm newbie at using openssl libs, and i need a documantation where i can
read about the function of libssl,
for example: i want to use aes for message encrypting, and i have to
know things like what length of key can i use..
I tried some keys and i found that the key length must be 16 or 32bytes,
but i'm not sure about things what i found out..
So if there is any online documentation of using libssh in programming
in c, please somebody tell me, where can i find it.
    

O'Reilly: Secure Programming Cookbook for C and C++

It is not online and not free ...
but is very good and You will find there answers to your questions.
Worth to buy.

Best regards,
  

-- 
Alexis Lefort
Ingenieur departement etudes
Tel: +33 (0)2 37 62 88 88
Fax: +33 (0)2 37 62 88 01
CXR - Rue de l'Ornette - 28410 ABONDANT
[hidden email]
http://cxr.anderson-jacobson.com/

Ce message et toutes les pièces jointes sont confidentiels et établis a l'intention exclusive de ses destinataires. Toute modification, édition, utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. CXR Anderson Jacobson décline toute responsabilité au titre de ce message s'il a été altéré, déformé, falsifié, édité ou diffusé sans autorisation. This message and any attachments are confidential and intended solely for the addressees. Any unauthorised alteration, printing, use or dissemination is prohibited. E-mails are susceptible to alteration. CXR Anderson Jacobson shall not be liable for the message if altered, changed, falsified, printed or disseminated without authorisation.
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: is any documentation for programmers?

cy pher
Until i buy one of the books i have a question, which may be very easy
to you, but, now i really need the ansver:

i want to encrypt and decrypt strings, now i'm using the ecb encryption
of openssl/aes.h
and it looks the encrypted block length depends on the key, or the
encrypted msg has an \0 in.
i have to know the length of the block to base64 encode it.
So if i encrypt my "utopia" test string with unsigned char
key[32]="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb";
strlen(encryptedmsg) returns 11 while if i use 32byte of "a" unsigned
char strlen(encryptedmsg); returns 16.
Does really depends the blocksize on password, or strlen is not a good
way to know the blocksize? anyway, if i don't use my base 64 function it
works fine,
and if the pass is 32byte of "a" char i get 16 byte result which i can
encode withe base64 and decode fine.
BUT if i use the key "bbbbbbb..." my base64 encode fails when i try to
encode and decode 11byte and fails when i try to encode and decode 16
bytes.
I think the block size must be fix 16byte unsigned char, and then strlen
is not usable with the encoded text, and my base64 is buggy.
Do anyone know any lib which have base64 functions to encode and decode
string (char array)?

Thanks, and sorry for looking lame, my english is bad, thats why i looks
like an idiot after my mail :))
CyPher




On Fri, 21 Apr 2006 14:36:37 +0200, "Alexis Lefort"
<[hidden email]> said:

>
> Hi,
> There is another book from O'Reilly: "Network Security with OpenSSL",
> from John Viega, Matt Messier and Pravir Chandra.
> Hope it will help ;)
> Marek Marcola a écrit :
>
> Hello,
>
>
> I'm newbie at using openssl libs, and i need a documantation where i can
> read about the function of libssl,
> for example: i want to use aes for message encrypting, and i have to
> know things like what length of key can i use..
> I tried some keys and i found that the key length must be 16 or 32bytes,
> but i'm not sure about things what i found out..
> So if there is any online documentation of using libssh in programming
> in c, please somebody tell me, where can i find it.
>
>
> O'Reilly: Secure Programming Cookbook for C and C++
>
> It is not online and not free ...
> but is very good and You will find there answers to your questions.
> Worth to buy.
>
> Best regards,
>
>
> --
> Alexis Lefort
> Ingenieur departement etudes
> Tel: +33 (0)2 37 62 88 88
> Fax: +33 (0)2 37 62 88 01
> CXR - Rue de l'Ornette - 28410 ABONDANT
> [1][hidden email]
> [2]http://cxr.anderson-jacobson.com/
>
> Ce message et toutes les pièces jointes sont confidentiels et établis a
> l'intention exclusive de ses destinataires. Toute modification, édition,
> utilisation ou diffusion non autorisée est interdite. Tout message
> électronique est susceptible d'altération. CXR Anderson Jacobson décline
> toute responsabilité au titre de ce message s'il a été altéré, déformé,
> falsifié, édité ou diffusé sans autorisation. This message and any
> attachments are confidential and intended solely for the addressees. Any
> unauthorised alteration, printing, use or dissemination is prohibited.
> E-mails are susceptible to alteration. CXR Anderson Jacobson shall not be
> liable for the message if altered, changed, falsified, printed or
> disseminated without authorisation.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org User Support Mailing List
> [hidden email] Automated List Manager [hidden email]
>
> References
>
> 1. mailto:[hidden email]
> 2. http://cxr.anderson-jacobson.com/
--
  cy pher
  [hidden email]

--
http://www.fastmail.fm - The professional email service

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: is any documentation for programmers?

Chris Fowler-2
This may or may not be a useful example:

static int
rn_crypto_bulk(char *buffer, char *out, BF_KEY *key, int cmd, size_t
len) {
  int c = 0;          // Temp counter
  char tmp[8] = { 0 };        // Temp buffer
  char *ptr = out;    // Pointer to out buffer


  while(c < len)
  {
    // Perfomr the encryption or decryption operation
    // and place the results in tmp  buffer;
    BF_ecb_encrypt(buffer + c , tmp, key, cmd);

    // If we are near the end of our buffer then
    // process the remaining characters and break out.
    if((len - c) < 8)
    {
      int ii;

      for(ii = 0; ii != (len  - c); ii++)
        *ptr++ = tmp[ii];

      break;
    }
    else // Full 8 characters
    {
      *ptr++ = tmp[0];
      *ptr++ = tmp[1];
      *ptr++ = tmp[2];
      *ptr++ = tmp[3];
      *ptr++ = tmp[4];
      *ptr++ = tmp[5];
      *ptr++ = tmp[6];
      *ptr++ = tmp[7];
    }

    // Increment buffer by 8
    c += 8;
   
  }

  return 0;
}
unsigned char *
rn_crypto_encrypt(void *data, size_t len, const char *k) {
  char *ptr = (char *)data;
  char *out, *optr;
  BF_KEY key;

  if(data == NULL || k == NULL || len == 0) {
    errno = EINVAL;
    return NULL;
  }


  // Setup our key
  BF_set_key(&key, strlen(k), k);

  // Create our output space
  if((out = (char *)malloc(len + 1)) == NULL) {
    return NULL;
  }
 
  optr = out;


  // Do the encryption
  rn_crypto_bulk(ptr, optr, &key, BF_ENCRYPT, len);
 
  return out;
}

unsigned char *
rn_crypto_decrypt(char *data, size_t len, const char *k) {
  char *ptr = data;
  unsigned char *out;
  char *optr;
  BF_KEY key;


  // Check out parameters and make sure they are valie
  if(data == NULL || k == NULL || len == 0) {
    errno = EINVAL;
    return NULL;
  }
 
  // Setup our key
  BF_set_key(&key, strlen(k), k);
 
  // Create our output space
  out = (unsigned char *)malloc(len);
  optr = (char *)out;


  rn_crypto_bulk(ptr, optr, &key, BF_DECRYPT, len);
 
  return out;
}

This is just an abstraction using Blowfish.


On Fri, 2006-04-21 at 10:27 -0700, cy pher wrote:

> Until i buy one of the books i have a question, which may be very easy
> to you, but, now i really need the ansver:
>
> i want to encrypt and decrypt strings, now i'm using the ecb encryption
> of openssl/aes.h
> and it looks the encrypted block length depends on the key, or the
> encrypted msg has an \0 in.
> i have to know the length of the block to base64 encode it.
> So if i encrypt my "utopia" test string with unsigned char
> key[32]="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb";
> strlen(encryptedmsg) returns 11 while if i use 32byte of "a" unsigned
> char strlen(encryptedmsg); returns 16.
> Does really depends the blocksize on password, or strlen is not a good
> way to know the blocksize? anyway, if i don't use my base 64 function it
> works fine,
> and if the pass is 32byte of "a" char i get 16 byte result which i can
> encode withe base64 and decode fine.
> BUT if i use the key "bbbbbbb..." my base64 encode fails when i try to
> encode and decode 11byte and fails when i try to encode and decode 16
> bytes.
> I think the block size must be fix 16byte unsigned char, and then strlen
> is not usable with the encoded text, and my base64 is buggy.
> Do anyone know any lib which have base64 functions to encode and decode
> string (char array)?
>
> Thanks, and sorry for looking lame, my english is bad, thats why i looks
> like an idiot after my mail :))
> CyPher
>
>
>
>
> On Fri, 21 Apr 2006 14:36:37 +0200, "Alexis Lefort"
> <[hidden email]> said:
> >
> > Hi,
> > There is another book from O'Reilly: "Network Security with OpenSSL",
> > from John Viega, Matt Messier and Pravir Chandra.
> > Hope it will help ;)
> > Marek Marcola a écrit :
> >
> > Hello,
> >
> >
> > I'm newbie at using openssl libs, and i need a documantation where i can
> > read about the function of libssl,
> > for example: i want to use aes for message encrypting, and i have to
> > know things like what length of key can i use..
> > I tried some keys and i found that the key length must be 16 or 32bytes,
> > but i'm not sure about things what i found out..
> > So if there is any online documentation of using libssh in programming
> > in c, please somebody tell me, where can i find it.
> >
> >
> > O'Reilly: Secure Programming Cookbook for C and C++
> >
> > It is not online and not free ...
> > but is very good and You will find there answers to your questions.
> > Worth to buy.
> >
> > Best regards,
> >
> >
> > --
> > Alexis Lefort
> > Ingenieur departement etudes
> > Tel: +33 (0)2 37 62 88 88
> > Fax: +33 (0)2 37 62 88 01
> > CXR - Rue de l'Ornette - 28410 ABONDANT
> > [1][hidden email]
> > [2]http://cxr.anderson-jacobson.com/
> >
> > Ce message et toutes les pièces jointes sont confidentiels et établis a
> > l'intention exclusive de ses destinataires. Toute modification, édition,
> > utilisation ou diffusion non autorisée est interdite. Tout message
> > électronique est susceptible d'altération. CXR Anderson Jacobson décline
> > toute responsabilité au titre de ce message s'il a été altéré, déformé,
> > falsifié, édité ou diffusé sans autorisation. This message and any
> > attachments are confidential and intended solely for the addressees. Any
> > unauthorised alteration, printing, use or dissemination is prohibited.
> > E-mails are susceptible to alteration. CXR Anderson Jacobson shall not be
> > liable for the message if altered, changed, falsified, printed or
> > disseminated without authorisation.
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org User Support Mailing List
> > [hidden email] Automated List Manager [hidden email]
> >
> > References
> >
> > 1. mailto:[hidden email]
> > 2. http://cxr.anderson-jacobson.com/
> --
>   cy pher
>   [hidden email]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: is any documentation for programmers?

Kyle Hamilton
In reply to this post by cy pher
avoid ECB mode.  Schneier's _Applied Cryptography_ goes into why, but
basically it has to do with the fact that once someone knows the
plaintext of a given block, that block will always be transparent to
them.

-Kyle H

On 4/21/06, cy pher <[hidden email]> wrote:

> Until i buy one of the books i have a question, which may be very easy
> to you, but, now i really need the ansver:
>
> i want to encrypt and decrypt strings, now i'm using the ecb encryption
> of openssl/aes.h
> and it looks the encrypted block length depends on the key, or the
> encrypted msg has an \0 in.
> i have to know the length of the block to base64 encode it.
> So if i encrypt my "utopia" test string with unsigned char
> key[32]="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb";
> strlen(encryptedmsg) returns 11 while if i use 32byte of "a" unsigned
> char strlen(encryptedmsg); returns 16.
> Does really depends the blocksize on password, or strlen is not a good
> way to know the blocksize? anyway, if i don't use my base 64 function it
> works fine,
> and if the pass is 32byte of "a" char i get 16 byte result which i can
> encode withe base64 and decode fine.
> BUT if i use the key "bbbbbbb..." my base64 encode fails when i try to
> encode and decode 11byte and fails when i try to encode and decode 16
> bytes.
> I think the block size must be fix 16byte unsigned char, and then strlen
> is not usable with the encoded text, and my base64 is buggy.
> Do anyone know any lib which have base64 functions to encode and decode
> string (char array)?
>
> Thanks, and sorry for looking lame, my english is bad, thats why i looks
> like an idiot after my mail :))
> CyPher
>
>
>
>
> On Fri, 21 Apr 2006 14:36:37 +0200, "Alexis Lefort"
> <[hidden email]> said:
> >
> > Hi,
> > There is another book from O'Reilly: "Network Security with OpenSSL",
> > from John Viega, Matt Messier and Pravir Chandra.
> > Hope it will help ;)
> > Marek Marcola a écrit :
> >
> > Hello,
> >
> >
> > I'm newbie at using openssl libs, and i need a documantation where i can
> > read about the function of libssl,
> > for example: i want to use aes for message encrypting, and i have to
> > know things like what length of key can i use..
> > I tried some keys and i found that the key length must be 16 or 32bytes,
> > but i'm not sure about things what i found out..
> > So if there is any online documentation of using libssh in programming
> > in c, please somebody tell me, where can i find it.
> >
> >
> > O'Reilly: Secure Programming Cookbook for C and C++
> >
> > It is not online and not free ...
> > but is very good and You will find there answers to your questions.
> > Worth to buy.
> >
> > Best regards,
> >
> >
> > --
> > Alexis Lefort
> > Ingenieur departement etudes
> > Tel: +33 (0)2 37 62 88 88
> > Fax: +33 (0)2 37 62 88 01
> > CXR - Rue de l'Ornette - 28410 ABONDANT
> > [1][hidden email]
> > [2]http://cxr.anderson-jacobson.com/
> >
> > Ce message et toutes les pièces jointes sont confidentiels et établis a
> > l'intention exclusive de ses destinataires. Toute modification, édition,
> > utilisation ou diffusion non autorisée est interdite. Tout message
> > électronique est susceptible d'altération. CXR Anderson Jacobson décline
> > toute responsabilité au titre de ce message s'il a été altéré, déformé,
> > falsifié, édité ou diffusé sans autorisation. This message and any
> > attachments are confidential and intended solely for the addressees. Any
> > unauthorised alteration, printing, use or dissemination is prohibited.
> > E-mails are susceptible to alteration. CXR Anderson Jacobson shall not be
> > liable for the message if altered, changed, falsified, printed or
> > disseminated without authorisation.
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org User Support Mailing List
> > [hidden email] Automated List Manager [hidden email]
> >
> > References
> >
> > 1. mailto:[hidden email]
> > 2. http://cxr.anderson-jacobson.com/
> --
>   cy pher
>   [hidden email]
>
> --
> http://www.fastmail.fm - The professional email service
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: is any documentation for programmers?

Heikki Toivonen
Kyle Hamilton wrote:
> avoid ECB mode.  Schneier's _Applied Cryptography_ goes into why, but
> basically it has to do with the fact that once someone knows the
> plaintext of a given block, that block will always be transparent to
> them.

A great demonstration with images at
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

--
  Heikki Toivonen



signature.asc (259 bytes) Download Attachment