001
19.01.2008, 13:42 Uhr
0xdeadbeef
Gott
(Operator)
|
Ich würd gcrypt vorschlagen, denn dazu hab ich grad ein Programm zur Hand, das ich mal geschrieben hab 
| C++: |
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <gcrypt.h>
#include <sys/mman.h>
#include <termios.h>
#include <unistd.h>
#ifdef __GNUC__
#define UNUSED __attribute__((unused))
#else
#define UNUSED
#endif
#ifndef PASS_MAX
#define PASS_MAX 256
#endif
#define BLOCKSIZE 512
#define KEYSIZE 32
static char const salt[] = "fia92\01m dwq+=**";
static size_t salt_size = sizeof(salt);
typedef gcry_error_t (*transform_func_t)(gcry_cipher_hd_t,
void *, size_t,
void const *, size_t);
gcry_error_t diagnose_gcry_error(gcry_error_t err, char const *file, int line) {
if(err != 0) {
fprintf(stderr, "%s, %d: %s\n", file, line, gcry_strerror(err));
}
return err;
}
#define CHECK_GCRY(err) diagnose_gcry_error(err, __FILE__, __LINE__)
static char *get_password(char *buf, size_t n) {
struct termios old, new;
char *ret;
if(tcgetattr(STDIN_FILENO, &old) != 0)
return NULL;
new = old;
new.c_lflag &= ~ECHO;
if(tcsetattr(STDIN_FILENO, TCSAFLUSH, &new) != 0)
return NULL;
ret = fgets(buf, n, stdin);
(void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &old);
putchar('\n');
return ret;
}
static void progress_cb(void UNUSED *cb_data,
char const UNUSED *what,
int printchar,
int current,
int total)
{
printf("\r[%3.2g]%c", (double) current / total * 100, printchar);
fflush (stdout);
}
int dencrypt(FILE *in,
FILE *out,
gcry_cipher_hd_t cipher,
transform_func_t crypto_func) {
gcry_error_t err = 0;
int ret = 0;
size_t chars_read;
char inbuf[BLOCKSIZE], outbuf[BLOCKSIZE];
mlock( inbuf, BLOCKSIZE);
mlock(outbuf, BLOCKSIZE);
while((chars_read = fread(inbuf, sizeof(char), BLOCKSIZE, in)) > 0) {
err = CHECK_GCRY(crypto_func(cipher,
outbuf, chars_read,
inbuf , chars_read));
if(err ||
fwrite(outbuf, sizeof(char), chars_read, out) != chars_read) {
ret = -1;
}
}
memset(outbuf, 0, BLOCKSIZE);
memset( inbuf, 0, BLOCKSIZE);
munlock( inbuf, BLOCKSIZE);
munlock(outbuf, BLOCKSIZE);
return ret;
}
int main(int argc, char *argv[]) {
gcry_md_hd_t hash;
gcry_cipher_hd_t cipher;
char pass[PASS_MAX];
FILE *in,
*out;
if(argc != 4 || !strchr("de", argv[1][0])) {
return -1;
}
mlock(pass, PASS_MAX);
printf("Initialisiere gcrypt %s\n", gcry_check_version(NULL));
CHECK_GCRY(gcry_control(GCRYCTL_INIT_SECMEM, 8192));
gcry_set_progress_handler(progress_cb, NULL);
CHECK_GCRY(gcry_cipher_open(&cipher,
GCRY_CIPHER_AES256,
GCRY_CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE));
CHECK_GCRY(gcry_md_open(&hash, GCRY_MD_SHA256, 0));
printf("Schlüssel: ");
fflush(stdout);
if(get_password(pass, PASS_MAX) != NULL) {
gcry_md_write(hash, pass, strlen(pass));
CHECK_GCRY(gcry_md_final(hash));
CHECK_GCRY(gcry_cipher_setkey(cipher,
gcry_md_read(hash, GCRY_MD_SHA256),
KEYSIZE));
CHECK_GCRY(gcry_cipher_setiv (cipher, salt, salt_size));
in = fopen(argv[2], "r");
out = fopen(argv[3], "w");
if(in != NULL &&
out != NULL) {
if(dencrypt(in,
out,
cipher,
argv[1][0] == 'e' ?
gcry_cipher_encrypt :
gcry_cipher_decrypt)
!= 0) {
fputs("De-/Encryption failed.", stderr);
}
}
if(out != NULL) fclose(out);
if(in != NULL) fclose(in );
}
gcry_md_close(hash);
gcry_cipher_close(cipher);
CHECK_GCRY(gcry_control(GCRYCTL_TERM_SECMEM));
memset( pass, 0, PASS_MAX);
munlock(pass, PASS_MAX);
return 0;
}
|
...du müsstest halt nur statt GCRY_CIPHER_AES256 GCRY_CIPHER_TWOFISH benutzen.
Genauere Doku dazu hier. Die Bibliothek ist sehr einfach zu benutzen, aber ein bisschen Hintergrundwissen über Kryptographie muss man natürlich trotzdem haben.
--
Einfachheit ist Voraussetzung für Zuverlässigkeit.
-- Edsger Wybe Dijkstra
Dieser Post wurde am 19.01.2008 um 14:23 Uhr von 0xdeadbeef editiert. |
