Click here to Skip to main content
15,913,487 members
Search within:


Articles / Programming Languages / C++
 
Tip/Trick

The #1 Rule of Cryptography

Rate me:
Please Sign up or sign in to vote.
4.77/5 (4 votes)
31 Mar 2019MIT 9.1K   4   5
Don’t invent your own!

The #1 rule of cryptography: Don’t invent your own!

OK wiseman, now what? You want to add crypto to your program but you don’t want to code it all yourself. I’ll show you three libraries that make it possible. The choice will be yours as to which one to use.

For this example, I wanted to write a simple function that accepts a...

C++
std::string

...message and returns hex encoded SHA-1 hash. I picked the following libraries: Crypto++, WolfSSL, and Botan. All three made it pretty easy, and I don’t want to get into the business of picking winners and losers, but… Botan made it a breeze and I think it will be my choice going forward. 

crypto.cpp:

C++
#include <iostream>
#include <sstream>
#include <string>
#include <cryptopp/cryptlib.h>
#include <cryptopp/sha.h>
#include <cryptopp/hex.h>
#include <cryptopp/files.h>
#include <wolfssl/wolfcrypt/sha.h>
#include <botan-2/botan/hash.h>
#include <botan-2/botan/hex.h>

using namespace std;

string Hash_CryptoPP(const string& msg)
{
	CryptoPP::SHA1 hash;
	std::string digest(hash.DigestSize(), '*');
	stringstream output;

	hash.Update((const CryptoPP::byte*)msg.data(), msg.size());
	hash.Final((CryptoPP::byte*)&digest[0]);

	CryptoPP::HexEncoder encoder(new CryptoPP::FileSink(output));
	CryptoPP::StringSource(digest, true, new CryptoPP::Redirector(encoder));

	return output.str();
}

string Hash_WolfSSL(const string& msg)
{
	Sha sha;
	::byte shaSum[SHA_DIGEST_SIZE];
	stringstream output;

	wc_InitSha(&sha);
	wc_ShaUpdate(&sha, (::byte*)msg.data(), msg.length());
	wc_ShaFinal(&sha, shaSum);

	string digest(shaSum, shaSum + SHA_DIGEST_SIZE);
	CryptoPP::HexEncoder encoder(new CryptoPP::FileSink(output));
	CryptoPP::StringSource(digest, true, new CryptoPP::Redirector(encoder));

	return output.str();
}

string Hash_Botan(const string& msg)
{
	auto hash = Botan::HashFunction::create("SHA-1");
	hash->update((uint8_t*)msg.data(), msg.length());
	return Botan::hex_encode(hash->final());
}

int main()
{
	std::string msg = "Vorbrodt's C++ Blog @ https://vorbrodt.blog";

	cout << "Message: " << msg << endl;
	cout << "Digest : " << Hash_CryptoPP(msg) << endl << endl;

	cout << "Message: " << msg << endl;
	cout << "Digest : " << Hash_WolfSSL(msg) << endl << endl;

	cout << "Message: " << msg << endl;
	cout << "Digest : " << Hash_Botan(msg) << endl << endl;
}

Program output:

Message: Vorbrodt’s C++ Blog @ https://vorbrodt.blog
Digest : 24BCAC1359AA8B773D38D6A05B22BB43DAB5B8E5

Message: Vorbrodt’s C++ Blog @ https://vorbrodt.blog
Digest : 24BCAC1359AA8B773D38D6A05B22BB43DAB5B8E5

Message: Vorbrodt’s C++ Blog @ https://vorbrodt.blog
Digest : 24BCAC1359AA8B773D38D6A05B22BB43DAB5B8E5

License

This article, along with any associated source code and files, is licensed under The MIT License


Written By
Martin Vorbrodt
Software Developer (Senior)
United States United States
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
First Prev Next
QuestionAgree with base assertion, but!!! Pin
itprorh669-Apr-19 19:43
itprorh669-Apr-19 19:43 
To start, I definitely agree with the author's base assertion, "The Rule #1 of implementing Cryptography is don't invent your own." Also, I would like to point out, I am not nor have I ever claimed to be an expert on the topic of cryptography. I place myself in the category of knowing just enough to be a danger to myself and others.

I guess my biggest issue with this article/blog post is that it attempts to illustrate the ease implementing a cryptographic application using one of three different standard C++ libraries through the example of comparing approaches to hashing a string sequence. This is kind of like comparing automobiles by the shininess of their respective hub caps. There is so much more to implementing a secure, reliable cryptographic application for example one of my favorite articles on the subject 'Crypto 101 by Laurens Van Houten' identifies 10 key elements of a cryptographic system. This article also indicates that SHA-1's use as a hashing algorithm is no longer considered secure.

From this, I don't want anyone to think, the three identified cryptographic libraries are not suitable for implementing a cryptographic algorithm. I have no experience using these libraries, however, a quick review of the functions provided by these libraries demonstrate they have much to offer in terms of elements of a cryptographic solution. The developer just needs to select the library that is best suited to their application needs: follow good design methods; and adhere to good security practices.
GeneralYes, Mostly Pin
Rick York2-Apr-19 10:03
mveRick York2-Apr-19 10:03 
GeneralMy vote of 4 Pin
Glenn Sugden1-Apr-19 14:58
Glenn Sugden1-Apr-19 14:58 
QuestionCould be interesting but Pin
tbayart1-Apr-19 2:51
professionaltbayart1-Apr-19 2:51 
AnswerRe: Could be interesting but Pin
Rick York2-Apr-19 9:49
mveRick York2-Apr-19 9:49 
Last Visit: 31-Dec-99 18:00     Last Update: 7-Jun-24 5:09Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 31 Mar 2019

Article Copyright 2019 by Martin Vorbrodt
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-05-30:1