I've got a project and a part of it is incorporating encryption into a FAT file system.
The goal of the project is not the encryption, so I'm free to use open-source pre-done libraries.
Ideally what I'm after is a C library which uses RSA, that already has the methods for computing keys and encrypting/decrypting files.
You might want to check out NaCl (pronounced as "salt"), especially since this is for an embedded system.
It has CPU-specific tunings and doesn't require any dynamic memory allocation.
As for licensing, the page (linked above) says "All of the NaCl software is in the public domain".
Regarding library - check Cryptlib . It has dual license and includes quite a lot of functionality.
However, capability to encrypt files right depends on how you write the data and how you expect to do encryption.
Streaming encryption for streams with random access (i.e. when you need to encrypt-decrypt file data on the fly when it's written or read) is not a trivial task and requires certain knowledge of cryptography to employ correct encryption mode and do this right.
On the other hand if you have a file and want it encrypted, CryptLib has PKCS7/CMS implementation to do the job.
You might want to give blowfish a try. It's royalty free and there are several open source C implementations. It was created by Bruce Schneier. Here is an article about using it with embedded systems.
Related
I'm looking for a library that allows me to authenticate data sent to embedded modules. Due to the hardware constraints, it needs to be of small footprint (both code and memory wise) and yet have security comparable to RSA-1024.
The requirements are as follows
Verification on embedded modules (custom CPUs, with only a C89 compiler available)
Signing and verification in Windows (C/C++ code)
Signing in Java (some data needs to be generated via a webpage, so Java would be a big perk)
I would very much like to not have to implement a PKCS #1 v1.5/PSS-like system myself, but I haven't been able to find any good libraries that match the above requirements. Open source would be nice, but commercial solutions are of equal interest. Note that I need access to the C-code, since it has to be recompiled for the custom CPUs.
NaCl looks promising, but it seems to be in development still.
I've had a look at OpenSSL, but it does a lot more than digital signatures and stripping out just the signature verification code was non-trivial.
Am I looking at it the wrong way?
I tried implementing SHA+RSA first, but I wasn't sure if the padding step was correct (which means that it probably wasn't secure), so I decided to post here instead for help.
EDIT: Clarification, only the verification part have the tough constraints on it. Signature and key generation will run on normal PCs.
Take a look at mbed TLS (formerly known as PolarSSL):
mbed TLS (formerly known as PolarSSL) makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products, facilitating this functionality with a minimal coding footprint.
How can implement such a kind of solution is related to CPU and memory architecture that we have available, therefore would have to tell me more about your system. The first way would be to develop this on the cloud. Another alternative would be SCL. Also, you can found some answers on Small RSA or DSA lib without dependencies
I'm trying to use public key crypto to sign and later verify a file. The file is a simple plaintext file that contains user information for authoring purposes.
I tried different sites for a C implementation of a public key crypto algorithm but I haven't found anything. A lot of sites point to using certificates (x.509, etc) but that is way beyond what I need. I am just looking for a way to generate and public and private keys and use a relatively well known algorithm to sign and verify a file.
Any pointers to a pure C implementation out there? The focus is on code that I can reuse and not external libs. The main problem being that I don't want to have to link against a full lib and its dependencies in order to have a very basic public key system.
Thanks.
OpenSSL is a very good package. You can just use the crypto library portion, which provides basic RSA implementations. That might be in line with what you are looking for.
Cryptlib is another alternative that could work for you. It has some strange licensing issues though, so consider those depending on how you will be using it.
Crypto++ is a set of different crypto technologies, and includes RSA, so you might try that.
Finally, RSA is not terribly complex to implement, so you could even implement it yourself using GMP, which provides the necessary mathematical functions you would need.
You may want to look at the well-respected, debugged, and tested OpenSSL libraries. Although OpenSSL is primarily for SSL/TLS networking, it contains extremely good implementations of many cryptographic protocols, which are often used by themselves for general cryptography.
Hope this helps!
DJ Bernstein's curve25519 lets you create public/private key pairs. It does not have functions for signing, but you should be able to figure that part out with not too much hassle.
Update: In the mean time, there's also Ed25519 which already has the signature generation stuff figured out, without you having to jump through hoops. Same author, same availability of software (also e.g. "Donna" implementation and python binding), same ease of use, comparable speed.
The original implementation as well as the "Donna" implementation are both available under very liberal licenses.
You need to compile one file and call exactly one function to generate a key pair, and it's very fast. No obscure requirements for the public key. All one ever needs for some "cheap, fast, easy public key crypto".
I think that there was an answer[1] that fitted your question on :: Small RSA or DSA lib without dependencies
You may find LibTomCrypt useful. It's written in C, supports RSA and
DSA (along with a host of other algorithms), and is public domain
software. You can read about its features here: http://libtom.org/?page=features
[1] https://stackoverflow.com/a/1735526/68338 ( courtesy of https://stackoverflow.com/users/33837/emerick-rogul )
The answers on this question contain some interesting links to other libraries.
However, I remember that there exists some reference source code in C for RSA and private key cryptography. I will add a link as soon as I have found it ;-)
EDIT
I just found "this link" (http://www.hackchina.com/en/cont/93068 - open on your own risk) - not sure about the source and details of that code. But, however, in the past the link to the original RSA reference implementation was contained somewhere in OpenSSL source or its documentation. Which is based on cryptsoft.com's library. I am sure the source can still be found somewhere on www.rsa.com/rsalabs/ - but I could not find it, and I am running out of time for now. Good luck ;-)
I am developing a tool in C which takes in a file as a input. I need to compute the SHA1 sum for the file. This tool needs to be platform compatible with Linux, Mac and windows. The files are huge in size ranging from 150MB to 2G. I need the tool to be able to compute the SHA at least as fast as the sha1sum Linux utility.
Any suggestions how I could go about incorporating SHA1? I am wary about using the openssl interface, since the clients for the tool would not necessary have openssl installed.
OpenSSL is the de facto standard in C. It needn't be installed since you can supply the library along with your program (or even statically compile it).
OpenSSL is BSD-style licensed, so you can even use just their SHA1 code directly in your program (giving credit), though it may be tricky to decouple it from the library.
My digest package for R includes short standalone C sources for md5, sha1, sha256, ... which were written by Christophe Devine. It is nice code, and it includes a few tests replicating the reference results from the specifications.
I believe his site no longer exists, but when I eg checked Google Code Search for it, the same functions seem to have been included in a number of other open source projects. You can easily extract these sources from my tarballs or even directly from the SVN directory at R-Forge's digest repo.
I've been tasked with adding streams support (C89/C90) to the libraries for my company's legacy embedded C compiler. Our target hardware typically has 1MB or less of code space and does not have an operating system.
We have a lot of stream-like implementations throughout the codebase that I can use as a starting point. For example, a console that works over a TCP sockets or serial port, a web server that reads from FAT on SD card or in-memory file, and even a firmware updater that reads from many sources.
Before I go and re-invent the wheel, I'm wondering if there are existing implementations that I could either port or use as a starting point for my work. Even though we provide full source code to our customers, GPL-licensed code isn't an option since our customers don't want to release source code to their products.
Can anyone recommend a book (annotated Unix source, CompSci text) or public domain/BSD-licensed source? I'd prefer to look at an older OS targeted to a single device, as current operating systems contain a tangle of macros and layers of typedefs that make following even a simple struct definition difficult.
Take a look at P.J. Plauger's book The Standard C Library, which describes in detail one possible implementation of the complete C89 standard library.
You should be able to pull most of what you need from the source code for the GNU C standard library. It is licensed with the Lesser GPL, which means you can link to the library without affecting the license of your software (or forcing your customers to release their code). Porting this to your platform (thus keeping the LGPL-ed code in its own library) may be easier than implementing your own from scratch.
Several different projects have taken GNU GLIBC and optimized it for embedded systems. You may want to look at:
Embedded GLIBC (LGPL)
uLIBC (LGPL)
Newlib (multiple free licenses)
In particular, EGLIBC and uLIBC were designed to run properly on embedded systems that lack a MMU.
You can also have a look at BSD's implementation of libc
Alternatively there is STLSoft, who provides several libraries (including the C standard lib) under a BSD license. I can't attest to their quality since I haven't used their code myself, but it might be worth looking at if you can't work LGPL-ed code into your project.
Wouldn't *BSD (Net|Open|Free)'s libc be suitable? At least as a starting point.
Try looking at http://www.minix3.org/
Check your development tools. Some development tools come with their on source for their software libraries.
I took the source for the Compiler's printf and adapted for a debug port on an embedded system. There is less work when you have a foundation to build from.
I was wondering if you know somewhere where I can find information on how to build a signature file for docuement retrieval.
Do you know if there is some code out there that I can use or look at?
I have to create a signature file in C++ under linux platform.
UPDATE: Sorry, I appreciatte the help but I was refering to signature files not as a way to validate documents but as a way of indexing documents.
http://en.wikipedia.org/wiki/Signature_files
Any help will be greatly appreciated.
Thanks,
Firstly, lets clarify some terminology.
A Digital Signature is intended to be equivilent to a handwritten signature (see http://en.wikipedia.org/wiki/Digital_signature for a better description and overview).
When a digital signature is applied to a document you get a higher level of assurance of the authenticity of the document (you have a better idea if the document was forged or not).
The answers from Adam and Robert both refer to methods for verifying document integrity (that the document is unchanged). While a digital signature also provides this, a checksum (hash) does not provide authenticity.
So it's important that we establish the needs of your "Signature file". I will assume that you are talking about Digital Signatures, rather than checksums as the other answers address checksums.
You will want to compose a PKCS#7 detached signature (jargon - a standard format signature that does not contain the data, so it can be stored seperately). To acheive this I recommend you use a standard library such as OpenSSL (which is portable).
For more information on PKCS#7 see http://www.rsa.com/rsalabs/node.asp?id=2129
For more information on OpenSSL see http://www.openssl.org/
You might look at Semantic Hacker or Yahoo Term Extraction.
md5sum might be what you are looking for. Source code for generating md5 signatures is available if you Google around.
From Wikipedia:
Because almost any change to a file
will cause its MD5 hash to also
change, the MD5 hash is commonly used
to verify the integrity of files
(i.e., to verify that a file has not
changed as a result of file transfer,
disk error, meddling, etc.). The
md5sum program is installed by default
in most Unix, Linux, and Unix-like
operating systems or compatibility
layers. BSD variants (including Mac OS
X) have a similar utility called md5.
Versions for Microsoft Windows do
exist.
Similarly to Adam's suggestion, if you're working on a very large amount of documents, it might be a good idea to check out SHA1 and sha1sum. Less collisions, and a bit more advanced encryption.