Is there a small library for RSA or DSA without any dependencies like GMP or OpenSSL? (Written in C or Asm)
You may find LibTomCrypt useful. It's written in C, supports RSA and DSA (along with a host of other algorithms), and is public domain software. You can read about it here.
Take a look at axTLS it's a BSD licensed TLSv1 SSL in C for embedded systems. It's built for POSIX sockets, but is easily ported.
The one thing it's missing is RSA key generation, but it can read X.509 certificates.
It's about 32KB of code space with a small RAM footprint.
Okay I found myself one after searching not so common coder sites http://z0mbie.daemonlab.org/ it's under PGP/RSA-RELATED if someones interested. But are there any others?
Related
My C code uses librypto.a library to link to the compiled source code at the final stage for implementing RSA algorithm.
When a vulnerability scan was done, it comes back with a YARA signature match for the following:
YARA signature "ldpreload" classified file as as "backdoor" based on indicators: "dlopen,dlsym,fopen,fopen64,__fxstat,accept,Accept,open,Open,OPEN,opendir,readdir"
This is because I use the libcrypto.a library from Open SSL. I thought this is a widely used library for implementing crypro algorithms. How to mitigate this issue? Should try to get this whitelisted as I was not able to find any other way of implementing RSA in C without having to use OpenSSL libraries.
I'm building a network kernel extension which requires the OpenSSL library by including a few headers in some of my project files.
The problem is that OpenSSL includes stdlib.h (among other headers) which all throw errors (File not found). Same happens if I include stdlib.h in a project file.
I guess that's due to the fact that they are not available in the kernel.
So, how do I include them? What am I missing?
Otherwise, how do I include CommonCrypto or any crypto library in the kernel?
Thank you!
OpenSSL and CommonCrypto are userspace libraries. They are not available in the kernel.
Some parts of CoreCrypto are available in the kernel under <libkern/crypto/…> and <corecrypto/…>. Generally speaking, however, this is limited to cryptographic primitives (AES, RSA, SHA, etc), not higher-level tools like X509 certificate parsing, key exchange algorithms, or TLS.
I've got a project and a part of it is incorporating encryption into a FAT file system.
The goal of the project is not the encryption, so I'm free to use open-source pre-done libraries.
Ideally what I'm after is a C library which uses RSA, that already has the methods for computing keys and encrypting/decrypting files.
You might want to check out NaCl (pronounced as "salt"), especially since this is for an embedded system.
It has CPU-specific tunings and doesn't require any dynamic memory allocation.
As for licensing, the page (linked above) says "All of the NaCl software is in the public domain".
Regarding library - check Cryptlib . It has dual license and includes quite a lot of functionality.
However, capability to encrypt files right depends on how you write the data and how you expect to do encryption.
Streaming encryption for streams with random access (i.e. when you need to encrypt-decrypt file data on the fly when it's written or read) is not a trivial task and requires certain knowledge of cryptography to employ correct encryption mode and do this right.
On the other hand if you have a file and want it encrypted, CryptLib has PKCS7/CMS implementation to do the job.
You might want to give blowfish a try. It's royalty free and there are several open source C implementations. It was created by Bruce Schneier. Here is an article about using it with embedded systems.
i have a client/server application in C unix, and i need to encrypt/decript the data with something like RSA (but not necessarly RSA). Is there a library (and the correspondent documentation) for this kind of function?
You can take a look at SSL/TLS C API.
For a Client/Server Application, the best way to ensure security is by using TLS/SSL.
The latest version of TLS is TLS 1.2 (RFC 5246) and as WagnerVaz has rightly mentioned, the best opensource library available fro TLS is OpenSSL .OpenSSL not only provides the library for TLS/Crypto. But, it also provides you a tool for generating certificates & private keys (based on RSA/DSA etc) on various formats.
Though OpenSSL is the finest TLS Library available in the market, it is a little difficult to understand and use for a first timer. There is a very wonderful tutorial written by Eric Rescorla himself on using OpenSSL.
An Introduction to OpenSSL Programming (Part - I) /
An Introduction to OpenSSL Programming (Part - II)
It would be best if you first try to get some idea as to what is SSL and then start writing code for the same.
Alternately, let's say you are interested only in assymetric encryption / decryption, still OpenSSL's Crypto Libraries can be used.
I'm trying to use public key crypto to sign and later verify a file. The file is a simple plaintext file that contains user information for authoring purposes.
I tried different sites for a C implementation of a public key crypto algorithm but I haven't found anything. A lot of sites point to using certificates (x.509, etc) but that is way beyond what I need. I am just looking for a way to generate and public and private keys and use a relatively well known algorithm to sign and verify a file.
Any pointers to a pure C implementation out there? The focus is on code that I can reuse and not external libs. The main problem being that I don't want to have to link against a full lib and its dependencies in order to have a very basic public key system.
Thanks.
OpenSSL is a very good package. You can just use the crypto library portion, which provides basic RSA implementations. That might be in line with what you are looking for.
Cryptlib is another alternative that could work for you. It has some strange licensing issues though, so consider those depending on how you will be using it.
Crypto++ is a set of different crypto technologies, and includes RSA, so you might try that.
Finally, RSA is not terribly complex to implement, so you could even implement it yourself using GMP, which provides the necessary mathematical functions you would need.
You may want to look at the well-respected, debugged, and tested OpenSSL libraries. Although OpenSSL is primarily for SSL/TLS networking, it contains extremely good implementations of many cryptographic protocols, which are often used by themselves for general cryptography.
Hope this helps!
DJ Bernstein's curve25519 lets you create public/private key pairs. It does not have functions for signing, but you should be able to figure that part out with not too much hassle.
Update: In the mean time, there's also Ed25519 which already has the signature generation stuff figured out, without you having to jump through hoops. Same author, same availability of software (also e.g. "Donna" implementation and python binding), same ease of use, comparable speed.
The original implementation as well as the "Donna" implementation are both available under very liberal licenses.
You need to compile one file and call exactly one function to generate a key pair, and it's very fast. No obscure requirements for the public key. All one ever needs for some "cheap, fast, easy public key crypto".
I think that there was an answer[1] that fitted your question on :: Small RSA or DSA lib without dependencies
You may find LibTomCrypt useful. It's written in C, supports RSA and
DSA (along with a host of other algorithms), and is public domain
software. You can read about its features here: http://libtom.org/?page=features
[1] https://stackoverflow.com/a/1735526/68338 ( courtesy of https://stackoverflow.com/users/33837/emerick-rogul )
The answers on this question contain some interesting links to other libraries.
However, I remember that there exists some reference source code in C for RSA and private key cryptography. I will add a link as soon as I have found it ;-)
EDIT
I just found "this link" (http://www.hackchina.com/en/cont/93068 - open on your own risk) - not sure about the source and details of that code. But, however, in the past the link to the original RSA reference implementation was contained somewhere in OpenSSL source or its documentation. Which is based on cryptsoft.com's library. I am sure the source can still be found somewhere on www.rsa.com/rsalabs/ - but I could not find it, and I am running out of time for now. Good luck ;-)