Encrypting and decrypting a small file using openssl

Question

I want to write a small program in C/C++ which reads a small text file, and encrypts it, using a \"internal\" key. Then I also want to write another small program which can

Answer 1

OpenSSL is specifically concerned with implementing SSL and TLS which are protocols for encrypting data over a network. Since you are just looking to encrypt a file, it is possible to use OpenSSL but not ideal.

Instead, I would use something like BeeCrypt or Crypto++® Library 5.6.0 which both provide examples for their use.

Answer 2

Ideally, you could use an existing tool like ccrypt, but here goes:

#include <openssl/aes.h>

/* ... */


{
  int bytes_read, bytes_written;
  unsigned char indata[AES_BLOCK_SIZE];
  unsigned char outdata[AES_BLOCK_SIZE];

  /* ckey and ivec are the two 128-bits keys necesary to
     en- and recrypt your data.  Note that ckey can be
     192 or 256 bits as well */
  unsigned char ckey[] =  "thiskeyisverybad";
  unsigned char ivec[] = "dontusethisinput";

  /* data structure that contains the key itself */
  AES_KEY key;

  /* set the encryption key */
  AES_set_encrypt_key(ckey, 128, &key);

  /* set where on the 128 bit encrypted block to begin encryption*/
  int num = 0;

  while (1) {
    bytes_read = fread(indata, 1, AES_BLOCK_SIZE, ifp);

    AES_cfb128_encrypt(indata, outdata, bytes_read, &key, ivec, &num,
           AES_ENCRYPT);

    bytes_written = fwrite(outdata, 1, bytes_read, ofp);
    if (bytes_read < AES_BLOCK_SIZE)
  break;
  }
}

Decryption is done by calling AES_cfb128_encrypt with AES_DECRYPT as the last parameter. Note that this code hasn't been given anything more than the most elementary of testing, and that you really should use proper 8-bits random data for ckey and ivec.

EDIT: It seems AES_cfb128_encrypt accepts data of arbitrary length, so you're not required to encrypt in blocks of AES_BLOCK_SIZE (16) bytes.

Answer 3

Previous answers have pointed you towards how to do what you asked for.

I'd like to add a word on why you probably shouldn't do this.

What you are talking about is called "symmetric encryption" (the same key is used for encrypting and decrypting, as opposed to asymmetric encryption where everything encrypted with one key can only be decrypted by a specific counterpart).

Disassembling an executable to determine a hardcoded key being used is next-to-trivial. That means, anyone who gets his/her hands on one of your executables, ever, can break the encryption of any message ever exchanged.

Unless the application you have in mind is very specific, this means your setup might "look" secure, but isn't. In these cases, it's usually better not to encrypt at all, so that no-one involved falls for that false sense of security...

It's very good you are looking to standard libraries to do the encryption (instead of implementing / creating an algorithm yourself), but the protocoll (how applications, keys, and messages are used and exchanged) is at least as important as the cipher itself. You might want to have your ideas tested by someone dealing in cryptography, to tell you the weaknesses. (I'm sure there's enough of that kind here at StackOverflow. ;-) )