DefaultEncryptorWithMAC

From Crypto++ Wiki
Jump to navigation Jump to search
DefaultEncryptorWithMAC
Documentation
#include <cryptopp/default.h>

DefaultEncryptorWithMAC is a class for encrypting and decrypting data with an authentication tag to detect tampering. The counterpart to DefaultEncryptorWithMAC is DefaultDecryptorWithMAC.

Algorithms

Crypto++ 6.0 and above DefaultEncryptorWithMAC uses AES as the default encryptor and SHA256 as the default hash for the MAC. The block ciper is operated in CBC Mode. Crypto++ 5.6.5 and below DefaultEncryptorWithMAC uses 2-key Triple DES as the default encryptor (i.e., DES_EDE2), and SHA1 as the default hash for the MAC. The block ciper is operated in CBC Mode. If you are using Crypto++ 6.0 then LegacyEncryptorWithMAC provides the old interop.

The password is mashed rather than derived using a Password Based Key Derivation Function. Each run through the DefaultEncryptorWithMAC produces a different result due to the use of a salt based on time and clock. If you perform two encryptions in quick succession it is possible to reuse a salt which is usually bad for security.

You can change the default ciphers. To do so, locate the following around line 12 in default.h and change it to whatever you like, like:

typedef Camellia Default_BlockCipher;
typedef Whirlpool DefaultHashModule;
typedef HMAC<DefaultHashModule> DefaultMAC;

Constructors

DefaultEncryptorWithMAC(const char *passphrase,
                        BufferedTransformation *attachment = NULL);
DefaultEncryptorWithMAC(const byte *passphrase,
                        size_t passphraseLength,
                        BufferedTransformation *attachment = NULL);

const char *passphrase - the password as a NULL terminated c-string.

const byte *passphrase - the password as a byte array.

size_t passphraseLength - the lenght of the password's byte array.

BufferedTransformation *attachment - an attached transformation, such as a Filter or Sink. Use NULL if there is no filter or sink.

Encrypting a String

The following encrypts and decrypts a string.

string message = "Now is the time for all good men to come to the aide of their country";
string password = "super secret password";
string encrypted, decrypted;

cout << "Message: " << message << endl;
cout << "Password: " << password << endl;

StringSource ss1(message, true,
    new DefaultEncryptorWithMAC(
        (byte*)&password[0], password.size(),
        new HexEncoder(
            new StringSink(encrypted)
        )
    )
);

cout << "Encrypted: " << encrypted << endl;

StringSource ss2(encrypted, true,
    new HexDecoder(
        new DefaultDecryptorWithMAC(
        (byte*)&password[0], password.size(),
            new StringSink(decrypted)
        )
    )
);

cout << "Decrypted: " << decrypted << endl;

A typical run of the program is below. The output will differ between runs due to the use of a salt based on time and clock.

$ ./cryptopp-test.exe
Message: Now is the time for all good men to come to the aide of their country
Password: super secret password
Encrypted: D8667AC7F6037B8577CCB9D75D2B9DE9166ED7286A3DFCF2BD6D07037864614C950D0D5DA9BAA658
D0D1E5CEB38C24D372F8C5B010335DB583676AA3FA31EB0C2CEC018F0AE0ACBE8F216B241B99DD0C
C41D0E7B7CACFDDFEBDFE61F6A3CCB15E08E6E23078A49A90BDC95360C4AF3A5
Decrypted: Now is the time for all good men to come to the aide of their country

Encrypting a File

Encrypting a file is not much different than encrypting a string - you just have to use a FileSource rather than a StringSource. The following encrypts and decrypts the same string of text, but does so from a file named secret-message.txt.

$ cat secret-message.txt 
Now is the time for all good men to come to the aide of their country

The program below stores the result of its operations in a string via a StringSink. To save the contents to a file, simply use a FileSink.

string password = "super secret password";
string encrypted, decrypted;

cout << "Password: " << password << endl;

FileSource fs1("./secret-message.txt", true,
    new DefaultEncryptorWithMAC(
        (byte*)&password[0], password.size(),
        new HexEncoder(
            new StringSink(encrypted)
        )
    )
);

cout << "Encrypted: " << encrypted << endl;

StringSource ss1(encrypted, true,
    new HexDecoder(
        new DefaultDecryptorWithMAC(
        (byte*)&password[0], password.size(),
            new StringSink(decrypted)
        )
    )
);

cout << "Decrypted: " << decrypted << endl;

A typical run of the program is below.

$ ./cryptopp-test.exe
Password: super secret password
Encrypted: C96C79081BD217729DA63EF799BB75AB5CE375A0517E20F950FD87ECB8847246BB84D1C40A5B3C66
964B6267C0B0DC7DA91744A32BDFDFF9BCEE677CAD53593B519D9BC4F06EC26AE94E8DBEC39BAC15
C41094BBF4097955785A7FE78C4CA6E2C278CBCE1C955DAF4850F20649AE2D4E
Decrypted: Now is the time for all good men to come to the aide of their country

Downloads

cryptopp-default-encryptor-test.zip - Example of DefaultEncryptorWithMAC and DefaultDecryptorWithMAC