密碼類庫Crypto++™ Library 5.1的研究與應(yīng)用

摘要

引言

在計算機被廣泛應(yīng)用的信息時代，信息本身就是時間，就是財富。大量信息用數(shù)據(jù)形式存放在計算機系統(tǒng)里。信息的傳輸則通過公共信道。這些計算機系統(tǒng)和公共信道是不設(shè)防的，是很脆弱的，容易受到攻擊和破壞，信息的丟失不容易被發(fā)現(xiàn)，而且后果是極其嚴(yán)重。如何保護(hù)信息的安全已不僅僅是軍事和政府部門感興趣的問題，其他企事業(yè)單位也愈感迫切。因為在網(wǎng)絡(luò)化的今天，計算機犯罪每年使他們遭受的損失極其巨大，而且還在發(fā)展中。密碼是有效而且可行的保護(hù)信息安全的辦法。隨著計算機網(wǎng)絡(luò)不斷滲透到各個領(lǐng)域，密碼學(xué)的應(yīng)用也隨著擴大。數(shù)字簽名、身份鑒別、等都是由密碼學(xué)派生出來的新技術(shù)和應(yīng)用。目前開放源代碼的加密庫中，密碼類庫Crypto++是比較流行的，目前的最高版本為Crypto++™ Library 5.1，它實現(xiàn)了各種公開密鑰算法、對稱加密算法、數(shù)字簽名算法、信息摘要算法以及其相關(guān)的其它算法等等，Crypto++™ Library 5.1幾乎包括了目前所有安全算法庫，對密碼類庫Crypto++™ Library 5.1的研究與應(yīng)用對計算機網(wǎng)絡(luò)安全的研究與發(fā)展有重大的實際意義。

（一）Crypto++™ Library 5.1要求的密碼知識

Crypto++™ Library 5.1要求什么樣的密碼知識基礎(chǔ)呢，很多初學(xué)者都想知道這個問題。然而當(dāng)你提出一個基礎(chǔ)的問題在別處找到答案，你會發(fā)現(xiàn)這對你沒有多大用處，因為越來越多熟練使用這個類庫包的人不僅僅是考慮挑戰(zhàn)安全問題。

該密碼庫的建立是假設(shè)你對密碼術(shù)語已經(jīng)有一定的了解的基礎(chǔ)上的，如果你已經(jīng)達(dá)到這一點，你可以進(jìn)行一些比較基礎(chǔ)的研究，到那時你會發(fā)現(xiàn)即使在最有利的情況下建立一個安全體系也是很困難的。如果你可以克服這些困難去研究這方面知識，你可以從一些網(wǎng)站獲得比較專業(yè)的幫助。

Crypto++庫包含有大量的算法，但是它們對用戶來說并不總是顯而易見的，下面推薦一些算法，因為這些算法不但用得很廣，而且被公認(rèn)比較安全的，并且是免費的。

1、  分組密碼：DES-EDE3, Blowfish, Rijndael

2、  序列密碼：

3、  Hash函數(shù)：SHA1

4、  消息認(rèn)證碼： HMAC/SHA1

5、  公鑰加密：RSA/OAEP/SHA1

6、  簽名：RSA/PKCS1v15/SHA1, DSA, Generalized-DSA/SHA1

7、  密鑰協(xié)議：DH

8、  隨機數(shù)產(chǎn)生器：RandomPool, AutoSeededRandomPool

（二）密碼類庫Crypto++™ Library 5.1的內(nèi)容

Crypto++ 庫是一個用c++ 編寫的密碼類庫，是一個自由軟件。Crypto++™ Library 5.1于2003年3月22日發(fā)布，是目前最高的版本，該版本加入了除了作者Wei Dai以外的另外一些作者的代碼重新包裝成類，類庫里主要包含下列的內(nèi)容：

1、  用抽象類定義API類的繼承層次

2、  高級加密標(biāo)準(zhǔn)AES（Advanced Encryption Standard） Rijndael和AES候選算法：RC6, MARS, Twofish, Serpent, CAST-256

1997年4月15日美國國家標(biāo)準(zhǔn)技術(shù)研究所NIST發(fā)起征集高級加密標(biāo)準(zhǔn)AES算法的活動，目的是為確定一個安全性能更好的分組密碼算法用于取代DES，AES的基本要求是比三重DES快并且至少與DES一樣安全,分組長度為128位,密鑰長度為128位,192位或256位.2001年11月26日,NIST正式公布高級加密標(biāo)準(zhǔn)AES, AES的安全性能是良好的,經(jīng)過多年來的分析和測試,至今沒有發(fā)現(xiàn)AES的明顯缺點,也沒有找到明顯的安全漏洞. AES能夠抵抗目前已知的各種攻擊方法的攻擊。

3、  對稱分組密碼：IDEA, DES, Triple-DES (DES-EDE2 and DES-EDE3), DESX (DES-XEX3), RC2, RC5, Blowfish, Diamond2, TEA, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square, Skipjack。

分組密碼又稱為秘密鑰密碼或?qū)ΨQ密碼。利用分組密碼對明文進(jìn)行加密時，首先需要對明文進(jìn)行分組，每組的長度都相同，然后對每組明文分別加密得到等長的密文，分組密碼的特點是加密密鑰與解密密鑰相同。分組密碼的安全性應(yīng)該主要依賴于密鑰，而不依賴于對加密算法和解密算法的保密。因此，分組密碼的加密和解密算法可以公開。

4、  一般的密碼模式：ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter mode (CTR) 。

電子密本（ECB）， 密碼分組鏈接(CBC)，輸出反饋(OFB)和密文反饋(CFB)

5、  序列密碼：Panama, ARC4, SEAL, WAKE, WAKE-OFB, BlumBlumShub

序列密碼可以認(rèn)為是起源于20世紀(jì)20年代的Vernam體系，當(dāng)Vernam體制中的密鑰序列是隨機的(0,1)時，他就是“一次一密“密碼體制。Shannon已經(jīng)證明了“一次一密“密碼體制在理論上是不可破譯的。由于隨機的密鑰序列產(chǎn)生、存儲以及分配等方面存在一定的困難，Vernam體制在當(dāng)時并沒有得到廣泛的應(yīng)用。隨著微電子技術(shù)和數(shù)學(xué)理論的發(fā)展與完善，基于偽隨機序列的序列密碼得到了長足的發(fā)展和應(yīng)用。在序列密碼中，加密和解密所用的密鑰都是偽隨機序列，偽隨機序列的產(chǎn)生比較容易并且有比較成熟的數(shù)學(xué)理論工具，目前，序列密碼是 世界各國的軍事和外交等領(lǐng)域中使用的主要密碼體制之一。

6、  公鑰密碼: RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin, Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN

在公鑰密碼體制中加秘密鑰和解密密鑰是不一樣的，加密密鑰可以公開傳播而不危及密碼體制的安全性。

RSA公鑰密碼體制的安全性是基于大整數(shù)的素分解問題的難解性，

7、公鑰密碼系統(tǒng)補丁：PKCS#1 v2.0, OAEP, PSSR, IEEE P1363 EMSA2

8、密鑰協(xié)商方案：Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH

9、橢圓曲線密碼：ECDSA, ECNR, ECIES, ECDH, ECMQV

9、  單向hash函數(shù)：

hash函數(shù)是一種將一種任意長度的消息(message)壓縮為某一固定長度的消息摘要(message digest)的函數(shù)。hash函數(shù)可以用于數(shù)字簽名和消息的完整性檢測。

SHA-1,:

安全hash算法SHA

 MD2, MD4, MD5, HAVAL, RIPEMD-160, Tiger, SHA-2 (SHA-256, SHA-384, and SHA-512), Panama

11、消息認(rèn)證碼(MAC)：MD5-MAC, HMAC, XOR-MAC, CBC-MAC, DMAC

12、基于密碼結(jié)構(gòu)的Hash函數(shù)：Luby-Rackoff, MDC

13、偽隨機數(shù)發(fā)生器(PRNG): ANSI X9.17 appendix C, PGP's RandPool

14、password based key derivation functions：PBKDF1 and PBKDF2 from PKCS #5

15、壓縮和解壓算法

16、大整數(shù)和多項式快速精確算法

17、有限范圍內(nèi)的算法包括GF(p) 和 GF(2^n)

18、素數(shù)的產(chǎn)生和驗證

等等。

（三）密碼類庫Crypto++™ Library 5.1的開發(fā)過程

Crypto++密碼類庫自從發(fā)布以來，作為一個自由軟件，得到廣大開發(fā)者的支持，吸收了很多優(yōu)秀的算法和原代碼，一直在不斷的在完善和擴大，適應(yīng)了各種常用的操作系統(tǒng)和編譯平臺。

（四）密碼類庫Crypto++™ Library 5.1的編譯平臺

Crypto++™ Library 5.1 支持多種操作系統(tǒng)和各種各樣的編譯平臺,但是對于有些操作系統(tǒng)下的一些編譯平臺要添加一定的補丁，下面我們就把一些常用的操作系統(tǒng)和編譯平臺的編譯情況列出來如下：

（五）密碼類庫Crypto++™ Library 5.1的類庫分析

密碼庫是用了高層的c++特征，如模板，多重繼承和異常等一流的強有力的工具來實現(xiàn)各種各樣錯綜復(fù)雜的密碼算法

For people who are familiar with C++, the library will appear intuitive and easy to use. Others may need to view it as a learning opportunity. If you are a C++ beginner and you are under a very tight schedule, or if you are "afraid" of the more advanced features of C++, this library may not be for you. Having said that, you are invited to see for yourself how easy or hard it is to use by looking at some of the other answers in this category.

對熟悉c++的用戶來說很容易用，

下載：
Where is the tutorial?
Where is the reference manual?
Is there anyone I could pay to help me with this?

How am I going to use Crypto++ if I don't have a clue about cryptography?
Recommended Algorithms

There is nothing the more experienced people that use this library like more than a challenging security question to mull over. However, you may find you don't get much help if you ask a basic question with an answer that is well-documented elsewhere.

The library assumes you know in cryptographic terms what you want to achieve. Until you reach that point, perhaps you should do some background research? You should also know that building secure systems is difficult at the best of times. If you can afford it, you can get some professional help: Is there anyone I could pay to help me with this?

The good news is that there is a decent body of literature to help you. A list of recommended cryptography books is available at http://books.cryptopp.com. A lot of good crypto information is also available on the web. See http://links.cryptopp.com for a list of recommended sites.

Crypto++ contains a large number of algorithms, and it may not always be obvious which ones to use. The algorithms given below are recommended because they are widely used and generally considered to be secure and patent-free.

block cipher: DES-EDE3, Blowfish, Rijndael
stream cipher: MARC4 (ARC4 with first 256 bytes of keystream discarded), any of the above block ciphers in CTR mode
hash function: SHA1
message authentication code: HMAC/SHA1
public key encryption: RSA/OAEP/SHA1
signature: RSA/PKCS1v15/SHA1, DSA, Generalized-DSA/SHA1
key agreement: DH
random number generator: RandomPool, AutoSeededRandomPool

10、               

Crypto++ Library is a free C++ class library of cryptographic schemes. Currently the library consists of the following, some of which are other people's code, repackaged into classes.

• a class hierarchy with an API defined by abstract base classes
• AES (Rijndael) and AES candidates: RC6, MARS, Twofish, Serpent, CAST-256
• other symmetric block ciphers: IDEA, DES, Triple-DES (DES-EDE2 and DES-EDE3), DESX (DES-XEX3), RC2, RC5, Blowfish, Diamond2, TEA, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square, Skipjack
• generic cipher modes: ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter mode (CTR)
• stream ciphers: Panama, ARC4, SEAL, WAKE, WAKE-OFB, BlumBlumShub
• public key cryptography: RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin, Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN
• padding schemes for public-key systems: PKCS#1 v2.0, OAEP, PSSR, IEEE P1363 EMSA2
• key agreement schemes: Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH
• elliptic curve cryptography: ECDSA, ECNR, ECIES, ECDH, ECMQV
• one-way hash functions: SHA-1, MD2, MD4, MD5, HAVAL, RIPEMD-160, Tiger, SHA-2 (SHA-256, SHA-384, and SHA-512), Panama
• message authentication codes: MD5-MAC, HMAC, XOR-MAC, CBC-MAC, DMAC
• cipher constructions based on hash functions: Luby-Rackoff, MDC
• pseudo random number generators (PRNG): ANSI X9.17 appendix C, PGP's RandPool
• password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5
• Shamir's secret sharing scheme and Rabin's information dispersal algorithm (IDA)
• DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and zlib (RFC 1950) format support
• fast multi-precision integer (bignum) and polynomial operations
• finite field arithmetics, including GF(p) and GF(2^n)
• prime number generation and verification
• various miscellaneous modules such as base 64 coding and 32-bit CRC
• class wrappers for these operating system features (optional):
  • high resolution timers on Windows, Unix, and MacOS
  • Berkeley and Windows style sockets
  • Windows named pipes
  • /dev/random and /dev/urandom on Linux and FreeBSD
  • Microsoft's CryptGenRandom on Windows
• A high level interface for most of the above, using a filter/pipeline metaphor
• benchmarks and validation testing

One purpose of Crypto++ is to act as a repository of public domain (not copyrighted) source code. Although the library is copyrighted as a compilation, the individual files in it (except for a few exceptions listed in the license) are in the public domain.

• 2003年4月22日增加了開發(fā)環(huán)境CodeWarrior Pro8.2 固定的工程文件
• 增加 VS.NET 2003 的補丁
• 發(fā)布Crypto++™ Library 5.1 版本
• 4/22/2003 - Added fixed project file for CodeWarrior Pro 8.2
• 4/19/2003 - Added patch for VS .NET 2003
• 3/22/2003 - Version 5.1 release.
  • added PSS padding and changed PSSR to track IEEE P1363a draft standard
  • added blinding for RSA and Rabin to defend against timing attacks on decryption operations
  • changed signing and decryption APIs to support the above
  • changed WaitObjectContainer to allow waiting for more than 64 objects at a time on Win32 platforms
  • fixed a bug in CBC and ECB modes with processing non-aligned data
  • fixed standard conformance bugs in DLIES (DHAES mode) and RW/EMSA2 signature scheme (these fixes are not backwards compatible)
  • fixed a number of compiler warnings, minor bugs, and portability problems
  • removed Sapphire
• 3/10/2003 - Updated patch for MacOS X (Darwin)
• 10/4/2002 - Version 5.0 has been imported into CVS, with modulename "c5"
• 10/1/2002 - Added updated CodeWarrior 8 project file from Aparajita Fishman.
• 9/30/2002 - Version 5.0 released.
  • added ESIGN, DLIES, WAKE-OFB, PBKDF1 and PBKDF2 from PKCS #5
  • added key validation for encryption and signature public/private keys
  • renamed StreamCipher interface to SymmetricCipher, which is now implemented by both stream ciphers and block cipher modes including ECB and CBC
  • added keying interfaces to support resetting of keys and IVs without having to destroy and recreate objects
  • changed filter interface to support non-blocking input/output
  • changed SocketSource and SocketSink to use overlapped I/O on Microsoft Windows
  • grouped related classes inside structs to help templates, for example AESEncryption and AESDecryption are now AES::Encryption and AES::Decryption
  • where possible, typedefs have been added to improve backwards compatibility when the CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY macro is defined
  • changed HAVAL and IDEA to use public domain code
  • implemented SSE2 optimizations for Integer operations
  • is being evaluated for FIPS 140-2 compliance
  • fixed a bug in HMAC::TruncatedFinal()
  • fixed SKIPJACK byte ordering following NIST clarification dated 5/9/02
• 8/26/2002 - Added porting note for Sun WorkShop 6 with Forte C++

（四）密碼類庫Crypto++™ Library 5.1的編譯平臺

These porting notes will help you compile Crypto++ on various platforms. If you need to compile Crypto++ 4.1 or earlier, please click here.

Remember to use the "-a" (auto-convert text files) option when unzipping on a Unix machine. The zip files should have the following hashes:

crypto42.zip:

MD5: C1700E6E15F3189801E7EA47EEE83078

SHA-1: 505EC40485519971A07DF6708B7DED3E5D3D08C4

RIPEMD-160: 5D4CC8E5987B2416CF7D71AA6276AFAC61702E55

SHA-256: CDF8A1EBB142759E928A323F47F228F4F93CEB2FE97C19DC59D6868989E0D76E

crypto50.zip:

MD5: fe8d4ef49b69874763f6dab30cbb6292

SHA-1: d0d83e60b6c03408370ca6c13aa5cac5e2220bf1

RIPEMD-160: 150db13d4df29020829f0fe817f54ee5a0595e50

SHA-256: c67c64693f32195e69d3d7e5bdf47afbd91e8b69d0407a2bc68a745d9dbebb26

crypto51.zip:

MD5: f4bfd4ac39dc1b7f0764d61a1ec4df16

SHA-1: 95905714c85f6fb563e66edb5478818df787fe2d

RIPEMD-160: 8b7420c421be39e9976f1ce2a80840d7ed6b38ef

SHA-256: d183a98c28feb1e0f7d21d177469831e5052aa8ca446475e95a5ebe7a7feb3cd

I get an "error opening file" message when I run cryptest.exe.
Why can't I read Crypto++ objects from files via FileStore with STLport streams?
I'm getting the error message "Cryptographic algorithms are disabled after power-up a self test failed" or something about "edc.dat".
Microsoft tools
I compiled cryptest.exe successfully, but am getting linker errors with my own application.
I'm getting internal compiler errors on Windows 98.
Others
Can I use Crypto++ with <insert compiler name here>?
I am getting compiler errors with GCC or EGCS.
GCC is using an enormous amount of memory to compile Crypto++.
I'm getting an "as" (assembler) error on Solaris.

Crypto++4.2 and STLPort 4.53

Is it possible to supply a prime modulus as it is with ElGamal key generation to other PK algorithms like RSA and DH in order to decrease their key generation times? If so can you supply example code to do just this?
How to output a Integer as string(Decimal/Hex)?

（五）密碼類庫Crypto++™ Library 5.1的使用

The library is an powerful and elegant tool for performing complex cryptography. It uses advanced C++ features such as templates, multiple inheritance, and exceptions to achieve that power and elegance.

For people who are familiar with C++, the library will appear intuitive and easy to use. Others may need to view it as a learning opportunity. If you are a C++ beginner and you are under a very tight schedule, or if you are "afraid" of the more advanced features of C++, this library may not be for you. Having said that, you are invited to see for yourself how easy or hard it is to use by looking at some of the other answers in this category.

對熟悉c++的用戶來說

How much C++ experience do I need to use this library?
How do I use the Filter class?
How do I use hex encoding and decoding?
How do I use a block cipher in Crypto++ 4.2?
How do I use a block cipher in Crypto++ 5.0?
How do I use a stream cipher?
How do I use a hash function?
How do I use a message authentication code?
How do I use a random number generator?
How do I use a public key cryptosystem or signature scheme?
How can I use an RSA key from Crypto++ in openssl?
The sample code shows how to work with a file, but my data is in a string (or vice versa).
Why is ElGamal key generation so slow?
I'm trying to process multiple messages with a Filter, and MaxRetrievable() always returns 0 after the first one.

（六）密碼類庫Crypto++™ Library 5.1的類庫分析

見：\CryptoManual\00_index.htm\Class Hierarchy、  Compound List

模板類、抽象類、類

（七）密碼類庫Crypto++™ Library 5.1的應(yīng)用實例（1）

現(xiàn)在我們就來研究一下對這個庫的用法我們在win32的操作系統(tǒng)下用vc6++來編譯Crypto++™ Library 5.1 的源代碼，在對應(yīng)的目錄下會產(chǎn)生文件夾Debug，在文件夾Debug里，會有一個編譯好的靜態(tài)庫文件 cryptlib.lib 我們就來研究什么用這個靜態(tài)庫文件。

Hash函數(shù)的應(yīng)用

Links to cryptographic resources - http://www.mobiuslinks.com/links.asp?sid=1

Administration
How can I contribute to this FAQ?

While You Are Downloading

• Take a look at the related links page. It includes links to crypto libraries for other languages, products that use Crypto++, etc.
• Consider the list of recommended books for Crypto++ users.
• Examine the Crypto++ license agreement.
• Read denis bider's Crypto++ User Guide
• Browse the Crypto++ Reference Manual (mirrored here).
• View these Crypto++ class hierarchy charts to see how Crypto++ is organized. Note that these charts only include a small number of actual algorithms as examples.
  • symmetric algorithms and hash functions
  • public key algorithms

Mailing Lists

There are two mailing lists for Crypto++.

• cryptopp-announce@lists.sourceforge.net - Crypto++ announcements
• cryptopp-list@eskimo.com - user questions and general discussion related to Crypto++, archived at http://www.escribe.com/software/crypto. Send an email to mailto:cryptopp-list-request@eskimo.com?subject=subscribe with the subject "subscribe" to subscribe, and use "unsubscribe" subject to unsubscribe. When posting a question to the mailing list, please give the following information, if available:
  • exact error message
  • stack trace
  • a minimal program with a main() function, that reproduces the problem
  • versions of Crypto++, operating system (output of "uname -a" command if using Unix), and compiler (output of "gcc -v" if using GCC)

To Contribute

The Crypto++ source code and FAQ are hosted on .

• The SourceForge CVS Repository allows you to view the latest (unreleased) Crypto++ source code and to contribute bug fixes or new features. The CVS repository contains two modules:
  • src - version 4.x and earlier.
  • c5 - version 5.x.
• The Crypto++ Faq-O-Matic allows you to view frequently asked questions and to contribute new questions or answers.

Paid Support and Consulting

If you are interested in paid support for Crypto++ or consulting on a Crypto++ related project, please take a look at this list of companies and individuals providing such services. This listing is a free service for the Crypto++ community, and anyone may sign up to be listed by following the above link.

Please bookmark and link to this page as http://www.cryptopp.com/.
since 3/20/2000. hits since 2/22/2003.