this is just a side project...
Versatile cryptographic utility that provides a collection of tools and functions for various cryptographic operations, including encryption, decryption, hashing, and digital signatures. Built on top of the Crypto++ library, ByteCrypt is organized within the ByteCryptModule namespace and supports multiple encryption algorithms and hashing functions.
Note: use ByteCrypt.hpp from root, includes all less-code entities in a single unit, S = >
CBC GCM EAX CFB OFB CTR
AES BlowFish twofish Cast128 Cast256 Idea RC2 RC5 RC6 Mars Serpent GOST ARIA HIGHT LEA SEED SPECK128 SIMON128
RSA
SHA1 SHA224 SHA256 SHA384 SHA512 Blake2 Tiger MD5 Whirlpool Ripemd160
Knowledge of the following concepts is required:
Additional Resources: Block Ciphers and Mode of Operations.
Encryption Algorithms: Supports AES, Blowfish, and Twofish in both CBC(Cipher Block Chaining) and GCM (Galois/Counter Mode) modes. Hashing Functions: Implements SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 for generating data fingerprints. Digital Signatures: Provides tools for generating and verifying signatures using RSA and DSA algorithms. Base64 and Hex Encoding/Decoding: Includes methods for easy conversion of binary data.
Important Concepts Hashing vs. Encryption
Hashing: A one-way process that transforms plaintext into a fixed-length output, which cannot be reversed. Encryption: A two-way process that converts plaintext into ciphertext, making it unreadable without a key.
Digital Signatures A digital signature authenticates a message by hashing and encrypting the hash value with a sender's private key, ensuring integrity. Modes of Operation
CBC Mode: Each block of plaintext is XORed with the previous ciphertext block. Requires an initialization vector (IV). GCM Mode: Combines encryption with authentication, ensuring both confidentiality and integrity.
Security Considerations When implementing cryptographic solutions, ensure that:
Hash functions used are collision-resistant. Encryption algorithms are resistant to known-plaintext attacks and chosen-ciphertext attacks.
The ByteCrypt class is a collection of tools and functions that allow you to perform various cryptographic operations, such as encryption, decryption, hashing, and digital signatures. The class is organized into a namespace called ByteCryptModule. It uses the widely respected Crypto++ library as its underlying cryptographic engine.
One of the key features of the ByteCrypt class is its support for multiple encryption algorithms, including AES, Blowfish, and Twofish, in both CBC (Cipher Block Chaining) and GCM (Galois/Counter Mode) modes. This gives you a lot of flexibility when it comes to choosing the right encryption algorithm for your specific needs.
In addition to encryption, the ByteCrypt class also provides a range of hashing functions, including SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. These functions make it easy to generate digital fingerprints of data, which can be used to verify its integrity and authenticity.
The class also includes tools for generating and verifying digital signatures, which are used to authenticate the sender of a message and ensure that the message has not been tampered with. This is done using RSA and DSA algorithms, which are widely used and respected in the industry. Some Basic Cryptography...
Often, people make confusion between hashing and encryption, but encryption and hashing are two distinct concepts in cryptography. Encryption is a two-way process that transforms plaintext data into unreadable ciphertext to protect it from unauthorized access, and then transforms it back into plaintext when the authorized party needs to access it. On the other hand, hashing is a one-way process that takes plaintext data and transforms it into a fixed-length string of characters, known as a hash value or digest, that can't be reversed or transformed back into the original plaintext data, and is often used for data integrity, authenticity, and password storage purposes. Hashing and Encryption
Hashing and encryption are two fundamental concepts in the field of cryptography. Hashing is a one-way process that transforms a variable-length input into a fixed-length string of characters, known as a hash value or digest. This transformation is irreversible, meaning that it is computationally infeasible to reverse engineer the hash value to obtain the original input.
Encryption is a two-way process that transforms plaintext data into unreadable ciphertext. This process is used to protect data from unauthorized access, ensuring confidentiality and security. Encryption involves using a cryptographic algorithm, such as AES or RSA, to transform the plaintext data into ciphertext. The ciphertext can only be deciphered with the decryption key. Digital Signatures
A digital signature is a cryptographic mechanism that verifies the authenticity of a message or document. The process involves hashing the message and then encrypting the hash value with the sender's private key. The resulting encrypted hash value is attached to the message as a digital signature. RSA Encryption
RSA encryption is a widely used public-key encryption algorithm. It involves generating a pair of keys, a public key and a private key. The public key is used to encrypt the data, while the private key is used to decrypt the data. CBC Mode and GCM Mode
CBC (Cipher Block Chaining) mode and GCM (Galois/Counter Mode) mode are two commonly used modes of operation for block ciphers. CBC mode involves encrypting each block of plaintext data independently, while GCM mode involves encrypting the plaintext data in parallel. Base64 and Hex Encoding/Decoding
Base64 and hex encoding/decoding are two common methods of encoding and decoding binary data. Base64 encoding involves converting binary data into a string of characters, while hex encoding involves converting binary data into a hexadecimal string.
For the AES (Advanced Encryption Standard), which is a widely used symmetric key algorithm, there are several modes of operation that can be used to provide various security properties, including confidentiality and authentication. Here are the most commonly used modes that are compatible with AES:
-
ECB (Electronic Codebook Mode): Description: Each block of plaintext is encrypted independently. This mode is simple but not recommended for use in most applications due to its lack of security; identical plaintext blocks produce identical ciphertext blocks, which can reveal patterns. Use Case: Not recommended for secure applications.
-
CBC (Cipher Block Chaining Mode): Description: Each block of plaintext is XORed with the previous ciphertext block before being encrypted. This mode provides confidentiality but requires an initialization vector (IV) to ensure that identical plaintext blocks produce different ciphertext. Use Case: Commonly used for file encryption and secure communications.
-
CFB (Cipher Feedback Mode): Description: Converts a block cipher into a self-synchronizing stream cipher. It encrypts the previous ciphertext block and XORs it with the current plaintext block. Use Case: Useful for encrypting data streams.
-
OFB (Output Feedback Mode): Description: Similar to CFB, but it generates keystream blocks independently of the plaintext and ciphertext. It can be used to create a stream cipher from a block cipher. Use Case: Useful for applications where error propagation is a concern.
-
CTR (Counter Mode): Description: Converts a block cipher into a stream cipher by encrypting a counter value and XORing it with the plaintext. Each block uses a different counter value. Use Case: Highly efficient and allows for parallel processing. Suitable for high-speed applications.
-
GCM (Galois/Counter Mode): Description: Combines the counter mode of encryption with Galois mode of authentication. It provides both confidentiality and integrity/authentication. Use Case: Widely used in secure communications (e.g., TLS) and is recommended for applications requiring authenticated encryption.
-
CCM (Counter with CBC-MAC): Description: Combines counter mode encryption with CBC-MAC for authentication. It provides both confidentiality and integrity. Use Case: Suitable for applications requiring authenticated encryption, such as wireless communications.
-
EAX (Encrypt-Then-Authenticate-Then-Transmit): Description: An authenticated encryption mode that combines the features of CTR and CBC-MAC. It provides both confidentiality and integrity. Use Case: Useful for applications requiring authenticated encryption.
Possible Operation modes for GOST or Serpent:
-
CBC (Cipher Block Chaining): Provides confidentiality but does not provide authentication. You can combine it with a Message Authentication Code (MAC) like HMAC for integrity.
-
CCM (Counter with CBC-MAC): Provides both confidentiality and authentication. It is suitable for GOST and can be used for authenticated encryption.
-
EAX: Another mode that provides authenticated encryption. It can be used with GOST for both confidentiality and integrity.
-
OFB (Output Feedback) or CFB (Cipher Feedback): These modes can be used for streaming data but do not provide authentication.
It is essential to consider the security implications of using hashing and encryption. A secure hashing algorithm should be collision-resistant and pre-image resistant. A secure encryption algorithm should be resistant to known-plaintext attacks and chosen-ciphertext attacks.
For Encryption Operation mode and algorithm testing use PE file
./test/encryptionwhich is./test/extended_testcompiled source with g++.
For extended test(encoding, hashing, RSA loading, Signature Based operations, etc...) use
./extended_test.
All tests got successful when i tested, tested on linux mint 22, x86_64, used g++ compiler, crypto++ library installed
- Operating Systems: Windows, Linux, macOS
- C++ Version: C++11 or later
- GCC: 5.1 or later
- Clang: 3.6 or later
- GCC flags: -lcryptopp
crypto++ is one of the most used cryptographic labriers for c++ programming, ByteCrypt relies on crypto++ mostly, crypto++ website: cryptopp.com.
To use the ByteCrypt class, the Crypto++ library must be installed. Here are the installation instructions for different platforms:
- Debian:
sudo apt install libcryptopp-dev`- Fedora:
sudo dnf install cryptopp-devel- Arch:
sudo pacman -S cryptopp- macOS:
brew install cryptopp#include "/path/to/ByteCrypt.hpp"
using namespace ByteCryptModule;
int main(){
ByteCrypt bCrypt;
ByteCrypt byteCryptGost;
string buffer = "your mother"; // buffer to encrypt using "secret" key
string secret = "secret_key_for_decryption"; // this is the key used for encryption/decryption
auto encrypted = bCrypt.cbc_encrypt(buffer, secret, e_symmetric_algo::AES); // encrypt buffer block and return result
std::cout << "encrypted: " << encrypted.result << "\n"; // print result
return 0;
}#include "/path/to/ByteCrypt.hpp"
using namespace ByteCryptModule;
int main(){
ByteCrypt bCrypt;
auto decrypted = bCrypt.cbc_decrypt(encrypted); // can omit algorithm specification as AES is the default mode
std::cout << "decrypted: " << decrypted.result << "\n";
return 0;
}CBC (Cipher Block Chaining) and GCM (Galois/Counter Mode) are two modes of operation for symmetric-key block ciphers. In CBC, each block of plaintext is encrypted independently using the previous block's ciphertext as an initialization vector (IV). The IV is typically generated randomly and prepended to the ciphertext. While CBC is simple and efficient, it's vulnerable to certain attacks, such as block replay attacks and chosen-plaintext attacks.
GCM, on the other hand, combines a block cipher with a counter-based mode. Each block is encrypted using a block cipher, and a counter value is incremented for each block. The ciphertext is then authenticated using a Galois field (finite field) operation. This provides both confidentiality and integrity, as it authenticates the ciphertext and detects tampering. GCM is more secure than CBC due to its authentication mechanism, but it's also more computationally intensive.
the main difference between CBC and GCM is that GCM provides authentication, while CBC does not. This makes GCM a better choice for applications that require both confidentiality and integrity, such as secure communication protocols. In contrast, CBC may be sufficient for applications that only require confidentiality, such as data storage.
#include "/path/to/ByteCrypt.hpp"
using namespace ByteCryptModule;
int main(){
auto encrypted = bCrypt.gcm_encrypt(buffer, secret, e_symmetric_algo::AES);
std::cout << "encrypted: " << encrypted.result << "\n";
auto decrypted = bCrypt.gcm_decrypt(encrypted, e_symmetric_algo::AES);
std::cout << "decrypted: " << decrypted.result << "\n";
return 0;
}#include "/path/to/ByteCrypt.hpp"
using namespace ByteCryptModule;
int main(){
auto encrypted = bCrypt.eax_encrypt(buffer, secret, e_symmetric_algo::AES);
std::cout << "encrypted: " << encrypted.result << "\n";
auto decrypted = bCrypt.eax_decrypt(encrypted, e_symmetric_algo::AES);
std::cout << "decrypted: " << decrypted.result << "\n";
return 0;
}#include "/path/to/ByteCrypt.hpp"
using namespace ByteCryptModule;
int main(){
auto hashed = bCrypt.hash(buffer); // default hash with SHA256
std::cout << "Hashed: " << hashed.result << "\n"; // print result
return 0;
}encoding schemes are:
- base64
- hex
#include "/path/to/ByteCrypt.hpp"
using namespace ByteCryptModule;
int main(){
string base64_encode = bCrypt.base64_encode(buffer);
string base64_decode = bCrypt.base64_decode(base64_encode);
string hex_encode = bCrypt.hex_encode(buffer);
string hex_decode = bCrypt.hex_decode(hex_encode);
return 0;
}Generate a pair of RSA Keys(DER)
#include "/path/to/ByteCrypt.hpp"
using namespace ByteCryptModule;
int main(){
const auto key_pair = bCrypt.generate_rsa_key_der_pair(2048);
// use keys...
const string public_key = key_pair.result.public_key;
const string private_key = key_pair.result.private_key;
return 0;
}Generate a pair of RSA Keys(PEM)
#include "/path/to/ByteCrypt.hpp"
using namespace ByteCryptModule;
int main(){
const auto key_pair = bCrypt.generate_rsa_key_pem_pair(2048);
return 0;
}store or load RSA keys...
#include "/path/to/ByteCrypt.hpp"
using namespace ByteCryptModule;
int main(){
const auto key_pair = bCrypt.generate_rsa_key_der_pair(3072);
const string public_key = key_pair.result.public_key, private_key = key_pair.result.private_key;
// --- Store ---
bCrypt.save_rsa_key("/home/user/Documents/RSA/priv.pem", key_pair.result.private_key.value());
bCrypt.save_rsa_key("/home/user/Documents/RSA/pub.pem", key_pair.result.public_key.value());
// --- Load ---
const rsa_key_block_load gpublic_key = bCrypt.load_rsa_key("/home/user/Documents/RSA/pub.pem");
return 0;
}int main(){
auto signature = byte_crypt.sign_message(message, private_key);
if (signature.result.empty())
return EXIT_FAILURE;
std::cout << "Signature: " << signature.result << std::endl;
return 0;
}int main(){
bool is_verified = byte_crypt.verify_signature(message, signature, public_key);
if (is_verified)
std::cout << "Signature verification succeeded." << std::endl;
else
std::cerr << "Signature verification failed." << std::endl;
return 0;
}"Hash Functions" by the National Institute of Standards and Technology (NIST)
"Encryption" by the International Organization for Standardization (ISO)
"Digital Signatures" by the Internet Engineering Task Force (IETF)
"RSA Encryption" by the RSA Security Inc.
"CBC Mode" by the National Institute of Standards and Technology (NIST)
"GCM Mode" by the National Institute of Standards and Technology (NIST)
"Base64 Encoding" by the Internet Engineering Task Force (IETF)
"Hex Encoding" by the International Organization for Standardization (ISO)