[Interest] Integrate crypto in Qt project
Konrad Rosenbaum
konrad at silmor.de
Mon Jan 8 13:13:23 CET 2018
Hi,
On Mon, January 8, 2018 12:05, Christophe Thomas wrote:
> Thx for your feedback,
you're welcome.
> Don't worry I won't even imagine using some unknown third party code for
> crypto in production code.
>
> Since yesterday I've continued studying my case and my problem is that I'm
> bounded to a specific format: I'm trying to implement some map (S63
> format)
> decryption.
If it is only decryption (or verification) you may be fine. For encryption
you have to know rather more than what is usually documented (there are
some hidden traps in implementing this).
> This format is using
> - blowfish as encryption/decryption method => so no real choice here for
> me, but you are right I will use openssl instead of some other code for
> this
Since this forces you to implement the protocol level yourself, I'd
recommend libgcrypt - it is much easier to use than the OpenSSL low level
functions.
https://www.gnupg.org/software/libgcrypt/index.html
> - DSA keys and signature are provided in plain text format (see below), so
> my main concerne is to build the key or signature with those data in order
> to launch DSA verify command. I'm now thinking of manually building the
> data in DER/ASN.1 format but if I can do things directly it would be
> better.
Don't do DER (or BER, CER, ...) yourself if you can avoid it. It is an
endless source of sorrow...
With libgcrypt you build an S-expression structure directly from the text
values using gcry_sexp_build and use this structure to feed the public key
functions. No need to mock about with ASN.1.
If this is a commercial project and your company can afford it: I'd
recommend to hire a cryptography expert for a few days to either implement
the crypto stuff directly or at least to review the code.
Konrad
More information about the Interest
mailing list