[Qt-interest] QCA big string encryption

Nicholas Shatokhin n.shatokhin at gmail.com
Sun Apr 24 23:52:23 CEST 2011 

I use SSL, but I must be sure that the system is completely safe (it can  
send a very confidential data). So I'm trying to add additional encryption.

Mon, 25 Apr 2011 00:48:54 +0300 було написано Jason H <scorp1us at yahoo.com>:

> If you are encrypting and sending, then why not just use SSL?
> Really, you only need to use your own crypto for storing on disk.
>
>
>
>
>
> ----- Original Message ----
> From: Nicholas Shatokhin <n.shatokhin at gmail.com>
> To: Jeroen De Wachter <jeroen.dewachter at elis.ugent.be>
> Cc: qt-interest at qt.nokia.com
> Sent: Sun, April 24, 2011 5:24:45 PM
> Subject: Re: [Qt-interest] QCA big string encryption
>
> I need to encrypt JSON string that contains fingerprint data in Base64  
> and
> a Public Key in Base 64 too.
>
> Is it safe to encrypt and send a symmetric key? Someone can get access to
> the application and try to get the key and send data to the server on
> behalf of the application.
>
> Mon, 25 Apr 2011 00:14:20 +0300 було написано Jeroen De Wachter
> <jeroen.dewachter at elis.ugent.be>:
>
>> Hey Nicholas,
>>
>> Have you seen the maximumEncryptSize function in PublicKey?
>> Your string might simply be too big...
>>
>> http://delta.affinix.com/docs/qca/classQCA_1_1PublicKey.html#175b61ba787f95146b5971295120f8b8
>> 8
>>
>> Also, AFAIK asymmetric encryption algorithms are usually used on small
>> amounts of data because of their intense CPU load. IIRC, they are
>> typically used to encrypt the key of a symmetric encryption algorithm,
>> which is usually easier on the CPU (and thus faster for processing
>> copious amounts of data). Can you tell us why you would need to process
>> such a large string?
>>
>> Kind regards,
>>
>> Jeroen
>>
>> On Sun, 2011-04-24 at 22:15 +0300, Nicholas Shatokhin wrote:
>>> I'm sorry, but I must finish it in few hours and I don't know how.
>>>
>>> Sun, 24 Apr 2011 22:06:22 +0300 було написано Jason H
>>> <scorp1us at yahoo.com>:
>>>
>>> > Generally you need an IV (Initialization vector) this then is fed to
>>> the
>>> > routines with the keys. The IV is an important random number so that
>>> if
>>> > you can
>>> > encrypt the same message with the same keys multiple times and not  
>>> get
>>> > the same
>>> > encrypted message (thus ruling out a dictionary attack)
>>> >
>>> > Anyway, there are two types of cyphers, block and stream. With block
>>> > cyphers,
>>> > you work a block at a time. The last block will usually be  
>>> incomplete,
>>> > and there
>>> > is some final[ize[() method for handling this special block.  
>>> Normally,
>>> > the
>>> > enc/decrypt functions in QCA will give you all complete blocks,
>>> leaving
>>> > you to
>>> > call finalize().
>>> >
>>> > QCA does have convince functions that will do it all without you
>>> having
>>> > to call
>>> > finalize(), HOWEVER this should only be used for messages of known,
>>> short
>>> > lengths. The non-convenience functions are designed to be used in a
>>> > streaming
>>> > manner, which is better for memory and scalability.
>>> >
>>> >
>>> >
>>> > HTH, but AFAIAC, this is a QCA question, not a Qt question.
>>> >
>>> >
>>> >
>>> >
>>> > ----- Original Message ----
>>> > From: Nicholas Shatokhin <n.shatokhin at gmail.com>
>>> > To: qt-interest at qt.nokia.com; Jason H <scorp1us at yahoo.com>
>>> > Sent: Sun, April 24, 2011 2:52:53 PM
>>> > Subject: Re: [Qt-interest] QCA big string encryption
>>> >
>>> > What do you mean?
>>> >
>>> > There is my code below. What must I add? (I use 1024bit rsa key and
>>> > message
>>> > truncate to 1024bit)
>>> >
>>> >
>>> > bool CCryptor::generateKeys(int size)
>>> > {
>>> >     if(init())
>>> >     {
>>> >         QCA::PrivateKey seckey = QCA::KeyGenerator().createRSA(size);
>>> >
>>> >         if(seckey.isNull())
>>> >         {
>>> >             std::cout << "Failed to make private RSA key" <<
>>> std::endl;
>>> >             return false;
>>> >         }
>>> >
>>> >         QCA::PublicKey pubkey = seckey.toPublicKey();
>>> >
>>> >         privateKey = seckey;
>>> >         publicKey = pubkey;
>>> >
>>> >         return true;
>>> >     }
>>> >     else
>>> >         return false;
>>> > }
>>> >
>>> > QByteArray CCryptor::dataEnrypt(QByteArray data)
>>> > {
>>> >     // check if the key can encrypt
>>> >     if(!publicKey.canEncrypt())
>>> >     {
>>> >         std::cout << "Error: this kind of key cannot encrypt" <<
>>> > std::endl;
>>> >         return QByteArray();
>>> >     }
>>> >
>>> >     QCA::SecureArray arg = data;
>>> >
>>> >     // encrypt some data - note that only the public key is required
>>> >     // you must also choose the algorithm to be used
>>> >     QCA::SecureArray result = publicKey.encrypt(arg,
>>> > QCA::EME_PKCS1_OAEP);
>>> >
>>> >     if(result.isEmpty()) {
>>> >         std::cout << "Error encrypting" << std::endl;
>>> >         return QByteArray();
>>> >     }
>>> >
>>> >     return result.toByteArray();
>>> > }
>>> >
>>> > QByteArray CCryptor::dataDecrypt(QByteArray data)
>>> > {
>>> >     QCA::SecureArray encrypt = data;
>>> >     QCA::SecureArray decrypt;
>>> >     if(0 == privateKey.decrypt(encrypt, &decrypt,
>>> QCA::EME_PKCS1_OAEP))
>>> >     {
>>> >         std::cout << "Error decrypting.\n";
>>> >         return QByteArray();
>>> >     }
>>> >
>>> >     return decrypt.data();
>>> > }
>>> >
>>> >
>>> >
>>> > Sun, 24 Apr 2011 21:31:38 +0300 було написано Jason H
>>> > <scorp1us at yahoo.com>:
>>> >
>>> >> It's beena  while since I used QCA, but do you need to finalize() it
>>> >> for the
>>> >> last block?
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> ----- Original Message ----
>>> >> From: Nicholas Shatokhin <n.shatokhin at gmail.com>
>>> >> To: qt-interest at qt.nokia.com
>>> >> Sent: Sun, April 24, 2011 1:12:41 PM
>>> >> Subject: [Qt-interest] QCA big string encryption
>>> >>
>>> >> Hello.
>>> >>
>>> >> I'm trying to encrypt end decrypt long string. But after decryption,
>>> I
>>> >> get
>>> >> only part of string. What's wrong?
>>> >>
>>> >> Code:
>>> >>
>>> >>      QCA::SecureArray arg = data;
>>> >>      qDebug() << arg.toByteArray();
>>> >>      QCA::SecureArray result = publicKey.encrypt(arg,
>>> >> QCA::EME_PKCS1_OAEP);
>>> >>      privateKey.decrypt(result, &arg, QCA::EME_PKCS1_OAEP);
>>> >>      qDebug() << arg.toByteArray();
>>> >>
>>> >> Output:
>>> >>
>>> >> "{"method": 1, "data": {"email": "dfgh", "usePassword": "false",
>>> >> "password": "", "useFingerprint": false, "fingerprint": "",
>>> "publicKey":
>>> >>
>>> "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDN05UNjd6R1pHajZpbDc5K3ErOWo5K2s5cApnVHJJOGxRVlFoQkxuVWxBNFArS01selBEOU9aOEk0UXRWNEdjT0ZOYWFyTjByZFlacllKaVF2VjBUQkdSSnRWCnNEOTVsZzNPMHFzVHBuSVdrYW5rUTVFUmdiTDlqQ0grb0taNFBrUEd0OW9MVjhCOGphNjFRazdhLytBVUZ1UUQKeDBMUGZvUyt5VkVoYXNjM0x3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo="}
>>> }
>>> >> }
>>> >> }"
>>> >>
>>> >> "{"method": 1, "data": {"email": "dfgh", "usePassword": "false",
>>> >> "password": "", "useFi"
>>> >>
>>> >>
>>> >> Best regards,
>>> >> Nick.
>>> >>
>>> >
>>> >
>>> > --За використання революційного клієнта електронної пошти Opera:
>>> > http://www.opera.com/mail/
>>> >
>>>
>>>
>>
>>
>>
>>
>>
>
>


-- 
За використання революційного клієнта електронної пошти Opera:  
http://www.opera.com/mail/

More information about the Qt-interest-old mailing list