密碼類庫(kù)Crypto++™ Library 5.1的研究與應(yīng)用

摘要

引言

在計(jì)算機(jī)被廣泛應(yīng)用的信息時(shí)代，信息本身就是時(shí)間，就是財(cái)富。大量信息用數(shù)據(jù)形式存放在計(jì)算機(jī)系統(tǒng)里。信息的傳輸則通過(guò)公共信道。這些計(jì)算機(jī)系統(tǒng)和公共信道是不設(shè)防的，是很脆弱的，容易受到攻擊和破壞，信息的丟失不容易被發(fā)現(xiàn)，而且后果是極其嚴(yán)重。如何保護(hù)信息的安全已不僅僅是軍事和政府部門(mén)感興趣的問(wèn)題，其他企事業(yè)單位也愈感迫切。因?yàn)樵诰W(wǎng)絡(luò)化的今天，計(jì)算機(jī)犯罪每年使他們?cè)馐艿膿p失極其巨大，而且還在發(fā)展中。密碼是有效而且可行的保護(hù)信息安全的辦法。隨著計(jì)算機(jī)網(wǎng)絡(luò)不斷滲透到各個(gè)領(lǐng)域，密碼學(xué)的應(yīng)用也隨著擴(kuò)大。數(shù)字簽名、身份鑒別、等都是由密碼學(xué)派生出來(lái)的新技術(shù)和應(yīng)用。目前開(kāi)放源代碼的加密庫(kù)中，密碼類庫(kù)Crypto++是比較流行的，目前的最高版本為Crypto++™ Library 5.1，它實(shí)現(xiàn)了各種公開(kāi)密鑰算法、對(duì)稱加密算法、數(shù)字簽名算法、信息摘要算法以及其相關(guān)的其它算法等等，Crypto++™ Library 5.1幾乎包括了目前所有安全算法庫(kù)，對(duì)密碼類庫(kù)Crypto++™ Library 5.1的研究與應(yīng)用對(duì)計(jì)算機(jī)網(wǎng)絡(luò)安全的研究與發(fā)展有重大的實(shí)際意義。

（一）Crypto++™ Library 5.1要求的密碼知識(shí)

Crypto++™ Library 5.1要求什么樣的密碼知識(shí)基礎(chǔ)呢，很多初學(xué)者都想知道這個(gè)問(wèn)題。然而當(dāng)你提出一個(gè)基礎(chǔ)的問(wèn)題在別處找到答案，你會(huì)發(fā)現(xiàn)這對(duì)你沒(méi)有多大用處，因?yàn)樵絹?lái)越多熟練使用這個(gè)類庫(kù)包的人不僅僅是考慮挑戰(zhàn)安全問(wèn)題。

該密碼庫(kù)的建立是假設(shè)你對(duì)密碼術(shù)語(yǔ)已經(jīng)有一定的了解的基礎(chǔ)上的，如果你已經(jīng)達(dá)到這一點(diǎn)，你可以進(jìn)行一些比較基礎(chǔ)的研究，到那時(shí)你會(huì)發(fā)現(xiàn)即使在最有利的情況下建立一個(gè)安全體系也是很困難的。如果你可以克服這些困難去研究這方面知識(shí)，你可以從一些網(wǎng)站獲得比較專業(yè)的幫助。

Crypto++庫(kù)包含有大量的算法，但是它們對(duì)用戶來(lái)說(shuō)并不總是顯而易見(jiàn)的，下面推薦一些算法，因?yàn)檫@些算法不但用得很廣，而且被公認(rèn)比較安全的，并且是免費(fèi)的。

1、  分組密碼：DES-EDE3, Blowfish, Rijndael

2、  序列密碼：

3、  Hash函數(shù)：SHA1

4、  消息認(rèn)證碼： HMAC/SHA1

5、  公鑰加密：RSA/OAEP/SHA1

6、  簽名：RSA/PKCS1v15/SHA1, DSA, Generalized-DSA/SHA1

7、  密鑰協(xié)議：DH

8、  隨機(jī)數(shù)產(chǎn)生器：RandomPool, AutoSeededRandomPool

（二）密碼類庫(kù)Crypto++™ Library 5.1的內(nèi)容

Crypto++ 庫(kù)是一個(gè)用c++ 編寫(xiě)的密碼類庫(kù)，是一個(gè)自由軟件。Crypto++™ Library 5.1于2003年3月22日發(fā)布，是目前最高的版本，該版本加入了除了作者Wei Dai以外的另外一些作者的代碼重新包裝成類，類庫(kù)里主要包含下列的內(nèi)容：

1、  用抽象類定義API類的繼承層次

2、  高級(jí)加密標(biāo)準(zhǔn)AES（Advanced Encryption Standard） Rijndael和AES候選算法：RC6, MARS, Twofish, Serpent, CAST-256

1997年4月15日美國(guó)國(guó)家標(biāo)準(zhǔn)技術(shù)研究所NIST發(fā)起征集高級(jí)加密標(biāo)準(zhǔn)AES算法的活動(dòng)，目的是為確定一個(gè)安全性能更好的分組密碼算法用于取代DES，AES的基本要求是比三重DES快并且至少與DES一樣安全,分組長(zhǎng)度為128位,密鑰長(zhǎng)度為128位,192位或256位.2001年11月26日,NIST正式公布高級(jí)加密標(biāo)準(zhǔn)AES, AES的安全性能是良好的,經(jīng)過(guò)多年來(lái)的分析和測(cè)試,至今沒(méi)有發(fā)現(xiàn)AES的明顯缺點(diǎn),也沒(méi)有找到明顯的安全漏洞. AES能夠抵抗目前已知的各種攻擊方法的攻擊。

3、  對(duì)稱分組密碼：IDEA, DES, Triple-DES (DES-EDE2 and DES-EDE3), DESX (DES-XEX3), RC2, RC5, Blowfish, Diamond2, TEA, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square, Skipjack。

分組密碼又稱為秘密鑰密碼或?qū)ΨQ密碼。利用分組密碼對(duì)明文進(jìn)行加密時(shí)，首先需要對(duì)明文進(jìn)行分組，每組的長(zhǎng)度都相同，然后對(duì)每組明文分別加密得到等長(zhǎng)的密文，分組密碼的特點(diǎn)是加密密鑰與解密密鑰相同。分組密碼的安全性應(yīng)該主要依賴于密鑰，而不依賴于對(duì)加密算法和解密算法的保密。因此，分組密碼的加密和解密算法可以公開(kāi)。

4、  一般的密碼模式：ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter mode (CTR) 。

電子密本（ECB）， 密碼分組鏈接(CBC)，輸出反饋(OFB)和密文反饋(CFB)

5、  序列密碼：Panama, ARC4, SEAL, WAKE, WAKE-OFB, BlumBlumShub

序列密碼可以認(rèn)為是起源于20世紀(jì)20年代的Vernam體系，當(dāng)Vernam體制中的密鑰序列是隨機(jī)的(0,1)時(shí)，他就是“一次一密“密碼體制。Shannon已經(jīng)證明了“一次一密“密碼體制在理論上是不可破譯的。由于隨機(jī)的密鑰序列產(chǎn)生、存儲(chǔ)以及分配等方面存在一定的困難，Vernam體制在當(dāng)時(shí)并沒(méi)有得到廣泛的應(yīng)用。隨著微電子技術(shù)和數(shù)學(xué)理論的發(fā)展與完善，基于偽隨機(jī)序列的序列密碼得到了長(zhǎng)足的發(fā)展和應(yīng)用。在序列密碼中，加密和解密所用的密鑰都是偽隨機(jī)序列，偽隨機(jī)序列的產(chǎn)生比較容易并且有比較成熟的數(shù)學(xué)理論工具，目前，序列密碼是 世界各國(guó)的軍事和外交等領(lǐng)域中使用的主要密碼體制之一。

6、  公鑰密碼: RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin, Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN

在公鑰密碼體制中加秘密鑰和解密密鑰是不一樣的，加密密鑰可以公開(kāi)傳播而不危及密碼體制的安全性。

RSA公鑰密碼體制的安全性是基于大整數(shù)的素分解問(wèn)題的難解性，

7、公鑰密碼系統(tǒng)補(bǔ)丁：PKCS#1 v2.0, OAEP, PSSR, IEEE P1363 EMSA2

8、密鑰協(xié)商方案：Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH

9、橢圓曲線密碼：ECDSA, ECNR, ECIES, ECDH, ECMQV

9、  單向hash函數(shù)：

hash函數(shù)是一種將一種任意長(zhǎng)度的消息(message)壓縮為某一固定長(zhǎng)度的消息摘要(message digest)的函數(shù)。hash函數(shù)可以用于數(shù)字簽名和消息的完整性檢測(cè)。

SHA-1,:

安全hash算法SHA

 MD2, MD4, MD5, HAVAL, RIPEMD-160, Tiger, SHA-2 (SHA-256, SHA-384, and SHA-512), Panama

11、消息認(rèn)證碼(MAC)：MD5-MAC, HMAC, XOR-MAC, CBC-MAC, DMAC

12、基于密碼結(jié)構(gòu)的Hash函數(shù)：Luby-Rackoff, MDC

13、偽隨機(jī)數(shù)發(fā)生器(PRNG): ANSI X9.17 appendix C, PGP's RandPool

14、password based key derivation functions：PBKDF1 and PBKDF2 from PKCS #5

15、壓縮和解壓算法

16、大整數(shù)和多項(xiàng)式快速精確算法

17、有限范圍內(nèi)的算法包括GF(p) 和 GF(2^n)

18、素?cái)?shù)的產(chǎn)生和驗(yàn)證

等等。

（三）密碼類庫(kù)Crypto++™ Library 5.1的開(kāi)發(fā)過(guò)程

Crypto++密碼類庫(kù)自從發(fā)布以來(lái)，作為一個(gè)自由軟件，得到廣大開(kāi)發(fā)者的支持，吸收了很多優(yōu)秀的算法和原代碼，一直在不斷的在完善和擴(kuò)大，適應(yīng)了各種常用的操作系統(tǒng)和編譯平臺(tái)。

（四）密碼類庫(kù)Crypto++™ Library 5.1的編譯平臺(tái)

Crypto++™ Library 5.1 支持多種操作系統(tǒng)和各種各樣的編譯平臺(tái),但是對(duì)于有些操作系統(tǒng)下的一些編譯平臺(tái)要添加一定的補(bǔ)丁，下面我們就把一些常用的操作系統(tǒng)和編譯平臺(tái)的編譯情況列出來(lái)如下：

（五）密碼類庫(kù)Crypto++™ Library 5.1的類庫(kù)分析

密碼庫(kù)是用了高層的c++特征，如模板，多重繼承和異常等一流的強(qiáng)有力的工具來(lái)實(shí)現(xiàn)各種各樣錯(cuò)綜復(fù)雜的密碼算法

For people who are familiar with C++, the library will appear intuitive and easy to use. Others may need to view it as a learning opportunity. If you are a C++ beginner and you are under a very tight schedule, or if you are "afraid" of the more advanced features of C++, this library may not be for you. Having said that, you are invited to see for yourself how easy or hard it is to use by looking at some of the other answers in this category.

對(duì)熟悉c++的用戶來(lái)說(shuō)很容易用，

下載：
Where is the tutorial?
Where is the reference manual?
Is there anyone I could pay to help me with this?

How am I going to use Crypto++ if I don't have a clue about cryptography?
Recommended Algorithms

There is nothing the more experienced people that use this library like more than a challenging security question to mull over. However, you may find you don't get much help if you ask a basic question with an answer that is well-documented elsewhere.

The library assumes you know in cryptographic terms what you want to achieve. Until you reach that point, perhaps you should do some background research? You should also know that building secure systems is difficult at the best of times. If you can afford it, you can get some professional help: Is there anyone I could pay to help me with this?

The good news is that there is a decent body of literature to help you. A list of recommended cryptography books is available at http://books.cryptopp.com. A lot of good crypto information is also available on the web. See http://links.cryptopp.com for a list of recommended sites.

Crypto++ contains a large number of algorithms, and it may not always be obvious which ones to use. The algorithms given below are recommended because they are widely used and generally considered to be secure and patent-free.

block cipher: DES-EDE3, Blowfish, Rijndael
stream cipher: MARC4 (ARC4 with first 256 bytes of keystream discarded), any of the above block ciphers in CTR mode
hash function: SHA1
message authentication code: HMAC/SHA1
public key encryption: RSA/OAEP/SHA1
signature: RSA/PKCS1v15/SHA1, DSA, Generalized-DSA/SHA1
key agreement: DH
random number generator: RandomPool, AutoSeededRandomPool

10、               

Crypto++ Library is a free C++ class library of cryptographic schemes. Currently the library consists of the following, some of which are other people's code, repackaged into classes.

• a class hierarchy with an API defined by abstract base classes
• AES (Rijndael) and AES candidates: RC6, MARS, Twofish, Serpent, CAST-256
• other symmetric block ciphers: IDEA, DES, Triple-DES (DES-EDE2 and DES-EDE3), DESX (DES-XEX3), RC2, RC5, Blowfish, Diamond2, TEA, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square, Skipjack
• generic cipher modes: ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter mode (CTR)
• stream ciphers: Panama, ARC4, SEAL, WAKE, WAKE-OFB, BlumBlumShub
• public key cryptography: RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin, Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN
• padding schemes for public-key systems: PKCS#1 v2.0, OAEP, PSSR, IEEE P1363 EMSA2
• key agreement schemes: Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH
• elliptic curve cryptography: ECDSA, ECNR, ECIES, ECDH, ECMQV
• one-way hash functions: SHA-1, MD2, MD4, MD5, HAVAL, RIPEMD-160, Tiger, SHA-2 (SHA-256, SHA-384, and SHA-512), Panama
• message authentication codes: MD5-MAC, HMAC, XOR-MAC, CBC-MAC, DMAC
• cipher constructions based on hash functions: Luby-Rackoff, MDC
• pseudo random number generators (PRNG): ANSI X9.17 appendix C, PGP's RandPool
• password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5
• Shamir's secret sharing scheme and Rabin's information dispersal algorithm (IDA)
• DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and zlib (RFC 1950) format support
• fast multi-precision integer (bignum) and polynomial operations
• finite field arithmetics, including GF(p) and GF(2^n)
• prime number generation and verification
• various miscellaneous modules such as base 64 coding and 32-bit CRC
• class wrappers for these operating system features (optional):
  • high resolution timers on Windows, Unix, and MacOS
  • Berkeley and Windows style sockets
  • Windows named pipes
  • /dev/random and /dev/urandom on Linux and FreeBSD
  • Microsoft's CryptGenRandom on Windows
• A high level interface for most of the above, using a filter/pipeline metaphor
• benchmarks and validation testing

One purpose of Crypto++ is to act as a repository of public domain (not copyrighted) source code. Although the library is copyrighted as a compilation, the individual files in it (except for a few exceptions listed in the license) are in the public domain.

• 2003年4月22日增加了開(kāi)發(fā)環(huán)境CodeWarrior Pro8.2 固定的工程文件
• 增加 VS.NET 2003 的補(bǔ)丁
• 發(fā)布Crypto++™ Library 5.1 版本
• 4/22/2003 - Added fixed project file for CodeWarrior Pro 8.2
• 4/19/2003 - Added patch for VS .NET 2003
• 3/22/2003 - Version 5.1 release.
  • added PSS padding and changed PSSR to track IEEE P1363a draft standard
  • added blinding for RSA and Rabin to defend against timing attacks on decryption operations
  • changed signing and decryption APIs to support the above
  • changed WaitObjectContainer to allow waiting for more than 64 objects at a time on Win32 platforms
  • fixed a bug in CBC and ECB modes with processing non-aligned data
  • fixed standard conformance bugs in DLIES (DHAES mode) and RW/EMSA2 signature scheme (these fixes are not backwards compatible)
  • fixed a number of compiler warnings, minor bugs, and portability problems
  • removed Sapphire
• 3/10/2003 - Updated patch for MacOS X (Darwin)
• 10/4/2002 - Version 5.0 has been imported into CVS, with modulename "c5"
• 10/1/2002 - Added updated CodeWarrior 8 project file from Aparajita Fishman.
• 9/30/2002 - Version 5.0 released.
  • added ESIGN, DLIES, WAKE-OFB, PBKDF1 and PBKDF2 from PKCS #5
  • added key validation for encryption and signature public/private keys
  • renamed StreamCipher interface to SymmetricCipher, which is now implemented by both stream ciphers and block cipher modes including ECB and CBC
  • added keying interfaces to support resetting of keys and IVs without having to destroy and recreate objects
  • changed filter interface to support non-blocking input/output
  • changed SocketSource and SocketSink to use overlapped I/O on Microsoft Windows
  • grouped related classes inside structs to help templates, for example AESEncryption and AESDecryption are now AES::Encryption and AES::Decryption
  • where possible, typedefs have been added to improve backwards compatibility when the CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY macro is defined
  • changed HAVAL and IDEA to use public domain code
  • implemented SSE2 optimizations for Integer operations
  • is being evaluated for FIPS 140-2 compliance
  • fixed a bug in HMAC::TruncatedFinal()
  • fixed SKIPJACK byte ordering following NIST clarification dated 5/9/02
• 8/26/2002 - Added porting note for Sun WorkShop 6 with Forte C++

（四）密碼類庫(kù)Crypto++™ Library 5.1的編譯平臺(tái)

These porting notes will help you compile Crypto++ on various platforms. If you need to compile Crypto++ 4.1 or earlier, please click here.

Remember to use the "-a" (auto-convert text files) option when unzipping on a Unix machine. The zip files should have the following hashes:

crypto42.zip:

MD5: C1700E6E15F3189801E7EA47EEE83078

SHA-1: 505EC40485519971A07DF6708B7DED3E5D3D08C4

RIPEMD-160: 5D4CC8E5987B2416CF7D71AA6276AFAC61702E55

SHA-256: CDF8A1EBB142759E928A323F47F228F4F93CEB2FE97C19DC59D6868989E0D76E

crypto50.zip:

MD5: fe8d4ef49b69874763f6dab30cbb6292

SHA-1: d0d83e60b6c03408370ca6c13aa5cac5e2220bf1

RIPEMD-160: 150db13d4df29020829f0fe817f54ee5a0595e50

SHA-256: c67c64693f32195e69d3d7e5bdf47afbd91e8b69d0407a2bc68a745d9dbebb26

crypto51.zip:

MD5: f4bfd4ac39dc1b7f0764d61a1ec4df16

SHA-1: 95905714c85f6fb563e66edb5478818df787fe2d

RIPEMD-160: 8b7420c421be39e9976f1ce2a80840d7ed6b38ef

SHA-256: d183a98c28feb1e0f7d21d177469831e5052aa8ca446475e95a5ebe7a7feb3cd

I get an "error opening file" message when I run cryptest.exe.
Why can't I read Crypto++ objects from files via FileStore with STLport streams?
I'm getting the error message "Cryptographic algorithms are disabled after power-up a self test failed" or something about "edc.dat".
Microsoft tools
I compiled cryptest.exe successfully, but am getting linker errors with my own application.
I'm getting internal compiler errors on Windows 98.
Others
Can I use Crypto++ with <insert compiler name here>?
I am getting compiler errors with GCC or EGCS.
GCC is using an enormous amount of memory to compile Crypto++.
I'm getting an "as" (assembler) error on Solaris.

Crypto++4.2 and STLPort 4.53

Is it possible to supply a prime modulus as it is with ElGamal key generation to other PK algorithms like RSA and DH in order to decrease their key generation times? If so can you supply example code to do just this?
How to output a Integer as string(Decimal/Hex)?

（五）密碼類庫(kù)Crypto++™ Library 5.1的使用

The library is an powerful and elegant tool for performing complex cryptography. It uses advanced C++ features such as templates, multiple inheritance, and exceptions to achieve that power and elegance.

For people who are familiar with C++, the library will appear intuitive and easy to use. Others may need to view it as a learning opportunity. If you are a C++ beginner and you are under a very tight schedule, or if you are "afraid" of the more advanced features of C++, this library may not be for you. Having said that, you are invited to see for yourself how easy or hard it is to use by looking at some of the other answers in this category.

對(duì)熟悉c++的用戶來(lái)說(shuō)

How much C++ experience do I need to use this library?
How do I use the Filter class?
How do I use hex encoding and decoding?
How do I use a block cipher in Crypto++ 4.2?
How do I use a block cipher in Crypto++ 5.0?
How do I use a stream cipher?
How do I use a hash function?
How do I use a message authentication code?
How do I use a random number generator?
How do I use a public key cryptosystem or signature scheme?
How can I use an RSA key from Crypto++ in openssl?
The sample code shows how to work with a file, but my data is in a string (or vice versa).
Why is ElGamal key generation so slow?
I'm trying to process multiple messages with a Filter, and MaxRetrievable() always returns 0 after the first one.

（六）密碼類庫(kù)Crypto++™ Library 5.1的類庫(kù)分析

見(jiàn)：\CryptoManual\00_index.htm\Class Hierarchy、  Compound List

模板類、抽象類、類

（七）密碼類庫(kù)Crypto++™ Library 5.1的應(yīng)用實(shí)例（1）

現(xiàn)在我們就來(lái)研究一下對(duì)這個(gè)庫(kù)的用法我們?cè)?span lang=EN-US>win32的操作系統(tǒng)下用vc6++來(lái)編譯Crypto++™ Library 5.1 的源代碼，在對(duì)應(yīng)的目錄下會(huì)產(chǎn)生文件夾Debug，在文件夾Debug里，會(huì)有一個(gè)編譯好的靜態(tài)庫(kù)文件 cryptlib.lib 我們就來(lái)研究什么用這個(gè)靜態(tài)庫(kù)文件。

Hash函數(shù)的應(yīng)用

Links to cryptographic resources - http://www.mobiuslinks.com/links.asp?sid=1

Administration
How can I contribute to this FAQ?

While You Are Downloading

• Take a look at the related links page. It includes links to crypto libraries for other languages, products that use Crypto++, etc.
• Consider the list of recommended books for Crypto++ users.
• Examine the Crypto++ license agreement.
• Read denis bider's Crypto++ User Guide
• Browse the Crypto++ Reference Manual (mirrored here).
• View these Crypto++ class hierarchy charts to see how Crypto++ is organized. Note that these charts only include a small number of actual algorithms as examples.
  • symmetric algorithms and hash functions
  • public key algorithms

Mailing Lists

There are two mailing lists for Crypto++.

• cryptopp-announce@lists.sourceforge.net - Crypto++ announcements
• cryptopp-list@eskimo.com - user questions and general discussion related to Crypto++, archived at http://www.escribe.com/software/crypto. Send an email to mailto:cryptopp-list-request@eskimo.com?subject=subscribe with the subject "subscribe" to subscribe, and use "unsubscribe" subject to unsubscribe. When posting a question to the mailing list, please give the following information, if available:
  • exact error message
  • stack trace
  • a minimal program with a main() function, that reproduces the problem
  • versions of Crypto++, operating system (output of "uname -a" command if using Unix), and compiler (output of "gcc -v" if using GCC)

To Contribute

The Crypto++ source code and FAQ are hosted on .

• The SourceForge CVS Repository allows you to view the latest (unreleased) Crypto++ source code and to contribute bug fixes or new features. The CVS repository contains two modules:
  • src - version 4.x and earlier.
  • c5 - version 5.x.
• The Crypto++ Faq-O-Matic allows you to view frequently asked questions and to contribute new questions or answers.

Paid Support and Consulting

If you are interested in paid support for Crypto++ or consulting on a Crypto++ related project, please take a look at this list of companies and individuals providing such services. This listing is a free service for the Crypto++ community, and anyone may sign up to be listed by following the above link.

Please bookmark and link to this page as http://www.cryptopp.com/.
since 3/20/2000. hits since 2/22/2003.