Sign in to follow this  
jitspoe

Looking for a simple RSA (or similar) GPL-Compatible C implementation

Recommended Posts

jitspoe    122
I must be looking in all of the wrong places. I would think that with the current popularity of public/private key algorithms there would be something somewhere that fits my needs. I'm trying to create a simple login system to allow players to protect their names. After some research, it seemed something like RSA would be ideal for what I'm trying to do. The only problem is I can't find a clean, simple implementation of it. Anything I find is part of some massive library, like OpenSSL or libgcrypt, and not only do they add unnecessary bloat, but they often have nasty dependencies and/or are difficult to get working in win32. Ideally, I'd like to have a simple .c file I could just drop in my project with like 3 functions: generate key, encrypt, decrypt. It doesn't have to be RSA. It doesn't have to be super efficient, either. The algorithm is only used when a player logs into a server. It just needs to be secure, small, and easy to implement, with no external dependencies. Does such a thing exist?

Share this post


Link to post
Share on other sites
Ravuya    135
I don't think Blowfish carries its own key generator but I think it accepts a large number of them, so you should be able to find a decent link to one on the page.

Share this post


Link to post
Share on other sites
jitspoe    122
I'm not all that familiar with Blowfish, but I don't think it uses public/private keys. Yeah, "Blowfish is a symmetric algorithm which means it uses the same key for encryption and decryption."

Share this post


Link to post
Share on other sites
Guest Anonymous Poster   
Guest Anonymous Poster
So I've done this. You're right RSA is the way to go. It's waaay simpler to understand than Diffie-Hellman. Anyway, originally I used GNU MP. This is difficult because its REALLY hard to turn this into a DLL. Anyway, I've found that it's a LOT easier to use OpenSLL to implement RSA. OpenSSL doesn't have any dependencies that I know of so I don't know what you're talking about there, but you can build it into a static library, so when you do it that way the linker will only include the code that you actually use out of the library, which isn't much at all. You can use OpenSSL's bignum library to implement RSA yourself (which is what I did and is really screaming fast if you use the ASM version) or you can move up a layer and use the RSA functions.

OpenSSL is very easy to get working on Win32... you just need to use the command line to build it! Don't wimp out.

The only problem is that OpenSSL doesn't have any documentation for the lower layers so you'll have to figure it out for yourself. But, it only took me four hours to get it all working; it's not really that hard. Of course, I've done RSA before so I already knew what was going on there and only had to get OpenSSL to work.

If you understand the theory behind RSA and you're a decent programmer, you should be able to get it working in 8 hours.

Share this post


Link to post
Share on other sites
jitspoe    122
I tried using OpenSSL to make an extremely simple test app that just generated a key and encrypted/decrypted something, but it ended up being 500k. My game executable is currently less than 400k, so more than doubling it just to add a login system... well, I don't really care for that idea. Maybe I did something wrong though. I was using a pre-built static visual studio .lib file. I guess I'll take another look at it.

Share this post


Link to post
Share on other sites
Zipster    2365
If you wanted to take a crack at it, you could probably implement the RSA algorithm yourself. I found this page through a simple Google search and it appears to be quite informative.

The hardest part would be generating the keys. However, the .NET framework comes with a strong name tool that can generate public/private pairs for you. You'll only have to generate one pair for the server, and one pair locally for each client. This gives you secure communication between all nodes. Also keep in mind that you only need to use antisymmetric encryption at the beginning of a session, during which time you can agree on a symmetric key and use a faster, simpler encryption algorithm such as SSL.

Share this post


Link to post
Share on other sites
BlueHabu    106
Quote:
Original post by jitspoe
Another problem: OpenSSL isn't GPL compatible from what I can tell.


its under a "apache like licence"
http://www.openssl.org/about/

Share this post


Link to post
Share on other sites
jitspoe    122
Libgcrypt seems to be a bit smaller and GPL-compatible, but it's unstable, at least compiled under visual studio it is.

Edit: nevermind, got it straightened out.

[Edited by - jitspoe on April 25, 2006 6:23:32 PM]

Share this post


Link to post
Share on other sites
d000hg    1199
Quote:
Original post by Anonymous Poster
OpenSSL is very easy to get working on Win32... you just need to use the command line to build it! Don't wimp out.
As soon as people start talking about command-line stuff, I think "it's hard and/or badly built and/or really out of date". I was around in the days when there were no IDEs, too, I guess I must have embraced Windows more tightly than some would admire!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this