Looking for a simple RSA (or similar) GPL-Compatible C implementation
Author
I must be looking in all of the wrong places. I would think that with the current popularity of public/private key algorithms there would be something somewhere that fits my needs. I'm trying to create a simple login system to allow players to protect their names. After some research, it seemed something like RSA would be ideal for what I'm trying to do. The only problem is I can't find a clean, simple implementation of it. Anything I find is part of some massive library, like OpenSSL or libgcrypt, and not only do they add unnecessary bloat, but they often have nasty dependencies and/or are difficult to get working in win32.
Ideally, I'd like to have a simple .c file I could just drop in my project with like 3 functions: generate key, encrypt, decrypt. It doesn't have to be RSA. It doesn't have to be super efficient, either. The algorithm is only used when a player logs into a server. It just needs to be secure, small, and easy to implement, with no external dependencies. Does such a thing exist?
I don't think Blowfish carries its own key generator but I think it accepts a large number of them, so you should be able to find a decent link to one on the page.
Author
I'm not all that familiar with Blowfish, but I don't think it uses public/private keys. Yeah, "Blowfish is a symmetric algorithm which means it uses the same key for encryption and decryption."
So I've done this. You're right RSA is the way to go. It's waaay simpler to understand than Diffie-Hellman. Anyway, originally I used GNU MP. This is difficult because its REALLY hard to turn this into a DLL. Anyway, I've found that it's a LOT easier to use OpenSLL to implement RSA. OpenSSL doesn't have any dependencies that I know of so I don't know what you're talking about there, but you can build it into a static library, so when you do it that way the linker will only include the code that you actually use out of the library, which isn't much at all. You can use OpenSSL's bignum library to implement RSA yourself (which is what I did and is really screaming fast if you use the ASM version) or you can move up a layer and use the RSA functions.
OpenSSL is very easy to get working on Win32... you just need to use the command line to build it! Don't wimp out.
The only problem is that OpenSSL doesn't have any documentation for the lower layers so you'll have to figure it out for yourself. But, it only took me four hours to get it all working; it's not really that hard. Of course, I've done RSA before so I already knew what was going on there and only had to get OpenSSL to work.
If you understand the theory behind RSA and you're a decent programmer, you should be able to get it working in 8 hours.
OpenSSL is very easy to get working on Win32... you just need to use the command line to build it! Don't wimp out.
The only problem is that OpenSSL doesn't have any documentation for the lower layers so you'll have to figure it out for yourself. But, it only took me four hours to get it all working; it's not really that hard. Of course, I've done RSA before so I already knew what was going on there and only had to get OpenSSL to work.
If you understand the theory behind RSA and you're a decent programmer, you should be able to get it working in 8 hours.
Author
I tried using OpenSSL to make an extremely simple test app that just generated a key and encrypted/decrypted something, but it ended up being 500k. My game executable is currently less than 400k, so more than doubling it just to add a login system... well, I don't really care for that idea. Maybe I did something wrong though. I was using a pre-built static visual studio .lib file. I guess I'll take another look at it.
If you wanted to take a crack at it, you could probably implement the RSA algorithm yourself. I found this page through a simple Google search and it appears to be quite informative.
The hardest part would be generating the keys. However, the .NET framework comes with a strong name tool that can generate public/private pairs for you. You'll only have to generate one pair for the server, and one pair locally for each client. This gives you secure communication between all nodes. Also keep in mind that you only need to use antisymmetric encryption at the beginning of a session, during which time you can agree on a symmetric key and use a faster, simpler encryption algorithm such as SSL.
The hardest part would be generating the keys. However, the .NET framework comes with a strong name tool that can generate public/private pairs for you. You'll only have to generate one pair for the server, and one pair locally for each client. This gives you secure communication between all nodes. Also keep in mind that you only need to use antisymmetric encryption at the beginning of a session, during which time you can agree on a symmetric key and use a faster, simpler encryption algorithm such as SSL.
Quote:Original post by jitspoe
Another problem: OpenSSL isn't GPL compatible from what I can tell.
its under a "apache like licence"
http://www.openssl.org/about/
Author
Libgcrypt seems to be a bit smaller and GPL-compatible, but it's unstable, at least compiled under visual studio it is.
Edit: nevermind, got it straightened out.
[Edited by - jitspoe on April 25, 2006 6:23:32 PM]
Edit: nevermind, got it straightened out.
[Edited by - jitspoe on April 25, 2006 6:23:32 PM]
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
