whats an easy way to use AES in C? i see a lot of C++ examples and java examples but nothing in C that ive found. i want to write a program to encrypt a text file with a key. that's basically it. i don't really know much about encryption so im kinda just looking for a header i can import some functions from.
Whats an easy way to use AES in C? i see a lot of C++ examples and java...
man 3 crypto
Never mind, that's erlang man page
but is it cross platform?
man 1 gpg
Don't write your own if you can avoid it.
Is openssl cross-platform nigger?
This. You're more than likely going to do it wrong OP, because by your admission, you don't know anything about encryption. Do you know what an Initialization vector is? If no, then use an existing tool. Revisit the matter only once you've studied crypto.
and it comes with all these neat features enabled by default
Libgcrypt makes use of certain hardware features. If the use of a feature is not desired it may be either be disabled by a program or globally using a configuration file. The currently supported features are
intel-rdrand and intel-aesni are especially useful for ultrasecure crypto
It doesn't matter how secure your library's features are, if you don't know what you're doing you can still make something insecure out of it without meaning to.
Correct crypto is hard. Don't tell people that using the right library will let them make something """ultrasecure""".
From your post I can tell you do not even know what AES is. Please do more research on what you actually want.
taking the bait
OP, I keep hearing this all the time with crypto.
It's too hard.
Don't do it.
You don't know what you are doing.
If you don't fuck around and screw up, you aren't going to learn anything.
make sure this goes in your code if you do this otherwise cryptojews on github will bully you
and screw up
It's hard to know if you've screwed up though. For example, if you didn't know what a timing attack was, you might not notice a screw up by using an operation which does not take constant time.
Another problem is when people create their own crypto scheme which they think is better than xyz. Without having studied cryptography it is very easy not realize how dumb what you came up with is.
Fucking around is fine, just don't use your own code in any situation where you need security.
Not a problem.
If someone is programming and doesn't know about race conditions, then they still have room to learn. I am not suggesting OP to release his software publicly, and OP doesn't seem to suggest that. If he wants to learn, then I encourage that.
Don't see why OP shouldn't use his own code if he is trying to learn.
it's that autistic "secure PHP cryptography" guy again
underage channers try to write crypto
lol. Tox has always been an awful meme.
At least when you are running into race conditions, you might notice your program behaving wrong. With a poor cryptographic implementation, it might be built to spec, but is vulnerable to an attack.
I would rather encourage actually learning some cryptography before trying to implement something. For example, if the OP just used AES to encrypt 16 bytes (128 bits), it would be bad. You can just do the inverse of AES to recover those 16 bytes.
i can't use that because it's a linux lib. im writing this for windows.
your fucked then
enjoy this documentation about the windows crypto api.
or actually, openssl is cross platform and so is libgcrypt
To build libgcrypt for Microsoft Windows, you need to have the
mingw32 cross-building toolchain installed. Instead of running a
plain configure you use
i would just ignore the windows crypto api garbage.
I would rather encourage actually learning some cryptography before trying to implement something.
How do you learn without doing?
now this is what im looking for. thanks.
i already have mingw32 gcc installed so i might be able to use this.
Because you learn by studying the mathematics behind it.
as far as i can tell crypto is for math wizards. i was never good at math myself and the programs i generally write only require basic math.
Go to school, or get some textbooks and teach yourself. There isn't a good alternative if you want a compressive understanding of the subject. You can pick some stuff up by bouncing around, but you'll find that your understanding has holes in it.
pay the jew
you don't need any of this, all of the documentation is freely available. do not pay a dime unless you really want that piece of paper, it looks good on the resume, but as far as learning goes it's worthless.
It's an option for people who don't have the motivation to work through the material themselves.