0

I am running a lot of algorithms from Crypto++. I am Encrypting, then decrypting like this:

int main(int argc, char* argv[]) { AutoSeededRandomPool prng_blowfish; SecByteBlock key_blowfish(Blowfish::DEFAULT_KEYLENGTH); prng_blowfish.GenerateBlock( key_blowfish, key_blowfish.size() ); byte iv_blowfish[ Blowfish::BLOCKSIZE ]; prng_blowfish.GenerateBlock( iv_blowfish, sizeof(iv_blowfish) ); string ifilename = "sample_files/1MB.jpg"; string cipher = "1MB.enc"; string rfilename = "r1MB.jpg"; try { EAX< Blowfish >::Encryption e_blowfish; e_blowfish.SetKeyWithIV( key_blowfish, key_blowfish.size(), iv_blowfish, sizeof(iv_blowfish) ); std::ifstream ifile(ifilename.c_str(), ios::binary); std::ifstream::pos_type size = ifile.seekg(0, std::ios_base::end).tellg(); ifile.seekg(0, std::ios_base::beg); FileSource fs1( ifilename.c_str(), true, new AuthenticatedEncryptionFilter( e_blowfish, new FileSink(cipher.c_str()) ) ); EAX< Blowfish >::Decryption d_blowfish; d_blowfish.SetKeyWithIV( key_blowfish, key_blowfish.size(), iv_blowfish, sizeof(iv_blowfish) ); FileSource fs2( cipher.c_str(), true, new AuthenticatedDecryptionFilter( d_blowfish, new StringSink( rfilename ), AuthenticatedDecryptionFilter::THROW_EXCEPTION ) ); } catch (const Exception& ex) { cerr << ex.what() << endl; } return 0; }

I need to make sure that everything is working properly. I would like to compare the file that is being read in from before it is encrypted to the file after it has been decrypted so that I know everything is working properly. Can somebody create an example of how I would be able to do this?

Improve this question
3
  • The simplest way is to compute a hash before and after. md5, sha, something like that. Commented May 1, 2014 at 1:56
  • possible duplicate of Compare two files Commented May 1, 2014 at 2:11
  • 1
    @j.atec - "... can somebody create an example... " - You have to do your own work. I set a bad precedent with the extra help on your Crypo++ questions because its not an easy library. But others are probably not going to be so accommodating, especially on basic C++ questions. Commented May 1, 2014 at 3:05

1 Answer 1

Reset to default
0

It is unfortunately not possible to check if your encryption routines are properly implemented or not by just looking at the output. There are few pitfalls you can - and should - check, though:

  • Encrypt an all zero file and see if there are any discernible patterns. ECB shows repeating blocks there.
  • Encrypt the same file twice. The ciphertext should not have any visible similarity. If they are the same then you probably use the same IV or nonce multiple times.
  • Basically the same problem as above: Without any outside knowledge (package counter, etc.) the ciphertext will always be longer than the plaintext, because of an IV or nonce that has to be transmitted alongside.
  • If you are using authenticated encryption (as after skimming your code I believe you do) change a byte and verify that it indeed results in an error message.

But as I've said above these are only negative criteria. A lot of other errors will not show in such a way. For example if you use the current time as an entropy source for your key you will see the exact same behaviour as with proper entropy.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I believe j.atec wants to make sure the file round trips properly: "I would like to compare the file that is being read in from before it is encrypted to the file after it has been decrypted".
Huh, I thoroughly misunderstood his question reading "before it is encrypted to the file after it has been encrypted". @jww
Yeah, j.atec has some interesting requirements. I think they stem from his benchmarking.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.