What is the best way to encrypt a text file in C/C++?

security encryption
18,930

Solution 1

Use a well known library such as openssl and follow well known examples and stay away from platform specific solutions.

Solution 2

I think you might be going about this the wrong way. If security, real security, is the goal then you're not going to want to store the password even in its encrypted form (because it can be decrypted if the key is stolen, as other people have said).

What you should do is store a hash of the password (with an appropriate salt). This means that no one (not even the site admins) can determine a user's password. They can merely accept a password and see if it's the right one or not by hashing the input with the same salt (you can't reverse a hash).

Also, this sort of situation lends itself nicely to databases, are you using one?

Google password hashing with salts and you can read about it from real security experts (I am not one).

Solution 3

An encryption standard that currently is considered as "safe" is AES (also called Rijndael). You can find a C++ implementation at Codeproject and in many other places.

Please note, that when using AES or any other symmetric encryption standard, you must store the encryption/decryption key inside your application. If anyone discovers the key, he can decrypt all files that you encrypted with this key.

If your application will run under Windows, you also might use DPAPI to store the encrypted information.

Share:
18,930

Related videos on Youtube

user32262
Author by

user32262

Updated on June 04, 2022

Comments

  • user32262
    user32262 almost 2 years

    A C/C++ based cgi web application will be creating a temporary text file on the server as long as the user is logged in. The text file will be deleted when the user logs off. I want to encrypt this text file and also the content of the file. The file will contain information like username and password.

    What is the best way to do this?

    EDIT: I see libraries being suggested. My problem is I cannot use anything but Standard C++ library.

  • Matthew Flaschen
    Matthew Flaschen almost 15 years
    "Please note, that when using AES or any other symmetric encryption standard, you must store the encryption/decryption key inside your application. If anyone discovers the key, he can decrypt all files that you encrypted with this key." Which is exactly why you /can't/ store the raw key inside the app's executable. The key should be protected by a passphrase or similar.
  • Matthew Flaschen
    Matthew Flaschen almost 15 years
    He's using C++. I don't think a PHP script is relevant.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Check if Android filesystem is encrypted
What is the best way to encrypt files in AES-256 with PHP?
How to store private encrypted user data in the database, but make them available to other chosen users?
How do I integrate HSM encryption with JAVA?
Nodejs createCipher vs createCipheriv
Password hashing (non-SSL)
How to hash a password with SHA512
Retrieve text from Bcrypt hashed password
writing a variable to a text file and encrypting it?
Securing REST Web Service using token (Java)