| Subject | Picking a crypto library for firebird. |
|---|---|
| Author | Mark O'Donohue |
| Post date | 2004-09-30T08:49:53Z |
Hi
Just curious as to what everyone else thinks.
But rather than hacking b64, sha1 and 3des, AES RSA the associated
binary padding routines, and eventuially rsa and ssl, as individual
files, I think it's time to start linking with a crypto library in firebird.
After looking up a few, mainly openssl, and crypto++ (which seems to be
Jims favorite), perhaps it's not one size fits all, particularly over
the win32/unix divide.
Whatever we do, it is also easy to isolate ourselves from the
implementaton by providing wrapper classes for the functionallity we need.
So perhaps we can support cryptopp on win32 and openssl on the others.
But to finish Alex's work on upgrading the hash function for fb2.0 this
might provide a easy way to get a general library of good crypto
functions into firebird.
Opensource crypto libraries:
openssl:
The one Im more familure with is openssl.
http://www.openssl.org/
This, has been for ages *the* library to use for C, (came to fame when
crypto exports from USA were restricted). It's been used for certified
DoD code many times - even in the USA, provides all the
crypto/ssl/ca/asn.1 functions we would ever likely to need, and even
assembler implementations for common core algorithms for speed. It is
widely used/installed/reviewed as the basis for openssh.
The examples in the source are fairly good and simple.
On the downside, it's C (ie not C++ based) and the C syntax is a bit
painful. But simple C++ wrapper can be developed - I have some old
ones, and there are likely to be some better ones arround.
(my small claim to fame in this area, is that I once met and worked on a
project with Tim Hudson - but not that he would remember me).
crypto++ :
http://www.eskimo.com/~weidai/cryptlib.html
It's C++, the documentation examples seem simple and it does provide the
basics and the examples are easy to follow. However, it doesnt provide
advanced stuff, like CA routines and SSL operation, and also it seems to
use STL.
It looks fairly good, but Im not really familure with it, perhaps Jim
can shed more light on it.
-----
It's a bit old, but here is a link of some opensource crypto libraries.
http://groups.google.com.au/groups?hl=en&lr=&ie=UTF-8&safe=off&selm=3b889338_2%40batman.vip-za.com
or:
http://directory.google.com/Top/Science/Math/Applications/Communication_Theory/Cryptography/Programming_Libraries/
Curiously, and before finding the list, I also looked up cryptlib, which
is what I thought Jim said he liked, and because I'd heard good things
about it.
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
But when I saw the licence I figured Jim wouldn't be anywhere near it
:-) and looked harder at my email history to find crypropp. -
It's a pitty becuase it's C++, provides a lot of functionality, and does
look nice, but the licence is not compatible with firebird.
Cheers
Mark
Just curious as to what everyone else thinks.
But rather than hacking b64, sha1 and 3des, AES RSA the associated
binary padding routines, and eventuially rsa and ssl, as individual
files, I think it's time to start linking with a crypto library in firebird.
After looking up a few, mainly openssl, and crypto++ (which seems to be
Jims favorite), perhaps it's not one size fits all, particularly over
the win32/unix divide.
Whatever we do, it is also easy to isolate ourselves from the
implementaton by providing wrapper classes for the functionallity we need.
So perhaps we can support cryptopp on win32 and openssl on the others.
But to finish Alex's work on upgrading the hash function for fb2.0 this
might provide a easy way to get a general library of good crypto
functions into firebird.
Opensource crypto libraries:
openssl:
The one Im more familure with is openssl.
http://www.openssl.org/
This, has been for ages *the* library to use for C, (came to fame when
crypto exports from USA were restricted). It's been used for certified
DoD code many times - even in the USA, provides all the
crypto/ssl/ca/asn.1 functions we would ever likely to need, and even
assembler implementations for common core algorithms for speed. It is
widely used/installed/reviewed as the basis for openssh.
The examples in the source are fairly good and simple.
On the downside, it's C (ie not C++ based) and the C syntax is a bit
painful. But simple C++ wrapper can be developed - I have some old
ones, and there are likely to be some better ones arround.
(my small claim to fame in this area, is that I once met and worked on a
project with Tim Hudson - but not that he would remember me).
crypto++ :
http://www.eskimo.com/~weidai/cryptlib.html
It's C++, the documentation examples seem simple and it does provide the
basics and the examples are easy to follow. However, it doesnt provide
advanced stuff, like CA routines and SSL operation, and also it seems to
use STL.
It looks fairly good, but Im not really familure with it, perhaps Jim
can shed more light on it.
-----
It's a bit old, but here is a link of some opensource crypto libraries.
http://groups.google.com.au/groups?hl=en&lr=&ie=UTF-8&safe=off&selm=3b889338_2%40batman.vip-za.com
or:
http://directory.google.com/Top/Science/Math/Applications/Communication_Theory/Cryptography/Programming_Libraries/
Curiously, and before finding the list, I also looked up cryptlib, which
is what I thought Jim said he liked, and because I'd heard good things
about it.
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
But when I saw the licence I figured Jim wouldn't be anywhere near it
:-) and looked harder at my email history to find crypropp. -
It's a pitty becuase it's C++, provides a lot of functionality, and does
look nice, but the licence is not compatible with firebird.
Cheers
Mark