I am going to create some simple C code that would (1) Generate RSA keys (2) Import/Export Keys (3) Encrypt (4) Decrypt (5) Sign (6) Check Signature.

What do others use for their RSA needs? Would anyone be interested in such a library?

- Jeremiah

I have been looking around for a simple cryptography library, but I haven't found much. I would definitely be interested in such a library.

I'm all about using other people's code, and something like that would be fantastic because it's not the kind of thing that would get all tangled up with your engine specifics.

I've used LibTomCrypt (at libtomcrypt.org) before with good results. But it just seems libraries are always too large and do too much for my needs. I'm starting the coding on it tonight. I should hopefully have it completed within a couple months. It will be one header file, one c file, and it will need absolutely nothing -- it will be entirely self-contained.

I'll post here when it's completed.

- Jeremiah

I just use the JDK, as it's all built-in.

Cas :)

Maybe this will not suit your needs, but I'm using Blowfish encription for hiscres and so. You can get free source code for many languages at:
http://www.schneier.com/blowfish.html

Blowfish is a fine symmetric cipher, but Im needing an assymetric one. I will probably use Yarrow though, as it's free and useful for secure encryption purposes.

A free hash is Tiger, although I'll be looking into SHA-1 as well to see if it won't be hard to implement.

- Jeremiah

Doing a quick google, I found this (http://web.comlab.ox.ac.uk/oucl/work/colin.percival/source/lib/). It's got a BSD-style license. Now, I'd be the last person to tell you "don't bother"; I'm sure writing an RSA implementation will be pleasant and enlightening. But if you'd rather spend your time doing new work, rather than reinventing wheels, you can probably adapt an existing library to your needs.

You might also consider elliptic curve encryption. Elliptic curve is nicer than RSA because the keys are a lot stronger; a 160-bit elliptic curve key is considered equivalent to a 2,048-bit RSA key. Cryptographers claim to be "still on the fence" regarding it, but elliptic curve crypto been around for more than a decade and I have yet to hear of any "breakthroughs" in cracking it. Elliptic curves are well-understood mathematically; it's just that prime numbers are fantastically well-understood mathematically, and cryptographers are a nervous bunch. (That they are "still on the fence" is more a testimony to their stubborness than to any gaps in our understanding of elliptic curve crypto.)

If this interests you, check out Pegwit (http://www.george-barwood.pwp.blueyonder.co.uk/hp/v8/pegwit.htm). It's public domain (!) and has been around for years. It's designed as a standalone app but it would be quick work to turn it into a library.

I did a bunch of reading recently on public-key cryptography when I wrote this paper (http://www.gamejones.com/about/papers/registration.code.system.html) with an idea of mine for using RSA registration codes license verification for networked games. For the record, I hold no illusions that much (if any) of the ideas in that paper are new; that you're posting here and want an RSA library makes me think you have the same ideas.



Oh! You just posted, while I was writing this! I like Tiger and SHA-1 too. I also have XTEA and XXTEA, which are symmetric encryption algorithms. I believe I have public domain implementations of all of these, and I'd be happy to make 'em available if it would help.

As for Yarrow, I'm pretty happy with the Merseinne Twister. But if I need crypto-strength random numbers, I turn to the Microsoft Crypto API. Did you know that nearly every Windows box out there has some crypto on it? In particular, there's a nice random number generator (not a PRNG!) with an entropy pool gleaned from OS-level events. The function is CryptGenRandom(), but first you'll need a "provider" which you can get from CryptAcquireContext(). I can post example code for that if you're interested--it's only two lines.

Of course, for a one-shot source of really good random numbers... you can't beat HotBits (http://www.fourmilab.ch/hotbits/).

Cheers,

What do you need it for? (Just asking)

Cas :)