8

Do you know of a tutorial that demonstrates Public Private Key encryption(PPKE) in C++ or C?

I am trying to learn how it works and eventually use Crypto++ to create my own encryptions using public private keys. Maybe theres a Crypto++ PPKE tutorial?

Maybe someone can explain the relationship(if any) between the public and private keys? Could anyone suggest some very simple public and private key values I could use(like 'char*32','char/32') to create my simple PPKE program to understand the concept?

sazr
  • 24,984
  • 66
  • 194
  • 362
  • 7
    I agree that it's a good idea to create a simple encryption program to understand the concept, but **do not** roll your own encryption program (or algorithm) and use it in production. That's a recipe for very insecure software. See [Eric Lippert's blog](http://blogs.msdn.com/b/ericlippert/archive/2011/09/27/keep-it-secret-keep-it-safe.aspx) for a nice explanation of why (as well as an explanation of the key management problems that bedevil even the experts' crypto systems). – Adam Mihalcin Apr 04 '12 at 04:56
  • @JakeM: Did you read the Wikipedia article on [public key cryptography](http://en.wikipedia.org/wiki/Public-key_cryptography)? It has a great description of private and public key systems. – wallyk Apr 04 '12 at 05:12
  • 1
    "Remember: Anyone can design a security system that he himself cannot break. Even the experts regularly get it wrong. The odds that an amateur will get it right are extremely low." -- Bruce Schneier – blueshift Apr 04 '12 at 05:16
  • It's just called "public key encryption" - the 'private' bit is implicit. And there are lots of good explanations of the basic concepts of PKE out there - what are you unclear on? – Nick Johnson Apr 05 '12 at 06:07

2 Answers2

10

www.muppetlabs.com/~breadbox/txt/rsa.html

This article is very well written for programmers who want to understand RSA but do not have solid math background. It is the only article that actually makes me understand RSA. It doesn't contain C or C++ code but once you understand how it works, you should be able to write your own. (Even though I agree with others that it is not recommended, it should be still helpful to cleraly understand RSA) Hope it helps!

young
  • 2,163
  • 12
  • 19
8

Here's a toy version of RSA I wrote some time back. The thing that makes it a toy is that it only uses 32-bit numbers. To provide any meaningful level of security, you need to support much larger numbers for the math (typical key ranges are something like 1024-4096 bits or so, though the latter probably doesn't accomplish much).

Nonetheless, this does implement the real RSA algorithm. It would take relatively little to plug in a bignum package so this code could work with RSA keys of practical size (though most other implementations are probably faster).

#include <iostream>
#include <iterator>
#include <algorithm>
#include <vector>
#include <functional>

const int e_key = 47;
const int d_key = 15;
const int n = 391;

struct crypt : std::binary_function<int, int, int> {
    int operator()(int input, int key) const { 
        int result = 1;
        for (int i=0; i<key; i++) {
            result *= input;
            result %= n;
        }
        return result;
    }
};

int main() {
    std::string msg = "Drink more Ovaltine.";
    std::vector<int> encrypted;

    std::transform(msg.begin(), msg.end(),  
        std::back_inserter(encrypted),
        std::bind2nd(crypt(), e_key));

    std::transform(encrypted.begin(), encrypted.end(), 
        std::ostream_iterator<char>(std::cout, ""), 
        std::bind2nd(crypt(), d_key));
    std::cout << "\n";

    return 0;
}

Of course, this only covers the encryption and decryption itself -- that's a long ways short of being a complete security system.

Much like the comments have noted, this is intended purely to support understanding of the algorithm. I've never put it to serious use, and probably never will. Although supporting real key sizes would be fairly trivial, it's open to question whether I'll ever even do that -- if I did, somebody might mistake it for something that should be used on real data, which I don't really intend.

Jerry Coffin
  • 476,176
  • 80
  • 629
  • 1,111