1

I am trying to implement a secure network/client communication using sockets. I am having hard time finding information on how to do so. The only thing that seems to be out there is OpenSSL, but the library seems to be very complicated to use.

Is there an easier library to use that is secure ? If not then what is good documentation to get started on secure programming.

Anonymous
  • 1,500
  • 3
  • 18
  • 30
  • The communication between sockets maybe be monitored, but need a way to encrypt data so that it cannot be maliciously used by an external agent. – Anonymous Nov 23 '12 at 04:14
  • http://stackoverflow.com/questions/4952339/ipsec-vs-openssl-vs-pgp – vladr Nov 23 '12 at 04:24

2 Answers2

2

For encryption there are multiple libraries are present.If you have not been saying that OpenSSL is complex then I highly suggest you OpenSSL.But now in your case , I suggest you to try

CryptoPP
its API style and programming paradigms take a little getting used to but you would like it in the end. It provides a wide range of symmetric and asymmetric algorithms with much flexibility. You can find a high level overview and sample codes. It is an easy library to integrate into projects.It is portable across several platforms.

LibTomCrypt
TomCrypt is lightweight and simple. As for quality, TomCrypt is widely accepted as top-quality encryption. Also, it's license is public domain which avoids the attribution hassle for your documentation that BSD licenses give you when writing commercial software.

Crypto++
is also a very well reputed library

Take a look at these libraries as well google's KeyCZar , botan and Capicom.
I hope this anwer will help you :)

Freak
  • 6,786
  • 5
  • 36
  • 54
  • I wonder whether you have any sources on the stability and testedness of those libraries? – Jonas Schäfer Nov 23 '12 at 07:58
  • Actually it is not possible that someone have used all these and then suggest.By searched on forums and other people views , I found that these are some good resources regarding OP's need – Freak Nov 23 '12 at 08:09
  • Ok, I just thought you maybe have come across some testimonials. – Jonas Schäfer Nov 23 '12 at 09:03
  • CryptoPP and Crypto++ are the same thing. (And in your answer point to the same website) Your LibTomCryp doesn't go to the right place; it should go to http://libtom.org/?page=features&newsitems=5&whatfile=crypt – Billy ONeal Nov 25 '12 at 23:34
1

Boost.Asio abstracts some of the OpenSSL lower level functions: examples

Keep in mind you have to be careful and it is easy to think that you have a secure system when in fact you do not. Just using OpenSSL doesn't guarantee security. It needs to be used correctly.

The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software

Guy Sirton
  • 8,331
  • 2
  • 26
  • 36