TinyAES provides a few variants of the encryption/decryption methods in the AES family. More...
Typedefs | |
typedef std::vector< uint8_t > | VBytes |
A vector of bytes. More... | |
Functions | |
void | validate_key_and_iv (const VBytes &key, const VBytes &iv) |
Used internally to validate the length of both the key and the initialization vector. More... | |
void | generate_random_key_and_iv (VBytes &key, VBytes &iv, size_t seed=0) |
Generate a random 256-bit key and a 128-bit initialization vector. More... | |
std::string | to_hex_string (const VBytes &v) |
Convert the vector into a text string of hex characters. More... | |
VBytes | from_hex_string (const std::string &str) |
Convert the text string back into a vector of bytes. More... | |
std::string | cbc_encrypt (const std::string &str, const VBytes &key, const VBytes &iv) |
Encrypt the input buffer using 256-bit AES Cipher Block Chaining mode. More... | |
VBytes | cbc_encrypt (const VBytes &input, const VBytes &key, const VBytes &iv) |
Encrypt the input buffer using 256-bit AES Cipher Block Chaining mode. More... | |
std::string | cbc_decrypt (const std::string &input, const VBytes &key, const VBytes &iv) |
Decrypt the buffer using 256-bit AES Cipher Block Chaining mode. More... | |
VBytes | cbc_decrypt (const VBytes &input, const VBytes &key, const VBytes &iv) |
Decrypt the input buffer using 256-bit AES Cipher Block Chaining mode. More... | |
Variables | |
const size_t | key_size_in_bytes = 32 |
The number of bytes in a key, which is 32 for 256-bit AES. More... | |
const size_t | iv_size_in_bytes = 16 |
The number of bytes in the initialization vector. More... | |
TinyAES provides a few variants of the encryption/decryption methods in the AES family.
Only 256-bit AES is enabled in this library, and only a few modes are available:
You need 3 things to encrypt and decrypt when using 256-bit AES in CBC mode:
The key and the iv (initialization vector) are required to correctly decrypt what was previously encrypted. If you don't have the key and the iv, you cannot decrypt. Attempting to guess the key and the iv is unlikely: with a 256-bit key, it would take a supercomputer trillions of years to crack the key via brute force exhaustion of the key space.
This library can help with the following tasks:
std::string
): TinyAES::cbc_encrypt() The encrypt/decrypt functions that take and return a std::string
instead of a vector of bytes were added to make life easy for developers who happen to have some std::string
objects they want encrypted. The API converts the strings to TinyAES::VBytes objects, and then converts the results back to std::string
.
If wondering whether you should use the std::string
or TinyAES::VBytes function calls, prefering TinyAES::VBytes will save two extra copies of the data – one on input, and the other on output.
In the simplest case, this is how you'd encrypt and decrypt a string of text:
If you need to store and restore the 32-byte key and 16-byte initialization vector, this can easily be done using TinyAES::to_hex_string() and TinyAES::from_hex_string().
It is up to the application or the end user to ensure the key and iv are either copied or moved to an appropriate location to decrypt. There are no magical functions within TinyAES which will move the key and iv to their required final destination. And you cannot simply encrypt the key and the iv, since decryption requires you to have the key and iv!
typedef std::vector<uint8_t> TinyAES::VBytes |
A vector of bytes.
Used to pass in the key, the initialization vector, and the byte to encrypt/decrypt.
Used internally to validate the length of both the key and the initialization vector.
std::length_error | Throws if the key isn't exactly 32 bytes long. |
std::length_error | Throws if the iv isn't exactly 16 bytes long. |
References iv_size_in_bytes, and key_size_in_bytes.
Referenced by cbc_decrypt(), cbc_encrypt(), and generate_random_key_and_iv().
Generate a random 256-bit key and a 128-bit initialization vector.
These will need to be stored somewhere, since decrypting requires the same key and iv as was used during encryption.
[out] | key | Any previous content will be completely overwritten. On output, the key will contain exactly 256 bits (32 bytes). |
[out] | iv | Any previous content will be completely overwritten. On output, the initialization vector will contain exactly 128 bits (16 bytes). |
[in] | seed | If left as zero, a seed based on the current time will be used. If set to anything other than zero, that value will be used as a seed. |
References iv_size_in_bytes, key_size_in_bytes, and validate_key_and_iv().
std::string TinyAES::to_hex_string | ( | const VBytes & | v | ) |
Convert the vector into a text string of hex characters.
Useful in converting the encryption key and initialization vector to a text string.
The output would look similar to this:
Note how the key is twice as long as the initialization vector, since the key contains 256 bits (32 bytes) of data and the iv contains 128 bits (16 bytes) of data.
TinyAES::VBytes TinyAES::from_hex_string | ( | const std::string & | str | ) |
Convert the text string back into a vector of bytes.
Useful in converting textual representations of the encryption key and iv back into a vector of bytes.
std::length_error | Throws if the string has an odd length. |
std::invalid_argument | Throws if the string contains non-hex characters. |
Encrypt the input buffer using 256-bit AES Cipher Block Chaining mode.
Similar to the other TinyAES::cbc_encrypt() method, but takes a std::string
instead of a vector of bytes.
Automatically handles the PKCS padding internally, so the output string will always be between 1 and 16 bytes larger than the input string. This padding will automatically be removed when TinyAES::cbc_decrypt() is called, so other than knowing and expecting the encrypted string to be a few bytes bigger than the original text, there should be no user impact.
[in] | str | While a std::string normally implies "text", it can contain anything, including binary non-textual data. |
[in] | key | The encryption key must be 256 bits in length (32 bytes). |
[in] | iv | The initialization vector must be 128 bits in length (16 bytes). |
TinyAES::VBytes TinyAES::cbc_encrypt | ( | const VBytes & | input, |
const VBytes & | key, | ||
const VBytes & | iv | ||
) |
Encrypt the input buffer using 256-bit AES Cipher Block Chaining mode.
Similar to the other cbc_encrypt() method, but takes and returns a vector of bytes instead of a std::string
.
Automatically handles the PKCS padding internally. The output vector will always be between 1 and 16 bytes larger than the input vector. This padding will automatically be removed when TinyAES::cbc_decrypt() is called, so other than knowing and expecting the encrypted string to be a few bytes bigger than the original text, there should be no user impact.
[in] | input | The vector of bytes to encrypt. Can be any length. |
[in] | key | The encryption key must be 256 bits in length (32 bytes). |
[in] | iv | The initialization vector must be 128 bits in length (16 bytes). |
References AES_CBC_encrypt_buffer(), and validate_key_and_iv().
std::string TinyAES::cbc_decrypt | ( | const std::string & | input, |
const VBytes & | key, | ||
const VBytes & | iv | ||
) |
Decrypt the buffer using 256-bit AES Cipher Block Chaining mode.
Automatically handles the PKCS padding internally. The output string will always be between 1 and 16 bytes shorter than the encrypted input due to the removal of the padding bytes.
[in] | input | The encrypted input must be at least 16 bytes in length, and will be a muliple of 16 (since AES works on 16-byte blocks). |
[in] | key | The encryption key must be 256 bits in length (32 bytes). |
[in] | iv | The initialization vector must be 128 bits in length (16 bytes). |
TinyAES::VBytes TinyAES::cbc_decrypt | ( | const VBytes & | input, |
const VBytes & | key, | ||
const VBytes & | iv | ||
) |
Decrypt the input buffer using 256-bit AES Cipher Block Chaining mode.
Similar to the other cbc_decrypt() method, but takes a vector of bytes instead of a std::string
.
Automatically handles the PKCS padding internally. The output vector will always be between 1 and 16 bytes shorter than the encrypted input due to the removal of the padding bytes.
[in] | input | The encrypted input must be at least 16 bytes in length, and will be a muliple of 16 (since AES works on 16-byte blocks). |
[in] | key | The encryption key must be 256 bits in length (32 bytes). |
[in] | iv | The initialization vector must be 128 bits in length (16 bytes). |
std::length_error | Throws if the buffer to be decrypted has an invalid length. |
std::length_error | Throws if the PKCS padding after decryption is invalid. |
References AES_CBC_decrypt_buffer(), and validate_key_and_iv().
const size_t TinyAES::key_size_in_bytes = 32 |
The number of bytes in a key, which is 32 for 256-bit AES.
Referenced by generate_random_key_and_iv(), and validate_key_and_iv().
const size_t TinyAES::iv_size_in_bytes = 16 |
The number of bytes in the initialization vector.
(Normally the iv is the same size as a block, which for AES is always 16 bytes.)
Referenced by generate_random_key_and_iv(), and validate_key_and_iv().