Code Monkey home page Code Monkey logo

easy-encryption's Introduction

Easy Encryption

A very simple standalone C++ module (API) to obfuscate/deobfuscate strings based on B64 and Vigenere ciper (symmetric cipher).

DISCLAIMER: This encryption is NOT secure and can be used as a "cheap way" to obfuscate some messages in a communication channel. If you need a solid and unbreakable encryption, please use a widely adopted standard and well researched cipher like AES-GCM. You can find more information there: pyca.

It works as follows:

  • Alice encodes in base64 the message, then uses the Vigenere private key to encrypt the message.
  • The encrypted message is sent through an unsecured channel.
  • Bob gets the message and decrypts it with the Vigenere private key. He then decodes it with base64.

Diagram summary:


Message -> B64 ENCODE -> VIGENERE ENCRYPT -> encrypted message -> VIGENERE DECRYPT -> B64 DECODE -> Message


The reason why we apply b64 encode BEFORE Vigenere is because it's very easy for somebody to apply a b64 decode and see about the structure of the message. For example, if we send {"hello":123}, an attacker can sniff the message, b64 decode the message and get {"qsggn":ygf}. Of course the attacker still needs the Vigenere cipher key, but at least, he can get a pretty clear idea that JSON format messages are sent in the communication channel. The way to avoid this is to encode first in b64 then encrypt it with the Vigenere key. If the attacker tries to b64 decode first, it will see a random string of weird characters.

API

C++

  • Encrypt message
std::string encrypt(std::string& msg, std::string& key)
  • Decrypt message
std::string decrypt(std::string& encrypted_msg, std::string& key)

Python

  • Encrypt message
wrapper.encrypt(message, key): returns encrypted message
  • Decrypt message
wrapper.decrypt(encrypted_message, key): returns decrypted message

Compilation and execution

g++ cl.cpp Base64.cpp
./a.out "Hello world" MYPRIVATEKEY 0

The encrypted message is: ttz9JqxZHBClNtu=.

./a.out ttz9JqxZHBClNtu= MYPRIVATEKEY 1

The decrypted message is Hello world.

Python wrapper

g++ cl.cpp Base64.cpp
python3 wrapper.py

Example - Encoding/Decoding JSON format

Source code

#include <stdio.h>
#include <string.h>
#include <string>
#include <iostream>
#include <stdio.h>
#include <ctype.h>
#include "encrypt.h"

using namespace std;

int main() {
 	// std::string msg = "HELLO WORLD";
 	std::string msg = "{\"id\":1,\"method\":\"service.subscribe\",\"params\":[\"myapp/0.1c\", null,\"0.0.0.0\",\"80\"]}";
 	std::string key = "THISISMYKEY";
 	std::cout << "  message to send: " << msg << std::endl;
 	std::string encrypted_msg = encrypt(msg, key);
 	std::cout << "encrypted message: " << encrypted_msg << std::endl;
 	std::string decrypted_msg = decrypt(encrypted_msg, key);
 	std::cout << "decrypted message: " << decrypted_msg << std::endl;
    return 0;
}

Output

  message to send: {"id":1,"method":"service.subscribe","params":["myapp/0.1c", null,"0.0.0.0","80"]}
encrypted message: X5g7wjjTllj1ItCxShWUb77PKJsfP VNMAB7VtqaLCccGTr0ijkjxqw0IutQvXfSFK4OKo8cnpD1Lge0pdMCZf0fqQ8bjjFjkNn1h pBtdwNJD==
decrypted message: {"id":1,"method":"service.subscribe","params":["myapp/0.1c", null,"0.0.0.0","80"]}

easy-encryption's People

Contributors

philipperemy avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

easy-encryption's Issues

Support for other languages

The encode function works fine for English as far as I have tested. But it breaks for other Languages. For example, I used the encode function to encode a string in Gujarati. Decoding it produces some weird output. If all languages can not be supported, then can there be a check to ignore unidentified characters and keep them as it is in encoding and decoding?

Add license

Please, add license to you project. I'm not shure about using it.

P.S.: If you don't care, please, let it be MIT.

Support for entire files

Hello!

What about support for entire files?!!

I need that, by the way the idea to combine base64 + a generated key is awesome! Well done!

I tried to adapt your code to support encrypting/decrypting a file, but I am having difficulties ....

Are you available for support? I need ASAP!

Support of CJK characters... no matter it is in UTF-8 or ANSI

simple test case:

auto str_en = encrypt("很好", "123");
auto str = decrypt(str_en, "123");
  •   str_en	"k5mWno=="
    
  •   str	"观好"
    

some minor issues i've found are:

  1. should add "const" to all strings in all apis to be "const string&"
  2. should change all "or" to ordinary "||" in source

Wrong key

hello.
in wrong key return bad string none utf-8.
how to handle this ??

Unsafe encryption scheme

Contrary to the readme.md this scheme is not safe and not unbreakable.

  1. Applying a Base64-encoding before applying the Viginere cipher still leave the scheme vulnerable to attacks on the viginere-cipher as Base64 carries patterns into the encoded text. For example, if you encode the array [0, 0, 0, ...., 0] you'll get "AAAAA ... AAAA". While it's probable that it's harder to leverage typical pattern's used in human languages, I'm still reasonable confident that one would still be able to find an attack.
  2. You suggest using a key that's longer than the message. This would in fact defeat all traditional attacks on the viginere-cipher as it turns into a One-Time-Pad which CAN be optimally secure, under the conditions that each key is uniformly random AND each key is only used once. As the key provided by the user it's safe to assume that neither one are met thus making it insecure.
  3. It is not secure under the known-plaintext threat model. Let's assume that Alice uses your encryption scheme and send's the message "Send 10 Dollars to Bob" to her Bank but Eve intercept's it. Luckily for Eve, she also knows that Alice was about to send 10 Dollars to Bob so she can guess the plaintext. Now she can Base64-encode "Send 10 Dollars to Bob" and take the difference to the ciphertext and she now knows the key. She can even encrypt "Send 99 Dollars to Eve" using Alice key which obviously is not wanted.

So how does one fix this?
Firstly, one should notify everyone using this that this encryption is in-fact not secure. Secondly, one should use a widely adopted implementation of a widely adopted and well researched cipher like AES-GCM.

Should identify that the key can only use AVAILABLE_CHARS characters

I want use it to encrypt some low confidentiality string,and use the key like zise_some_thing_happen.
But the encryt_string is a bit long

It decrypt some charact worry(part of my data).
like:
"time": "2018-12-14 17:59:16",
to
"tyme": "2018-12-14 17:59:16",

And it will not show in short string.
the reason maybe is in this if.

if(isalnum(msg[i]) or msg[i] == ' ') {
    encryptedMsg[i] = AVAILABLE_CHARS[((index(msg[i]) + index(newKey[i])) % AVAILABLE_CHARS.size())];
} else {
    encryptedMsg[i] = msg[i];
}

After base64, some string will change to '_', and it will get worry index in newKey.

But I can't recurrent it in short string, and my error string have a little confidentiality needs. if you need it. Please give me a email, and i will send it to you.

On the other hand,
in

encryptedMsg[i] = AVAILABLE_CHARS[((index(msg[i]) + index(newKey[i])) % AVAILABLE_CHARS.size())];

AVAILABLE_CHARS.size() is a determine value, and .size() will caculate this value every time in your for loop.

It will better in this way:

AVAILABLE_CHARS_SIZE = AVAILABLE_CHARS.size()
for(i = 0; i < msgLen; ++i) {
    encryptedMsg[i] = AVAILABLE_CHARS[((index(msg[i]) + index(newKey[i])) % AVAILABLE_CHARS_SIZE)];
}

At last, in windows, call exe in cmd have max limit,32768. so if your encrypted string is too long, you can`t decrypt or encrypt it in python.

Add include guard and namespace isolation

It isn't good to fill glogal namespace, so it is better to put all function in naespace like easy_encryption.

Also, it is very important to protect headers with include guards (or #pragma once, or even better both).

try to encrypt binary using easy-encryption

Hello

I am trying to encrypt and decrypt the binary data.
It somehow doesn't work. The size of contents before encryption is same as after encryption but somehow the contents do not match.

`std::string sBin( binary.begin(), binary.end() ); // binary is char vector

std::string encryptedBinary = encrypt( sBin, Key );

std::string decryptedBinary = decrypt( encryptedBinary, Key );

if ( sBin.compare( decryptedBinary ) != 0 ) std::cout << sBin << " is not " << decryptedBinary << '\n';`

Somehow these never match. I tried same code for normal text works well.
Can we do encryption of binary data ? if yes can you please give sample ? or encryption freaks out on some special character in binary data?

Thanks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.