FX::FXSSLKey Class Reference

#include <QSSLDevice.h>

List of all members.


Detailed Description

A container holding a variable length symmetric encryption key.

This is a generic container of a symmetric encryption key used with FX::QSSLDevice which can be dumped to and from storage. Its internal state resides within the secure heap and thus is automatically zeroed on deletion.

Furthermore you can optionally choose to encrypt your symmetric key with asymmetric encryption. This means that data written out by FX::QSSLDevice actually contains the very key also needed to decrypt it but obviously, in order to decrypt the decryption key you need the private key part of the asymmetric pair. Asymmetric keys are stored in a FX::FXSSLPKey.

Supported key formats are Blowfish & AES for symmetric encryption. Most of the implementation details in using the different key formats are abstracted away from you so you can treat them in a generic fashion.

If you generate a symmetric key from a piece of text using generateFromText() (eg; a human memorable piece of text), you should be aware that this reduces the possibilities in a brute strength attack to only around 80^len where len is the password length and assuming the password contains a mixture of alphanumeric letters, mixed capitalisation and numbers. Thus a six letter password is only 262 billion possibilities which is nothing. An eight letter password is somewhat better with 1677 trillion. To give you some idea, my home computer can attempt several million passwords per minute which really means you need a twelve letter password or higher to be sure. Obviously government security services could crunch that in minutes. To make it slightly more difficult for them, you can add random salt to your key using setSaltLen(n) though be careful as 2^n extra key tests need to be made at the time of decryption. I've made this much quicker by incorporating a Tiger hash of the key (which is also salted with 16 extra bits) but 2^n * 65536*O(hash) can quickly become slow. generateFromText() internally sets a salt length of 8 bits.

Note:
Salting has been implemented by EORing in a length of random data equal to the salt length into the key generated from the plaintext. Of course, you can add salt to normal randomly generated keys for extra protection.
The maximum key length which can be generated from a piece of plaintext is 480 bits. The first 192 bits is generated using the Tiger hash algorithm (FX::Secure::TigerHash), the next 160 bits is generated using SHA-1 and the next 128 bits from MD5. Thus key generation up to 192 bits is the quickest. An optional number of rounds can be used whereby the hashing process is reapplied to the previous key so many times - this slows down attackers. The default is 65536 and because of each hash's results feeding into the other hash functions (where key size is greater than 192), it should really mean a substantial increase in effort. Always use a minimum of two if bitsize > 192 otherwise attack becomes as easy as the weakest hash.

Warning:
Don't keep your keys in an unencrypted state for any longer than you have to ie; in memory. Keys are actually more important than the data you're keeping safe as you'll tend to use one key for all your data.

File format:

+0: Key type (the enum). 0xffff if key is encrypted.
+2: Key size in bytes (if encrypted, then pkey.bytesLen())
If key is not encrypted: +6: Key size in bits
+10: Key salt length in bits
+6|+14: Key data in big-endian byte order

Definition at line 218 of file QSSLDevice.h.

Public Types

 NoEncryption
 Blowfish
 AES
 Encrypted
enum  KeyType { NoEncryption, Blowfish, AES, Encrypted }

Public Member Functions

 FXSSLKey (FXuint bitsize=0, KeyType type=NoEncryption, const FXString &text=(const char *) 0)
 ~FXSSLKey ()
 FXSSLKey (const FXSSLKey &other)
FXSSLKeyoperator= (const FXSSLKey &other)
bool operator== (const FXSSLKey &other) const
bool operator!= (const FXSSLKey &other) const
bool operator< (const FXSSLKey &other) const
bool operator> (const FXSSLKey &other) const
KeyType type () const throw ()
void setType (KeyType type)
FXString typeAsString () const
FXuint saltLen () const throw ()
void setSaltLen (FXuint salt)
FXSSLPKeyasymmetricKey () const throw ()
FXSSLKeysetAsymmetricKey (const FXSSLPKey *pkey)
FXuint bytesLen () const throw ()
FXuint bitsLen () const throw ()
void setBitsLen (FXuint newsize)
void generate ()
void generateFromText (const FXString &text, int rounds=65536)
Secure::TigerHashValue hash () const throw ()

Friends

class QSSLDevice
FXAPI FXStreamoperator<< (FXStream &s, const FXSSLKey &i)
FXAPI FXStreamoperator>> (FXStream &s, FXSSLKey &i)


The documentation for this class was generated from the following file:
(C) 2002-2009 Niall Douglas. Some parts (C) to assorted authors.
Generated on Fri Nov 20 18:37:44 2009 for TnFOX by doxygen v1.4.7