#include <QSSLDevice.h>
This is a generic container of a symmetric encryption key used with FX::QSSLDevice which can be dumped to and from storage. Its internal state resides within the secure heap and thus is automatically zeroed on deletion.
Furthermore you can optionally choose to encrypt your symmetric key with asymmetric encryption. This means that data written out by FX::QSSLDevice actually contains the very key also needed to decrypt it but obviously, in order to decrypt the decryption key you need the private key part of the asymmetric pair. Asymmetric keys are stored in a FX::FXSSLPKey.
Supported key formats are Blowfish & AES for symmetric encryption. Most of the implementation details in using the different key formats are abstracted away from you so you can treat them in a generic fashion.
If you generate a symmetric key from a piece of text using generateFromText() (eg; a human memorable piece of text), you should be aware that this reduces the possibilities in a brute strength attack to only around 80^len where len is the password length and assuming the password contains a mixture of alphanumeric letters, mixed capitalisation and numbers. Thus a six letter password is only 262 billion possibilities which is nothing. An eight letter password is somewhat better with 1677 trillion. To give you some idea, my home computer can attempt several million passwords per minute which really means you need a twelve letter password or higher to be sure. Obviously government security services could crunch that in minutes. To make it slightly more difficult for them, you can add random salt to your key using setSaltLen(n) though be careful as 2^n extra key tests need to be made at the time of decryption. I've made this much quicker by incorporating a Tiger hash of the key (which is also salted with 16 extra bits) but 2^n * 65536*O(hash) can quickly become slow. generateFromText() internally sets a salt length of 8 bits.
+0: Key type (the enum). 0xffff if key is encrypted.
+2: Key size in bytes (if encrypted, then pkey.bytesLen())
If key is not encrypted: +6: Key size in bits
+10: Key salt length in bits
+6|+14: Key data in big-endian byte order
Definition at line 218 of file QSSLDevice.h.
Public Types | |
NoEncryption | |
Blowfish | |
AES | |
Encrypted | |
enum | KeyType { NoEncryption, Blowfish, AES, Encrypted } |
Public Member Functions | |
FXSSLKey (FXuint bitsize=0, KeyType type=NoEncryption, const FXString &text=(const char *) 0) | |
~FXSSLKey () | |
FXSSLKey (const FXSSLKey &other) | |
FXSSLKey & | operator= (const FXSSLKey &other) |
bool | operator== (const FXSSLKey &other) const |
bool | operator!= (const FXSSLKey &other) const |
bool | operator< (const FXSSLKey &other) const |
bool | operator> (const FXSSLKey &other) const |
KeyType | type () const throw () |
void | setType (KeyType type) |
FXString | typeAsString () const |
FXuint | saltLen () const throw () |
void | setSaltLen (FXuint salt) |
FXSSLPKey * | asymmetricKey () const throw () |
FXSSLKey & | setAsymmetricKey (const FXSSLPKey *pkey) |
FXuint | bytesLen () const throw () |
FXuint | bitsLen () const throw () |
void | setBitsLen (FXuint newsize) |
void | generate () |
void | generateFromText (const FXString &text, int rounds=65536) |
Secure::TigerHashValue | hash () const throw () |
Friends | |
class | QSSLDevice |
FXAPI FXStream & | operator<< (FXStream &s, const FXSSLKey &i) |
FXAPI FXStream & | operator>> (FXStream &s, FXSSLKey &i) |