How to encrypt a text file using C?

Question

I want to have a program like this:

scanf("%s", name);
scanf("%s", id);
scanf("%d", &age);

Now I want to write name, id and age to a file, but the file should be encrypted, so that only my program can read back the data it wrote.

Do I need to use one of the encryption libraries mentioned here (they all are pretty heavy duty libraries, I just need to encrypt a text file), or is there any other simpler method?

If an encryption library is the solution, which one is best suited for a simple text file encryption?

Answer 1

Public Class Tester
    Public Shared Sub Main()
        Try
            Dim myDESProvider As DESCryptoServiceProvider = New DESCryptoServiceProvider()
            myDESProvider.Key = ASCIIEncoding.ASCII.GetBytes("12345678")
            myDESProvider.IV = ASCIIEncoding.ASCII.GetBytes("12345678")
            Dim myICryptoTransform As ICryptoTransform = myDESProvider.CreateEncryptor(myDESProvider.Key, myDESProvider.IV)
            Dim ProcessFileStream As FileStream = New FileStream("Encrypted.txt", FileMode.Open, FileAccess.Read)
            Dim ResultFileStream As FileStream = New FileStream("Decrypted.txt", FileMode.Create, FileAccess.Write)
            Dim myCryptoStream As CryptoStream = New CryptoStream(ResultFileStream, myICryptoTransform, CryptoStreamMode.Write)
            Dim bytearrayinput(ProcessFileStream.Length - 1) As Byte
            ProcessFileStream.Read(bytearrayinput, 0, bytearrayinput.Length)
            myCryptoStream.Write(bytearrayinput, 0, bytearrayinput.Length)
            myCryptoStream.Close()
            ProcessFileStream.Close()
            ResultFileStream.Close()
         Catch ex As Exception
            Console.WriteLine(ex.Message)
        End Try
        Console.ReadLine()
    End Sub
End Class

Answer 2

If you're using Windows, consider using the Windows Encryption APIs which are available from both C and C++:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa382358(v=vs.85).aspx

Answer 3

If you want security, it is a mistake to roll your own encryption library. Use a well established encryption library (even if it may seem bloated), and leave security and its proper implementation to the experts.

If you can use C++, I suggest Crypto++, and if you can't use C++, then I suggest you implement a C wrapper library around Crypto++. Another possibility is libcrypto, although it lacks support for AES.

I should warn you, though, that if the program and the text file are on the same machine, you will need to have the password supplied externally (e.g. by the user); passwords that are embedded in programs are easily extracted, and offer no security at all. If the program is inaccessible (e.g. it is located on a webserver, and someone with the text file won't have access to the executable), then it is ok.

Answer 4

Do you need strong encryption? Do the people you are protecting the file from have access to the executable and have the skills to disassemble and analyse it? Do hey have cryptanalytic skills? If not, you can use very simple XOR-based cipher.

1. Use a program to generate a LONG random string of characters, e.g "837es238aj983", but longer than any string you may read from input (it does not need to be readable).
2. Generate a random integer.
3. Store the random string and integer as global variables in your C program.
4. XOR each age you read with your random integer and save the XORed value to the file.
5. XOR each character in the strings you read from input with the character at the same index in your random string. Save the XORed value to the file.
6. When you read the values from file, you XOR again with your random keys and obtain the original values.

Answer 5

For a simple text file that you read / write in one go I'd use a stream cipher, e.g. RC4.

Assuming you're using an embedded secret key RC4 is easy enough to implement yourself, or there should be plenty of lightweight implementations out there.

Answer 6

Better use a symmetric-key algorithm, as AES. You can find small sourcecodes here for instance.

If your applications are critical, then you should use the libraries you linked to.