{"id":13421056,"url":"https://github.com/nowsecure/nscrypto-cpp","last_synced_at":"2025-03-15T07:32:35.410Z","repository":{"id":28507879,"uuid":"32024401","full_name":"nowsecure/nscrypto-cpp","owner":"nowsecure","description":"A C++11 library providing simple API for public-key encryption","archived":true,"fork":false,"pushed_at":"2015-04-09T13:09:00.000Z","size":6378,"stargazers_count":46,"open_issues_count":3,"forks_count":15,"subscribers_count":15,"default_branch":"master","last_synced_at":"2024-07-31T22:57:47.272Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nowsecure.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-03-11T15:12:03.000Z","updated_at":"2023-07-03T19:30:40.000Z","dependencies_parsed_at":"2022-09-15T04:02:32.410Z","dependency_job_id":null,"html_url":"https://github.com/nowsecure/nscrypto-cpp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fnscrypto-cpp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fnscrypto-cpp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fnscrypto-cpp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fnscrypto-cpp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nowsecure","download_url":"https://codeload.github.com/nowsecure/nscrypto-cpp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243701277,"owners_count":20333615,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T22:01:47.756Z","updated_at":"2025-03-15T07:32:34.111Z","avatar_url":"https://github.com/nowsecure.png","language":"C","funding_links":[],"categories":["TODO scan for Android support in followings"],"sub_categories":[],"readme":"# nscrypto-cpp\n\nA C++11 library providing simple API for public-key encryption\n\n# Description \n\n`nscrypto-cpp` is a C++ library implementing a simple API for encrypting and decrypting data using [hybrid encryption](http://en.wikipedia.org/wiki/Hybrid_cryptosystem). It uses [elliptic-curve Diffie-Hellman](http://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman) for key agreement and [AES](http://en.wikipedia.org/wiki/Advanced_Encryption_Standard)-[GCM](http://en.wikipedia.org/wiki/Galois/Counter_Mode) for data encryption and authentication. \n\nLibrary implements C(1e, 2s) scheme from [NIST SP 800-56A](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf) (see section 6.2.1). It uses NIST P-256 curve (a.k.a. secp256r1, a.k.a X9.62 prime256v1) and [SHA-256](http://en.wikipedia.org/wiki/SHA-2) for ECDH key agreement and AES-128 in GCM mode for data encryption. \n\nLibrary is currently built on top of [OpenSSL](https://www.openssl.org/) but support for additional backends is planned.\n\n# Usage Example \n\n```c++\n#include \"nscrypto.h\"\n\nvoid alice_encrypt() {\n std::string bob_public; // contains Bob's public key\n\n // Message Alice want to send\n std::string message(\"attack at dawn\");\n\n // Generate keys\n std::string alice_private, alice_public;\n std::tie(alice_private, alice_public) = ec_keypair();\n\n // Encrypt\n ecdh_encrypted_t encrypted(ecdh_client_encrypt(alice_private, bob_public, \"Alice\", \"Bob\", message));\n\n // Send encrypted to Bob\n // . . .\n}\n\nvoid bob_decrypt() {\n std::string alice_public; // contains Alice's public key\n std::string bob_private; // contains Bob's private key\n\n // Receive encrypted from Alice\n // . . .\n \n std::string decrypted(ecdh_server_decrypt(bob_private, alice_public, \"Alice\", \"Bob\", encrypted));\n if (decrypted.empty()) {\n // Decryption or integrity check failed\n return;\n }\n\n // . . .\n}\n\n```\n\n# API\n\n## Key Generation\n\n```c++\nusing keypair_t = std::tuple\u003cstd::string, std::string\u003e;\nkeypair_t ec_keypair();\n```\n\n#### Description\n\nGenerates new EC keypair. \n\n#### Return Values\n\nReturns `keypair_t` (a tuple (private_key, public_key). If there was a problem while generating keys returns a tuple with empty strings.\n\n## Encryption and Decryption\n\n```c++\nusing ecdh_encrypted_t = std::tuple\u003cstd::string, std::string, std::string\u003e;\n\necdh_encrypted_t ecdh_client_encrypt(const std::string\u0026 s_priv, const std::string\u0026 r_pub,\n const std::string\u0026 s_id, const std::string\u0026 r_id,\n const std::string\u0026 message);\n\necdh_encrypted_t ecdh_server_encrypt(const std::string\u0026 s_priv, const std::string\u0026 r_pub,\n const std::string\u0026 s_id, const std::string\u0026 r_id,\n const std::string\u0026 message);\n\nstd::string ecdh_server_decrypt(const std::string\u0026 r_priv, const std::string\u0026 s_pub,\n const std::string\u0026 s_id, const std::string\u0026 r_id,\n const ecdh_encrypted_t\u0026 encrypted);\n\nstd::string ecdh_client_decrypt(const std::string\u0026 r_priv, const std::string\u0026 s_pub,\n const std::string\u0026 s_id, const std::string\u0026 r_id,\n const ecdh_encrypted_t\u0026 encrypted);\n```\n#### Description\n\n`ecdh_client_encrypt` and `ecdh_server_encrypt` encrypt supplied message. Internally they generate an ephemeral EC key and use ECDH to compute encryption key that is then used to encrypt and authenticate data using AES-128 in GCM mode. \n\n`ecdh_server_decrypt` and `ecdh_client_decrypt` perform reverse operations and decrypt supplied message.\n\nMessages encrypted with `ecdh_client_encrypt` can be decrypted with `ecdh_server_decrypt`. Messages encrypted with `ecdh_server_encrypt` can be decrypted with `ecdh_client_decrypt`. Using functions in other combinations will result in decryption errors. This is by design.\n\nParameters: \n\n - `s_priv`, `s_pub` – sender's private and public keys. \n - `r_priv`, `r_pub` – recipient's private and public keys. \n - `s_id`, `r_id` – sender's and recipient's identifiers. This can be any string but same values must be passed for decryption as were passed for encryption. \n\n#### Return Values\n\n`ecdh_client_encrypt` and `ecdh_server_encrypt` return `ecdh_encrypted_t` (a tuple containing encrypted message (ciphertext), authentication tag (used to ensure that message was not altered in transit) and public ephemeral key that is used in ECDH key agreement. If there was a problem during encryption then tuple containing empty strings is returned.\n\n`ecdh_server_decrypt` and `ecdh_client_decrypt` return `std::string` containing decrypted data. If there was a problem during decryption (for example because function is unable to authenticate data or sender) then empty string is returned. \n\n\n# Build\n\nPlease use supplied Xcode project to build library. Keep in mind that when linking with `libnscrypto` you also need to link with `lcrypto` (OpenSSL). \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnowsecure%2Fnscrypto-cpp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnowsecure%2Fnscrypto-cpp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnowsecure%2Fnscrypto-cpp/lists"}