next up previous contents index
Next: Key for Cryptography ( Up: Symmetric Key Cryptography Previous: Symmetric Key Cryptography   Contents   Index


Secure Byte String ( CryptByteString )

Definition

An instance s of the class CryptByteString is basically a string of bytes. When s is not used anymore its memory is wiped out (by overwriting it a couple of times) before the memory is freed and returned to the system. The goal is to prevent an attacker from reading security sensitive data after your process has terminated. We want to point out that this mechanism can be foiled by the operating system: If it swaps the memory occupied by s to a swap file on a hard disc then the data will not be erased by s. (Some platforms offer to lock certain parts of the memory against swapping. CryptByteString uses this feature on Windows NT/2000/XP to protect its memory.)
As we have stated above s can be used like a string or an array of bytes. The size n of s is the number of bytes in s, they are indexed from 0 to n - 1 .
Important: If you create a CryptByteString s from a C -style array or a string, or if you convert s to a string, then only the memory of s will be wiped out but not the memory of the array or the string.

#include < LEDA/coding/crypt_key.h >

Creation

CryptByteString s creates an empty string.

CryptByteString s(uint16 size) creates a string of the given size. All bytes in s are set to zero.

CryptByteString s(const byte* bytes, uint16 num_bytes)
    creates a copy of the array bytes of size num_bytes.

CryptByteString s(const char* str) creates a copy of the C -style string str. (The ' \ 0' character at the end is not copied.)

Operations

uint16 s.get_size() returns the size of s.

bool s.is_empty() returns true iff s is empty.

void s.clear() makes s the empty string.

const byte* s.get_bytes() returns the internal byte-array of s.

byte& s[uint16 idx] returns the byte at position idx.
Precondition $0 <= \mathit{idx} <= \mathit{s}.\mbox{get{\_}size()}-1$ .

CryptByteString s(uint16 idx_start, uint16 idx_end)
    returns the substring s[idx$ \_$start] , ..., s[idx$ \_$end] .

CryptByteString s.hash(uint16 num_iterations = 1)
    computes a hash of s, num_iterations specifies how often the hash function is applied.

string s.to_hex_string() computes a hexadecimal reprasentation of s, each byte is represented by two hex-digits.

string s.to_string() converts s into a string.

CryptByteString const CryptByteString& x + const CryptByteString& y
    returns the concatenation of x and y.

CryptByteString CryptByteString::from_hex_string(const char* hex_str)
    creates a CryptByteString from a string of hex-digits.

CryptByteString CryptByteString::from_string(const char* str)
    converts the string str into a CryptByteString.

void CryptByteString::wipe_memory(void* mem, uint32 sz)
    wipes out sz bytes starting at the address given by mem.


next up previous contents index
Next: Key for Cryptography ( Up: Symmetric Key Cryptography Previous: Symmetric Key Cryptography   Contents   Index
Christian Uhrig 2017-04-07