lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Wed, Dec 30, 2009 at 4:20 PM, Phoenix Sol <phoenix@burninglabs.com> wrote:
> Greetings, all.
>
> I need a solution for encrypting and decrypting strings in Lua, preferably
> with the Rijndael cipher.
>
> I started a binding to libtomcrypt (using AES and CTR), but I'm not sure
> this is what I want. I'm not sure how to compile the thing, which math
> library to link it with (libtommath, gnump, tomsfastmath...), or even which
> version of libtomcrypt to use, or which source of it to trust. I also don't
> see any evidence of recent activity surrounding it. It's home page appears
> to be abandoned. I downloaded version 1.16 from freshmeat; now I see 1.17
> and 1.18 floating around as well... which left me feeling, you know, "not so
> fresh".
> I'm finding many sources of doubt.

Who cares if there is recent activity, AES won't change, right?

libtomcrypt has a good rep in the community, it may be that Tom has
moved on to other things, graduation and getting a paying job can do
that to your projects!

> I'm also not sure about using OpenSSL for this purpose, although it does
> have the cipher I want to use.

Why not? OpenSSL is what to use if you want speed and portability.
Very well respected, the API is a bit old and hoary, but such is the
price of being the granddaddy of crypto libraries.

> What I would prefer is a small C library that does only what is needed. I'd
> just use a straight Rijndael cipher implemented in C, but I'm doubtful of my
> ability to do it correctly and safely.

If you want small, and don't care about fast, its not hard to find
open source implementations:

http://en.wikipedia.org/wiki/AES_implementations#C.2FASM_library

I feel compelled to say, that unless you know crypto very well, its
very possible to use AES in a system in a way that a good
cryptographer would not find secure. You might consider using gpg or
pgp or s/mime (via GNU Privacy Guard or OpenSSL).

Cheers,
Sam