Who cares if there is recent activity, AES won't change, right?
libtomcrypt has a good rep in the community, it may be that Tom has
moved on to other things, graduation and getting a paying job can do
that to your projects!
Good points.
> I'm also not sure about using OpenSSL for this purpose, although it does
> have the cipher I want to use.
Why not? OpenSSL is what to use if you want speed and portability.
Very well respected, the API is a bit old and hoary, but such is the
price of being the granddaddy of crypto libraries.
Perhaps "granddaddy" is "my man". I was just intimidated by the size and scope of the project, and (admittedly at a glance) it's apparent dearth of documentation / examples for my intended usage.
> What I would prefer is a small C library that does only what is needed. I'd
> just use a straight Rijndael cipher implemented in C, but I'm doubtful of my
> ability to do it correctly and safely.
If you want small, and don't care about fast, its not hard to find
open source implementations:
http://en.wikipedia.org/wiki/AES_implementations#C.2FASM_library
Yeah, I see them. Especially the ones linked to by that wikipedia entry. I feel ill equipped to evaluate, let alone make use of them.
I feel compelled to say, that unless you know crypto very well, its
very possible to use AES in a system in a way that a good
cryptographer would not find secure. You might consider using gpg or
pgp or s/mime (via GNU Privacy Guard or OpenSSL).
Yeah. That's what I'm primarily worried about.
Cheers,
Sam
