Skip to content

NAME

secrypt - Cryptographic library for encryption, decryption, and hashing.

SYNOPSIS

#include "secrypt.h"

Use these utilities for secure cryptographic operations, leveraging the MBEDTLS library (2.28.x) for implementing encryption, decryption, and hashing functionalities in applications.

DESCRIPTION

The secrypt library offers a comprehensive suite of cryptographic functions designed to facilitate secure encryption, decryption, and hashing of data. It harnesses the power of the MBEDTLS library, ensuring access to strong entropy sources and a variety of cryptographic algorithms for secure data processing and handling. Importantly, the full cryptographic capabilities of secrypt are enabled only when used in conjunction with the ITAR-compliant ION NASA Baseline. The source code provided with ION Open Source utilizes non-cryptographic stub functions in place of these capabilities, adhering to legal requirements and ensuring broader accessibility while distinguishing between secure government and public applications.

Utility and Debugging Functions

  • print_hex(const unsigned char *data, size_t length)

    Prints binary data as hexadecimal. Useful for debugging and verifying data integrity.

  • print_encrypted_data(const unsigned char *data, size_t length)

    Prints encrypted data in hexadecimal format. Aids in verifying encryption operations.

Cryptographic Operations

  • entropy_gen(void *data, unsigned char *output, size_t len, size_t *olen)

    Generates cryptographically secure random entropy.

  • entropy_init(mbedtls_entropy_context *entropy)

    Initializes the entropy context for secure random number generation.

Encryption/Decryption and Hashing

  • crypt_and_hash_buffer(int mode, unsigned char *personalization_string, unsigned char *input_buffer, size_t *input_length, unsigned char **my_output_buffer, size_t *my_output_length, char *cipher, char *md, char *my_key)

    Performs encryption/decryption and hashing on a buffer. Supports both confidentiality (through encryption) and integrity (through hashing).

  • crypt_and_hash_file(int mode, unsigned char *personalization_string, char *file_in, char *file_out, char *cipher, char *md, char *key)

    Encrypts/decrypts and hashes file contents. Facilitates file-based cryptographic operations with integrity verification.

Features

  • Utilizes strong entropy sources and cryptographic algorithms from MBEDTLS for secure operations.
  • Supports simultaneous encryption/decryption and hashing for data integrity verification.
  • Enables file-based cryptographic operations with hashing, leveraging MBEDTLS file I/O capabilities.
  • Includes debugging and data inspection utilities for ease of development and verification.

NOTES

Proper use of these cryptographic functions is crucial for maintaining data security. Familiarize yourself with cryptographic principles and MBEDTLS specifics to ensure the security of your data.

WARNING

Keep your MBEDTLS library and cryptographic standards updated to maintain security efficacy over time.

BUGS

Report bugs to <https://github.com/nasa-jpl/ION-DTN/issues>.

SEE ALSO

bp(3), sendfile(1), recvfile(1), metadata(3)