使用 C++/C 进行安全网络编程

Question

I am trying to implement a secure network/client communication using sockets. I am having hard time finding information on how to do so. The only thing that seems to be out there is OpenSSL, but the library seems to be very complicated to use.

Is there an easier library to use that is secure ? If not then what is good documentation to get started on secure programming.

Answer 1

For encryption there are multiple libraries are present.If you have not been saying that OpenSSL is complex then I highly suggest you OpenSSL.But now in your case , I suggest you to try

CryptoPP
its API style and programming paradigms take a little getting used to but you would like it in the end. It provides a wide range of symmetric and asymmetric algorithms with much flexibility. You can find a high level overview and sample codes. It is an easy library to integrate into projects.It is portable across several platforms.

LibTomCrypt
TomCrypt is lightweight and simple. As for quality, TomCrypt is widely accepted as top-quality encryption. Also, it's license is public domain which avoids the attribution hassle for your documentation that BSD licenses give you when writing commercial software.

Crypto++
is also a very well reputed library

Take a look at these libraries as well google's KeyCZar , botan and Capicom .
I hope this anwer will help you :)

Answer 2

Boost.Asio abstracts some of the OpenSSL lower level functions: examples

Keep in mind you have to be careful and it is easy to think that you have a secure system when in fact you do not. Just using OpenSSL doesn't guarantee security. It needs to be used correctly.

The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software