 Hey everybody, this is Brian. Welcome to the 154th Qtutorial with C++ and GUI programming. We're going to wrap up our open SSL encryption conversation. Let's kind of do a quick review. I have to apologize that my voice is a little bit hoarse and my allergies are really kicking my butt today. So, if you haven't watched the previous, I think, like three or four videos, go ahead and do so. We've covered RSA encryption and AES. Quick refresher. AES is for bulk encryption. It's meant for large volumes of data. It's a block cipher. I should say one of the mode that we're using is a block cipher because it can have different modes. RSA is a public key algorithm. Essentially, you have a public key and a private key. The private key, obviously, you keep to yourself. The public key is what you would give out to your friends. So, we're going to pick right up where we left off. We have fleshed out all the code for the cipher class. Let's just double check to see that we've done that. It looks good. So, we're going to dive in here. This is going to be kind of our little test application. We've been running tests. You can see we've got test RSA and test AES. We are going to... Gosh, let me get adjusted in my seat here. I'm so excited. I just can't sit still. We're going to make a couple functions here. Read file. There we go. I'm going to say Q-String. File name. The pollen is so bad here right now that literally I washed my truck yesterday and this morning I can write my name on the hood. It's just ridiculous. Boy, that's a misspelling file B name. There we go. File name. Let's call this F. Really, all we're just going to do is we're going to read the contents of the file and we're panning that Q byte array per reference... I'm sorry, per value. Not reference. You can tell I'm kind of out of it today. We're going to say Q-Crit. We're going to return false. I'm just going to read all the file. Now note that's kind of dangerous if you have a huge file. Once again, not production level code. We're just pretty much just testing here. I'm going to assume that if you're watching this video you're kind of know what I mean when I say production level code and why you would not want to read an entire file into memory like we just did. If you don't, while I'm writing out the next function I will briefly explain it. Basically, let's say you have 4 gigs of RAM and you go to open a 20 gig file and you read that all into memory. It will attempt to read it all and what it will do is it will start swapping the disk and swapping the disk is a bad thing because it slows your computer down. And Q-Bite Array. I'm going to try it really hard not to clear my throat or cough into the microphone because it's kind of gross but once again I don't know if you can hear my voice is really raspy. If it gets too bad I'll just pause the video and cough my brains out for like 30 seconds and then start it over again. Okay, and then we're going to say Q-File. Whoops, I don't want the right file. I want Q-File open. Why did I do that? Geez, maybe I do need to go back to bed. That was an amateur hour. Let's just grab this guy. Copy and paste. Got to look copy and paste here. And f.close. We're just going to use these functions for our little tests that we're going to be writing here. So far we've got read file, write file, test RSA, test AES. Let's give this a good build. Make sure we didn't goof anything stupid. Alright. So let me look at my notes real quick here. Alright, so why would we use RSA and AES? This is kind of the fundamental question that these tutorials have been building up to. AES, as you remember, has a key. Actually, it's a passphrase, and from that we derive a key and initialization vector, but that passphrase has to be kept secret at all times. We can't let that get out. Otherwise, it's pointless to encrypt the data anyway. So we use RSA to encrypt those keys. So what we're going to write are the functions to combine the two together. I'm going to say encrypt and it's going to have a matching function here. Decrypt combined. Alright, so first thing we need to do is you guessed it. I don't know why I call it C wrapper. I just do. So we're going to encrypt the AES key and we're going to use RSA to encrypt that. So we're going to say Q byte array key equal excuse me get public key. So we're going to get the public key here and we're going to say RSA now all we've done so far is we've gotten the RSA public key. Remember, you want the public key because that's what they're going to encrypt it with. We're looking at this from the premise of someone else is going to encrypt the file and send it to you and you want to decrypt it. So in order to do that they have to use your public key because they will have it send it to you and you'll use your private key to decrypt it because remember your private key has to stay private. So we're going to make a random bytes. It's going to be our passphrase. And we're going to oops make it base64 encoded. A little bit of discussion here. Why are we doing this? Well, this is going to be our AES key and you don't want a static key. What you want is something that's random. Something totally just unique random. You don't even want to tie it to CPU time or you know Unix time or anything like that. You want just random bytes and then we're base64 encoding it. That way it'll be somewhat human readable. It'll just be random junk, but you know what I mean. Also, if you're going to do any transmission of data you want to you want to make sure that that data is not going to get encoded or re-encoded in transit. Otherwise it will of course invalidate your key and then you're kind of messed up up to RSA. So here is our public key. And now we want to passphrase. So really all we're doing at this point is just encrypting that AES key. So we're going to say queuedabug if I could spell queuedabug. Alright, so that's our encrypted key. Now, why did we encrypt that first? Just to prove that you really have to encrypt it. You don't want to forget that step. Now we're going to actually use the unencrypted key to encrypt the data and let's call this plain. Hello world, why not? plain test, no plain text. There we go. Scroll down so we can see here. So we've got our plain text and now we want to actually, well you guessed it, we need to encrypt this. So we're going to say Q byte array encrypted equal C wrapper whoops encrypt AES passphrase. Now very important make sure you use the passphrase, the unencrypted version of that, not the encrypted key. The reason for that if you use the encrypted key well you're not going to have the same results when you go to decrypt us obviously. So we've got that. Now what we're going to do is we're going to combine these two together. So we're going to say Q file F we'll call this test test.enc The file extension doesn't really matter. Some people get hung up on that but it really makes no bit of difference. The operating system really doesn't care. And we're going to say Q file, write only and if this looks very similar it's because it kind of is and we're just going to copy and paste this because I like saving time. Okay and then we're going to say Q debug and we just want to debug out the encrypted key length. That way we know what we're looking for. It should be 256 but sometimes things will get kind of crazy and you need to figure out what happened. So that's just literally a debug message for us to see what's going on. So we're going to say encrypted data. First thing we want to do is append the encrypted key. So we're going to take the encrypted AES key and slap it right into this byte array. And then we're going to say encrypted data dot append and we want to take the encrypted data from our actual plain text. Then we want to close the file. Actually we want to write all that sorry. Now we want to close the file. And let's just debug out. So there is our encrypted let's make another one here actually let's put it here. So really all this test is going to do is it's going to say if the encrypt combined the scale guy we just wrote here returns true then we're going to decrypt combined. Just a very simple like I said not production level code just simple testing. Let me pull up my file browser here um there is no test dot enc out here. We're going to run this. Hopefully it'll generate the encrypted file and then we can look at it real quick. File name is not declared in the scope. What have we done wrong mm-hmm mm-hmm probably would help if we actually gave it a real file name right. Let's look at the she would have done wrong here. We'll just do it the easy way. That's what happens when I read from my notes and my notes aren't fully up to date here. There we go. Alright so there is our encrypted AES key in all its glory and it is 256 bytes long and the encryption is now finished. So if we look here we have our test ENC. We're going to open that with g-edit and it's course just going to look monstrosity ugly um we're going to edit anyways. See right here I don't know if all this read if you can actually pick it up where it says salted underscore underscore that's the actual beginning of the whoops I just modified I don't want to do that that's the actual beginning of the file and then the first eight bytes are the salt and then the rest is the actual data. So all of this up here is the actual key that's been encrypted with RSA. So you can see in this case our key is actually bigger than our encrypted data. It's kind of messed up but that's just kind of how that is. Let me get my notes back off screen here. So now we want to try to decrypt that file. I'm going to actually run this again just to make sure it doesn't blow up. Alright So we are going to decrypt this file here get my notes lined up here really feel like I was going to cough sorry about that Q byte array data and this is where we need to actually use one of those helper functions that we were messing around with. Read file and we want to say sdnc data and I'm just going to you know what why not qstring file name I won't do that. I was going to get all fancy but I'm not going to do it. So what we're going to say is if we cannot read test.enc which is our encrypted data into this buffer here this little data then we're going to return false and we should you know actually do a qbug why not let's do it just in case alright so the cursor didn't want to go where I wanted it alright so what we have to do now is we have to load the encrypted key the RSA encrypted key so we're going to say q byte array header salted underscore underscore if you're wondering where I'm getting salted underscore underscore it's actually from the open SSL command line application it adds that and part of this is this program's role or need is that we wanted to to I just stuttered wanted to wanted to be interoperable with the open SSL command line that way say you are writing a custom program you're shooting it off somewhere we want somebody to be able to write a simple you know pearl or python or power shell file that they could extract this data and call a command line that way you don't have to compile and hand them a special program although you definitely could so now we're just going to find the index of the salted header like I showed you earlier I went and saw X-Men with my daughter last night I don't know I'm kind of on the fence about it I mean graphically it was amazing all the X-Men movies are just amazing but that's why they're these big budget movies right but the storyline I don't know it's kind of whatever I mean everybody was like hardcore and badass except for Olivia Munn who was pretty much running around in lingerie for two and a half hours which whatever I realized they you know need need that kind of stuff in there to get people to watch but alright so we're just going to say we found salt at that position that way we know where in the files just so you know if you're playing around with it you know what's going on Q byte array cryptid key equal data whoops dot mid and we want to say zero 256 which really you could use pose from above because it should be at the 256 bit 256th position man I'm having a hard time with this today so you could very easily you know substitute 256 that I've hard coded with this POS which you really should do I'm just doing this to show you how it works so we want the encrypted key and the actual encrypted data now we're going to decrypt the AES key you know what we forgot to free this didn't we forgot to free that RSA key up there we go that may cause problems later on still haven't gone and see Captain America Civil War kind of for the same reason it just looks like it's I don't know my friends have seen it they said it's amazing but I don't know I get kind of picky about these sort of things having read the comic books as a kid alright so anyways so we're going to say key equal get private key because we are now you know decrypting we want to use our private key to decrypt I'm going to say RSA pointer to private and then there's the World of Warcraft movie which just came out which I don't know some of my friends have given it really mixed reviews too so I may not go see that I may just wait for that to come out on Netflix I'm really picky about what movies I see in theaters because you're going you're paying you know 40 50 bucks to go depending on where you're going how many people you're taking and then you sit there with full of noisy obnoxious people and I'd much rather sit in my living room and I'm the noisy obnoxious person but you know whatever so I'm going to see a wrapper to decrypt RSA and we're going to say private key and then we of course need to take that with our encrypted key get that passphrase back once we have that passphrase we can actually free this up we're going to say see wrapper free RSA free that bad boy up so QDebug just for debug purposes we want to know that we decrypted that and now we want to actually decrypt the data I may actually I want to do this where we actually test the command line I may split that into another video because my throat is getting kind of kind of raw here and I want to not cough into the microphone if I can help it I don't like doing that I know I'm not going to name names but I know some some video authors out there will actually split into like 5 minute videos and then plaster them with ads and stuff like that I just I don't like doing that I actually don't think any of my videos have ads at least they better not alright so now we're going to actually decrypt the data and then we're going to write file and we are going to say test .txt because we want to do this to the plain text and then plain and then last but not least qdebug that could be bad let's give this a build and of course something blew up let's see what's going on here hmm what do you mean expected primary before rsa what probably shouldn't use the type should use the variable there we go head was not declared header probably would be a good idea here and then once again probably shouldn't use the type what was the name of that thing private key there you are and alright let's go ahead and let's delete this test ink just because why not we're going to run this and here's our program it says encrypted key and then there's our big long 256 bit key you can see the key link is 256 bits encryption is finished now we're decrypting that is what was found at 256 256 number keeps popping up that's the key size the passphrase and if you look at that you can see that's base 64 encoded you can kind of tell by that telltale little equal sign at the end there and then finished decrypting so let's go out and see what we got here there's our encrypted and there's our decrypted so let's open this bad boy up and sure enough hello world this is plain text so that is kind of how you combine the two some quick notes you could put anything you really want let's open this back up in gedit here here is that test enc file why it's not syntax highlighting I don't know I'm kind of happy it's not but you can see how it's here's our key and some of the bytes are probably not visible because of the encoding here's that header that one two three four five six seven eight one two three four five six seven that is the salt now let's talk about security real quick before I cough my brains out here are we doing anything here that's insecure not really what we're doing is we have a AES password that we've used the public key to encrypt with so it cannot be unencrypted with the public key it can only be unencrypted with the private key which we keep private to ourselves that way the only person theoretically that can decrypt this and get the key that decrypts that is us because we have the private key assuming that you of course have done you do diligence and you've kept your private key well private so some people are going to go well it's insecure because you're giving away the key no it's not this is actually what RSA is designed to do it allows you to encrypt keys for other algorithms so that you can do this very same thing so there's our key encrypted with the public key the salt means absolutely nothing the salt is completely worthless unless you have the passphrase and the initialization vector which of course is encrypted and stored right here I should say the passphrase is there all the passphrase is as it jumps down into our code maybe maybe maybe yeah and we use this bytes to key function in the open SSL library to actually convert the passphrase into a secure key and initialization vector so that a nutshell is all we're doing let me see how we're doing on time here let me actually pause the video real quick I want to try and finish this up I don't want to make too many videos unless I have to okay we're back we're just going to continue I'm not going to make another video I hate making thousands and thousands of videos so what we're going to test now is the command line operability here so we're going to say void encrypt yeah command line I do want to do that and we are just going to say hmm we're going to give it an ultra secure password here of well password and we're going to encrypt that which just says hello from the open SSL command line we're going to write file file that txt we're going to write out the plain bytes it's got here delete these files while I'm thinking about it okay now I'm going to do a little bit of wizardry here and I'm going to save a lot of typing by just saying copy and paste this is the actual open SSL command line that we're going to be using open SSL AES 256 bit cypher block chaining we're going to use assault we're going to use a message digest of shaw one the in file will be file that txt which we've just written up here and then it will output the file file that enc and the password we're using is of course password password right up here that's very important that you do this right here pass colon password you can also give it a pass file or a key file as it's called but I haven't really tested with that yet so I'm not going to definitively say hey this is going to work you need to make sure that you have open SSL installed and working key phrase working if you get to that point you know that it's installed and then you can actually test things so what this is going to do is it's going to come in here it's going to write the plain text to file txt and then we're going to use the open SSL command line to actually encrypt that now we're going to decrypt this decrypt from our application let's just say actually you know what let's just queued a bug because I like queued a bug there we go that way it shows us right in the console what we're doing queued by the array encrypted and if not read file we want to read the file that enc want to read that encrypted data and but not read file just going to copy and paste here yeah I don't know why I became so snobbish snobby whatever movie snob anyways I used to love going to the movies but lately it's just like man it just gets expensive you get noisy you know people in there that are just not very attentive to how rude they are to other people like when they use their flash they use their phone as a flashlight I hate that a buddy of mine will actually talk on his phone during the movie and I'm just looking at him like dude I'm going to break your arm alright so now what we need to do here is we need to decrypt AES and we're going to say passphrase hmm did I do that wrong I did let's call this pass phrase instead of password to Latin 1 and we want to do the encrypted data and then we're going to say if not write file we'll say file decrypted.txt sometimes my mouse doesn't want to play long here there we go alright so we're going to just test our command line operability now you should note the combined version that we were just playing around with I don't think there really is an open SSL version of that I think you'd have to start in separate files that's why I'm not going to demonstrate how to do both I couldn't figure out how to do it so got no extra files that we need let's give this a build make sure we didn't booboo anything and of course we did turn false that's why because this doesn't return a value there we go going to give this a good run and it says encrypting on the command line decrypting with the application finished so let's see what our results here are so here's our encrypted you can see there's the open SSL version you see how it starts with salted and then we've got our assault and then the actual data and then there's hello from the open SSL command line and here is the actual decrypted file hello from the open SSL command line now if you open filed underscore decrypted.txt what we decrypted with our application and it just looks like a random junk check your key I mean if it looks like this kind of garbage check your key like I said open SSL does not fail gracefully it'll just give you random junk back and 9 times out of 10 what I found is it's right here actually right here at the very end sometimes what will happen is like if you do this and you grab this guy and you say something like this sometimes you'll get an extra zero or an extra slash rn or you know something back there will really mess with it and it won't jive well that's why I just hard coded it like that so just be careful always check your key I've had many many many problems with open SSL and its keys but you know when in doubt check the key I'm gonna say it one more time when in doubt check the key so moving right along now we're gonna do the exact opposite of that and we are going to decrypt with the command line we're gonna encrypt with our application then we're gonna use the command line to decrypt it and this is gonna be AES once again wow that was a big mistake yeah I might go get some ice cream today I haven't had ice cream in like a long time alright so we're just gonna say I don't know where that came from I guess I'm getting hungry I've been doing a lot of lifting and running and like my appetite's just going up and we're gonna encrypt let me scroll down so we can see that better and I'm just gonna save a little bit of time and copy and paste out of my notes here because it's just nothing really important we have our passphrase we have our password which is just the passphrase you know to a cubite array and then we're gonna say cubite array plain equal hello from our application now we want to say cubite array encrypt encrypted equal C wrapper encrypt AES and we want to say password and then we want to say the plain text once again if you get these two kind of mixed around you'll get an error always check your key whenever you have some sort of encryption problem if not write file and we're gonna say we're going to say the encrypted data so we're just gonna write the encrypted data out and let's actually do it a little nicer here now I'm going to just copy and paste this because I don't want to type all this out so then we're gonna decrypt it on the command line so we're gonna use the open SSL AES 256 byte for block chaining and then this little guy right here denotes that we are now decrypting instead of encrypting we're gonna have a salt message digest of SHA1 the file input would be file ENC which we are writing up here the output will be file 2 and we're gonna give it the same password and then we're just gonna say complete let's make sure all our little test files are out of here decrypt command line give us a good build, make sure we don't have any booboos and make sure we double check we clean those files out of there good and encrypting decrypting complete, no error messages sure enough there's our encrypted just give that a good look see encrypted sure enough starts with salted and then let's just hello from our application so we now have a working program that can encrypt decrypt and it's interoperable with the open SSL command line that was kind of the goal of these tutorials so I think this is gonna be the last one in our encryption tutorials for a while and I'm probably not 100% sure but I'm probably gonna go back to QML because that's kind of where we left off in our tutorials well my throat's really getting raw so I'm gonna stop this but feel free to visit my website voidrums.com we have the source code for this and all the other tutorials just go to Qt and I know I say it every time it's way way way you know where it is way in the back here I'll try to post this up as soon as I can two other quick things this website's 100% funded by your donation so if you found this useful please donate if you work for a company and you're gonna use my code definitely please donate also if you have questions, comments, concerns join the voidrums facebook group I would encourage you not to email me directly because I get just an enormous amount of email as it is you can go into the voidrums facebook group and there's well over 600 programmers all walks of life and they can help you not just with this project but pretty much any project you have and they answer very quickly because everybody wants to help each other alright that's it thanks for watching