基于cryptopp -- A Password Manager密码管理系统
2016-04-14 11:09
274 查看
系统设计安全目标
私密性(confidentiality):消息内容不让其他人看到消息:只有该看的人才能看完整性(integrity):消息不被其他人篡改或者篡改之后可以被发现:看到的消息是正确的
可用性(availability):加密后,解密仍然能够读到信息:想看随时看
基本功能
登录界面
提示用户输入用户名和master password
检查文档是否存在不存在创建一个新的文档,并以输入的master password作为这个用户的master password
存在则检查文档中的master password(需要先进行解密)和用户输入的是否一致,
如果不一致则报错,保留在登录界面
如果一致则进行完整性检查:将每一行的网站域名抽出来通过HMAC做哈希,将哈希以后的值和保存的对应哈希值最对比,如果有某一项不一致则报错,保留在登陆界面;如果一致就进入用户功能界面
用户功能界面
功能1:实现对于网站域名 + 哈希值 + 加密以后的密码的增加
提示用户输入网站域名和密码检查文档中是否有相同的域名,如果有则报错;没有则将网站域名 + 通过HMAC算出的哈希值 + 加密以后的密码增加到文件尾部,并输出成功信息
功能2:实现对于网站域名 + 哈希值 + 加密以后的密码的删除
提示用户输入网站域名检查文档中是否有相同的域名,如果没有则报错;有则将对应的记录从该文档中删除
功能3:实现对于输入网站域名后对于密码的查询
提示用户输入网站域名检查文档中是否有相同的域名,如果没有则报错;有则将对应加密后的密码解密后输出出来
功能4:实现对于输入网站域名后对于密码的修改
提示用户输入网站域名和密码检查文档中是否有相同的域名,如果没有则报错;有则将输入的密码进行加密后替换掉文档中的对应项
功能5:返回登录界面
完整代码:#include <iostream> #include <string> #include <cstdio> #include <cstring> #include <fstream> #include <sstream> //AES #include "cryptopp563/filters.h" // StringSink, StringSource, StreamTransformationFilter #include "cryptopp563/aes.h" // AES #include "cryptopp563/modes.h" // CBC_Mode_* //PBKDF2 #include "cryptopp563/base64.h" // Base64Decoder #include "cryptopp563/sha.h" // SHA1 #include "cryptopp563/pwdbased.h" // PKCS5_PBKDF2_HMAC #include "cryptopp563/hex.h" // HexEncoder //HMAC #include "cryptopp563/hmac.h" // HMAC<T> using namespace std; using namespace CryptoPP; #define DEFAULT_STRING_SIZE (32) //十进制与十六进制之间相互转换 string decToHex(byte num);//十进制转十六进制 byte hexToDec(string num);//十六进制转十进制 //CBC加密 string CBC_encrypt(string str); string CBC_encrypt(byte* key, string source); //CBC解密 string CBC_decrypt(string source); string CBC_decrypt(byte* key, string source); bool masterKey(string username, string password); //比对输入密码与txt密码是否一致 void integrity(string username); //文件内容是否具备完整性 //与key相关的哈希函数对domain进行加密 string digest(string key, string domain); string deriveKey(string domain, string masterPassword); void addNewKVS(string username, string password); //增加KVS void deleteKVS(string username, string password); //删除KVS void searchPassword(string username, string password); //查询对应域名下的密码 void changePassword(string username, string password); //修改对应域名下的密码 int main (int argc, char const *argv[]){ string username; //用户名 string masterPassword; //密码 string filename; //用户名补充文件名 string masterPasswordInTxt; /* 登录界面 */ while(1){ //输入用户名和密码 cout << "\nPlease input the username and password." << endl; cin >> username >> masterPassword; //依据用户名读取文件 filename = username + ".txt"; char *masterPasswordChar = (char*)masterPassword.data(); char *cname = (char*)filename.data(); ifstream in(cname); if(in == NULL){ //用户不存在 新建以username命名的txt文件,储存masterPassword cout << "Hello, new friend." <<endl; in.close(); string passwordAfterEncrypt = CBC_encrypt(masterPasswordChar); ofstream out(cname); out << passwordAfterEncrypt <<endl; out.close(); break;//新建文件完毕 跳出循环 } else{ //用户已存在,对密码进行验证 getline(in, masterPasswordInTxt); //cout << masterPasswordInTxt + " !"<< endl; in.close(); if(masterKey(username, masterPassword)) { //密码正确 cout << "Hello, " << username << "."<< endl; integrity(username); break; } else { //密码错误 cout << "The password is wrong!" << endl; } } } /* 功能选择界面 */ int kind; // 功能类型 cout << "--------------------------------------------------------------" <<endl; cout << "\nWelcome to Password Manager!\n" <<endl; while(1){ cout << "--------------------------------------------------------------" <<endl; cout << "1.Add a domain / password;" <<endl; cout << "--------------------------------------------------------------" <<endl; cout << "2.Remove a domain / password;" <<endl; cout << "--------------------------------------------------------------" <<endl; cout << "3.Check the corresponding password according to the domain;" <<endl; cout << "--------------------------------------------------------------" <<endl; cout << "4.Modify the corresponding password according to the domain;" <<endl; cout << "--------------------------------------------------------------" <<endl; cout << "5.Exit." <<endl; cout << "--------------------------------------------------------------" <<endl; cout << "Please input the number between 1 and 5." << endl; cin >> kind; while(kind < 1 || kind > 5){ cout << "Please input the right number."; cin >> kind; } if(kind == 1){ addNewKVS(username, masterPassword); } else if(kind == 2){ deleteKVS(username, masterPassword); } else if(kind == 3){ searchPassword(username, masterPassword); } else if(kind == 4){ changePassword(username, masterPassword); } else{ break; } } system("pause"); return 0; } string CBC_encrypt(string str) { // 初始化密钥和初始向量 byte key[CryptoPP::AES::DEFAULT_KEYLENGTH]; byte iv[CryptoPP::AES::BLOCKSIZE]; memset(key, 0x00, CryptoPP::AES::DEFAULT_KEYLENGTH); memset(iv, 0x00, CryptoPP::AES::BLOCKSIZE); //进行CBC加密 string ciphertext; CryptoPP::AES::Encryption aesEncryption(key, CryptoPP::AES::DEFAULT_KEYLENGTH); CryptoPP::CBC_Mode_ExternalCipher::Encryption cbcEncryption(aesEncryption, iv); StreamTransformationFilter stfEncryptor(cbcEncryption, new StringSink(ciphertext)); stfEncryptor.Put(reinterpret_cast<const unsigned char*>(str.c_str()), str.length() + 1); stfEncryptor.MessageEnd(); // 获得加密结果 string result; for(int i = 0; i < ciphertext.size(); i++) result.append(decToHex(0xFF & static_cast<byte>(ciphertext[i]))); return result; } void integrity(string username) { string masterPassword, domain, hash, password; //打开文件 string filename; filename = username + ".txt"; char *cname = (char*)filename.data(); ifstream in(cname); in >> masterPassword; //若密码长度不为default_string_size的倍数则密码不完整 if(masterPassword.size() % DEFAULT_STRING_SIZE != 0) { cout << "Fatal error: File is modified improperly" << endl; exit(0); } //循环读取所有记录 while(in >> domain >> hash >> password) { if(password.size() % DEFAULT_STRING_SIZE != 0) { //若密码长度不为default_string_size的倍数则密码不完整 cout << "Fatal error: File is modified improperly" << endl; exit(0); } else if(strcmp(hash.c_str(), digest(deriveKey(domain, CBC_decrypt(masterPassword)), domain).c_str()) != 0) { //若域名哈希后与储存的对应值不一样则文件不完整 cout << "Fatal error: File is modified improperly" << endl; exit(0); } } in.close(); } string decToHex(byte num) { char result[3] = {'0', '0'}; int i = 2; while(num > 0 && i-- > 0) { result[i] += num % 16; if(result[i] > '9') result[i] += ('A' - 10 - '0'); num /= 16; } return result; } byte hexToDec(string num) { byte result = 0; result += 16 * (num[0] < 'A' ? num[0] - '0' : num[0] - 'A' + 10); result += num[1] < 'A' ? num[1] - '0' : num[1] - 'A' + 10; return result; } bool masterKey(string username, string password) { //打开文件 string filename; filename = username + ".txt"; char *cname = (char*)filename.data(); ifstream in(cname); //读取密码 string passwordInTxt; in >> passwordInTxt; in.close(); //对读取到的密码进行解密 string decryptMasterKey = CBC_decrypt(passwordInTxt); //比对两个密码是否一致 if(strcmp(decryptMasterKey.c_str(), password.c_str()) == 0) return true; else return false; } string CBC_encrypt(byte* key, string source) { // IV setup byte iv[AES::BLOCKSIZE]; memset(iv, 0x00, AES::BLOCKSIZE); // Create Cipher Text string ciphertext; AES::Encryption aesEncryption(key, AES::DEFAULT_KEYLENGTH); CBC_Mode_ExternalCipher::Encryption cbcEncryption(aesEncryption, iv); StreamTransformationFilter stfEncryptor(cbcEncryption, new StringSink(ciphertext)); stfEncryptor.Put(reinterpret_cast<const unsigned char*>(source.c_str()), source.length() + 1); stfEncryptor.MessageEnd(); // get result string result; for(int i = 0; i < ciphertext.size(); i++) result.append(decToHex(0xFF & static_cast<byte>(ciphertext[i]))); return result; } string CBC_decrypt(string source) { // check modified if(source.size() % DEFAULT_STRING_SIZE != 0) { cout << "Fatal error: File is modified improperly" << endl; exit(0); } // get cipher text string cipher; for(int i = 0; i < source.length(); i += 2) cipher.append(1, hexToDec(source.substr(i, 2))); // Key and IV setup byte key[AES::DEFAULT_KEYLENGTH], iv[AES::BLOCKSIZE]; memset(key, 0x00, AES::DEFAULT_KEYLENGTH); memset(iv, 0x00, AES::BLOCKSIZE); // decrypt string decryptedtext; AES::Decryption aesDecryption(key, AES::DEFAULT_KEYLENGTH); CBC_Mode_ExternalCipher::Decryption cbcDecryption(aesDecryption, iv); StreamTransformationFilter stfDecryptor(cbcDecryption, new StringSink(decryptedtext)); stfDecryptor.Put(reinterpret_cast<const unsigned char*>(cipher.c_str()), cipher.size()); stfDecryptor.MessageEnd(); return decryptedtext; } string CBC_decrypt(byte* key, string source) { // check modified if(source.size() % DEFAULT_STRING_SIZE != 0) { cout << "Fatal error: File is modified improperly" << endl; exit(0); } // get cipher text string cipher; for(int i = 0; i < source.length(); i += 2) cipher.append(1, hexToDec(source.substr(i, 2))); // Key and IV setup byte iv[AES::BLOCKSIZE]; memset(iv, 0x00, AES::BLOCKSIZE); // decrypt string decryptedtext; AES::Decryption aesDecryption(key, AES::DEFAULT_KEYLENGTH); CBC_Mode_ExternalCipher::Decryption cbcDecryption(aesDecryption, iv); StreamTransformationFilter stfDecryptor(cbcDecryption, new StringSink(decryptedtext)); stfDecryptor.Put(reinterpret_cast<const unsigned char*>(cipher.c_str()), cipher.size()); stfDecryptor.MessageEnd(); return decryptedtext; } string digest(string key, string domain) { byte result[AES::DEFAULT_KEYLENGTH]; HMAC<SHA >((byte *)key.c_str(), key.size()).CalculateDigest(result, (byte *)domain.c_str(), domain.size()); string value; for(int i = 0; i < AES::DEFAULT_KEYLENGTH; i++) value.append(decToHex(result[i])); return value; } string deriveKey(string domain, string masterPassword) { byte derived[AES::DEFAULT_KEYLENGTH]; PKCS5_PBKDF2_HMAC<CryptoPP::SHA1> pbkdf2; pbkdf2.DeriveKey(derived, sizeof(derived), 0, (byte *)masterPassword.c_str(), masterPassword.size(), (byte *)domain.c_str(), domain.size(), 1); string result; HexEncoder encoder(new StringSink(result)); encoder.Put(derived, sizeof(derived)); encoder.MessageEnd(); return result; } void addNewKVS(string username, string password) { //输出提示信息,提示输入需要添加的域名和密码 string domainInput, passwordInput; cout << "Please input the domain you want to add: "; cin >> domainInput; cout << "Please input the new password of the domain: "; cin >> passwordInput; string key = deriveKey(domainInput, password); ofstream file; file.open((username + ".txt").c_str(), ios::out|ios::app); //对应输出域名,哈希后的域名,加密后的密码到文件中 file << domainInput << " " << digest(key, domainInput) << " " << CBC_encrypt((byte *)key.c_str(), passwordInput) << endl; file.close(); cout << "Success!" << endl; } void deleteKVS(string username, string password) { //提示输入需要删除的域名 string domainInput; cout << "Please input the domain you want to delete: "; cin >> domainInput; bool find = false; string masterPassword; vector<string> domainVector, hashVector, passwordVector; //临时存储记录 string domain, hash, pw; //打开文件,逐条记录比对域名是否与输入的域名一致 fstream file; file.open((username + ".txt").c_str(), ios::in); file >> masterPassword; while(file >> domain >> hash >> pw) { if(strcmp(domain.c_str(), domainInput.c_str()) == 0) //域名是否与输入的域名一致,不放入存储向量中 find = true; else { domainVector.push_back(domain); hashVector.push_back(hash); passwordVector.push_back(pw); } } file.close(); file.open((username + ".txt").c_str(), ios::out|ios::trunc); file << masterPassword << endl; //将记录从临时存储的向量中移回文件中 for(int i = 0; i < domainVector.size(); i++) file << domainVector[i] << " " << hashVector[i] << " " << passwordVector[i] << endl; file.close(); if(find) cout << "Success!" << endl; else cout << "Can not find the record of the domain" << endl; } void searchPassword(string username, string password) { //提示输入需要查询的域名 string domainInput; cout << "Please input the domain you want to search: "; cin >> domainInput; bool find = false; string masterPassword; string domain, hash, pw; ifstream file; file.open((username + ".txt").c_str()); file >> masterPassword; //逐条记录比对,若域名一致则找到,将密码解密出来并输出 while(file >> domain >> hash >> pw) { if(strcmp(domain.c_str(), domainInput.c_str()) == 0) { find = true; string key = deriveKey(domainInput, password); cout << "The password of domain is: " << CBC_decrypt((byte *)key.c_str(), pw) << endl; break; } } if(!find) cout << "Can not find the record of the domain" << endl; } void changePassword(string username, string password) { //提示输入需要修改的域名和密码 string domainInput, passwordInput; cout << "Please input the domain to be changed: "; cin >> domainInput; cout << "Please input your new password: "; cin >> passwordInput; bool find = false; string masterPassword; //转存向量 vector<string> domainVector, hashVector, passwordVector; string domain, hash, pw; //打开对应文件 fstream file; file.open((username + ".txt").c_str(), ios::in); file >> masterPassword; //逐条进行比对,若发现域名一致的记录则将新的密码加密后存入向量 while(file >> domain >> hash >> pw) { if(strcmp(domain.c_str(), domainInput.c_str()) == 0) { domainVector.push_back(domain); hashVector.push_back(hash); string key = deriveKey(domainInput, password); passwordVector.push_back(CBC_encrypt((byte *)key.c_str(), passwordInput)); find = true; } else { domainVector.push_back(domain); hashVector.push_back(hash); passwordVector.push_back(pw); } } file.close(); file.open((username + ".txt").c_str(), ios::out|ios::trunc); file << masterPassword << endl; //将在向量内临时存储的内容移回文件 for(int i = 0; i < domainVector.size(); i++) file << domainVector[i] << " " << hashVector[i] << " " << passwordVector[i] << endl; file.close(); if(find) cout << "Success!" << endl; else cout << "Can not find the record of the domain" << endl; }
相关文章推荐
- 中移苏研DCOS实践之路完整篇
- Linux Kernel 控制 GPIO LED 闪烁 (Blink)
- 【openstack】【nova】【libvirt】在计算节点上实现的imagecache
- .net 获取网站根目录总结
- Linux samba搭建
- 在docker中安装apache
- 全部最新版postfix+dovecot+postgresql+centos7+amavisd+clamd+spamassassin源文件安装搭建完善的邮件服务器
- SSH docker容器
- 大型网站系统架构演化之路
- linux备份mysq脚本
- Openstack虚拟机内安装docker,容器无法联网问题
- Shell升级,/bin/bash版本号4.1到4.3
- Docker私有仓库部署
- openwrt 显示系统运行时间和空闲时间
- centos搭建ntp服务器
- Cryptopp安装配置
- Linux命令date日期时间和Unix时间戳互转
- AOP 概念解析
- 【ELK】topbeat对服务器CPU,memory,硬盘等参数监控
- CentOS6.5系统下RPM包安装MySQL5.6