Can You Recommend a Crypto Library?

Hi Folks:

I've gone through MP3 lectures and PDF slides of the
online crypto course from University of Washington.

The course can be found at:

I'd recommend it to anyone as clueless on all things
crypto as I was two weeks ago.

I'm no mathematician, so much of the course detail
was over my head, but I believe I now have an appreciation
of how the pieces fit.

I need to select a crypto library for my Windows C++

I described this application a couple of weeks ago,
but let me do so again.

The application's database contains personal
information, names, addresses, phone numbers and birth
dates. Customers may demand financial information like
Social Security and credit card numbers in future
versions of the program.

This database may live on a Unix server or be embedded
on the Windows PC that is running the app. This PC may be
a laptop.

You know more about threats to data than I do, but
the theft of a laptop with this personal information is
high on the list. Some users of this app may not want to
share information with their co-workers.

I'll want PKI so at some point in the future so the app
can allow people who's records are in the database to
keep their personal information current in the database.
This may be handled by a browser running SSL, or a client
app of my own design.

People represented in the database will have face to
face contact with the people who manage the database, so
there will be opportunities for people to confirm their

Currently I envision the crypto being handled on the
Windows PC, and the Unix server just keeping and passing
encrypted data. This might change in the future.

I've downloaded Crypto++. It's recognized by VC6 as
a project, and compiles easily, but with one type of
warning I'm not sure about.

LibTomCrypt also compiled, from the command line,
with a few innocuous sounding warnings. Tom is a regular
poster to this newsgroup, which seems like a big plus.

Google searches of sci.crypt don't turn up much
discussion about Microsoft's CryptoAPI. What do people
think of it?

I've also found references to a library called
BeeCrypt. But I don't see much about it.

I've downloaded GPG4Windows, but GPGME, which I
believe is the API for GNU Privacy Guard, won't
compile on my Solaris PC, so I don't see much hope of
porting it to Windows.

So, I'd appreciate some recommendations on which
library I should use to get encryption, the last part
of this project, going.


Relevant Pages

  • Re: Pin generation algorithm question
    ... the keys would be a big ... Suppose that we have a database that contains all valid numbers, ... load among several servers that all need access to this database. ... So the only real problem is which systems are accessing this crypto box. ...
  • Re: AES Questions From Another Dummy.
    ... C++ rand() is typically not recommended. ... Encrypting so several people can read it makes me think public-key crypto.. ... The other extreme would be to have everything in the database encrypted using ...
  • Re: A Dedicated Non-Repudiation Cipher
    ... database after she has used it to send a message to Bob. ... intellectually as clever as say crypto cipher design). ... thing you are claiming is a technical solution to repudiation, ...
  • Re: imperial screwcutting on metric lathe
    ... I don't often talk about crypto on non-crypto fora, 'cos I think it's fantastically interesting but most people just go uh?, but - Diffie-Hellman really is astounding. ... Some other amazing things you can do with crypto: You can query a database and get an exact number of bits from the database - but the database operator can't tell which bits of the database you got. ... Keys are too short and subject to various attacks, including brute force, rubber hose and the nice truncheon attacks. ...
  • Re: XP Pro faster than OS X
    ... doing several things at once because Windows can't do it effectively. ... Since I am running a network monitoring app here, this Mac (G4 1GNhz, ... changes to our assets and management database. ...