blocks|key|4508078|text|定义“安全”。内置的windows+crypto+api做了它所宣传的事情，没有任何不能纠正的缺陷，至少我知道这一点。"Crypto+Next+Generation“API可能值得一看。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4508079|通常，在一个安全的程序中，问题是人们如何处理API+-密钥长度不足，以纯文本形式留下密钥等-这真的会造成麻烦，而不是供应商的软件。|4508080|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

Define "secure". The built in windows crypto api does what it advertises and doesn't have any flaws that don't get corrected, at least of which I'm aware. The "Crypto Next Generation" API might be worth a look.

Usually, in a secured program, the issue is what people do with the API — insufficient key lengths, leaving keys around in plain text, etc — that really make trouble, not the vendor software.

blocks|key|4508134|text|“安全是一个过程，而不是一个产品。”--+Schneier|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|4508135|散列、加密和签名等加密算法只是该过程的一部分：|4508136|4508137|您是如何存储密钥的？它们会不会意外地通过页面文件泄漏到磁盘上？|unordered-list-item|4508138|您是如何生成随机数的？糟糕的随机数真的会削弱一切。只需向Debian或Netscape询问恐怖故事。|4508139|+IT管理员是否可以使用组策略更新允许使用的算法？|4508140|解决方案是否支持外部强化设备？|4508141|您能否在内核模式下进行加密？|4508142|在发生攻击或漏洞时如何分发更新？|4508143|4508144|CAPI，特别是CNG+on+Vista，已经考虑过这些问题，总体上是不错的。你可能想看看CAPI团队中两个人的this+video，看看是谁设计的。|4508145|此外，如果人们可以物理访问你的机器并放入一个按键记录器，那么所有这些都是没有意义的。|4508146|唉，这是一个过程……|4508147|entityMap|0|LINK|mutability|MUTABLE|url|http://www.schneier.com/crypto-gram-0005.html|1|http://www.schneier.com/blog/archives/2008/05/random_number_b.html|2|http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html|3|http://msdn.microsoft.com/en-us/library/aa376210(VS.85).aspx|4|http://channel9.msdn.com/posts/scobleizer/Tomas-Palmer-and-Tolga-Acar-Crypto-in-Windows-Vista/^0|L|8|0|0|0|0|0|S|6|1|Z|8|2|0|0|0|0|0|0|8|C|3|1K|A|4|0|0|0^^$0|@$1|2|3|4|5|6|7|1G|8|@]|9|@$A|1H|B|1I|1|1J]]|C|$]]|$1|D|3|E|5|6|7|1K|8|@]|9|@]|C|$]]|$1|F|3|-4|5|6|7|1L|8|@]|9|@]|C|$]]|$1|G|3|H|5|I|7|1M|8|@]|9|@]|C|$]]|$1|J|3|K|5|I|7|1N|8|@]|9|@$A|1O|B|1P|1|1Q]|$A|1R|B|1S|1|1T]]|C|$]]|$1|L|3|M|5|I|7|1U|8|@]|9|@]|C|$]]|$1|N|3|O|5|I|7|1V|8|@]|9|@]|C|$]]|$1|P|3|Q|5|I|7|1W|8|@]|9|@]|C|$]]|$1|R|3|S|5|I|7|1X|8|@]|9|@]|C|$]]|$1|T|3|-4|5|6|7|1Y|8|@]|9|@]|C|$]]|$1|U|3|V|5|6|7|1Z|8|@]|9|@$A|20|B|21|1|22]|$A|23|B|24|1|25]]|C|$]]|$1|W|3|X|5|6|7|26|8|@]|9|@]|C|$]]|$1|Y|3|Z|5|6|7|27|8|@]|9|@]|C|$]]|$1|10|3|-4|5|6|7|28|8|@]|9|@]|C|$]]]|11|$12|$5|13|14|15|C|$16|17]]|18|$5|13|14|15|C|$16|19]]|1A|$5|13|14|15|C|$16|1B]]|1C|$5|13|14|15|C|$16|1D]]|1E|$5|13|14|15|C|$16|1F]]]]

"Security is a process, not a product." - <a href="http://www.schneier.com/crypto-gram-0005.html" rel="nofollow noreferrer">Schneier</a> 

Cryptographic algorithms like hashing, encryption, and signing are just a part of the process:

<ul>
<li>How are you storing your keys? Can they accidentally be leaked onto disk via the page file?</li>
<li>How do you generate your random numbers? Bad random numbers can really weaken everything. Just ask <a href="http://www.schneier.com/blog/archives/2008/05/random_number_b.html" rel="nofollow noreferrer">Debian</a> or <a href="http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html" rel="nofollow noreferrer">Netscape</a> for horror stories.</li>
<li>Can an IT adminstrator(s) update which algorithms are allowed using group policy? </li>
<li>Does the solution support external hardened devices? </li>
<li>Can you do the encryption in kernel mode?</li>
<li>How do updates get distributed in the case of an attack or weakness?</li>
</ul>

CAPI and especially <a href="http://msdn.microsoft.com/en-us/library/aa376210(VS.85).aspx" rel="nofollow noreferrer">CNG on Vista</a> have thought through these issues and in general are decent. You might want to watch <a href="http://channel9.msdn.com/posts/scobleizer/Tomas-Palmer-and-Tolga-Acar-Crypto-in-Windows-Vista/" rel="nofollow noreferrer">this video</a> by two guys on the CAPI team to get a feel for who designed it.

And besides, all of this is moot if folks can get physical access to your machine and put in a key logger. 

Alas, it's a process...

blocks|key|4508114|text|“最大安全性”将由您如何使用您选择的加密API来定义。它将不是由本身定义的。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4508115|只要API正确地实现了各种加密算法，它就和任何其他加密API一样好。|4508116|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

"Maximum Security" will be defined by how you use the cryptography API that you choose. It will not be defined by the API itself.

As long as the API implements the various cryptographic algorithms correctly, it is just as good as any other cryptographic API.

blocks|key|3040412|text|如果你需要“最高”的安全性，你真的需要聘请一位专家来帮助你。正如查理马丁指出的那样，你可能最终得到一个不安全的程序，不仅是因为滥用了加密API，而且是因为正确使用了错误的加密类型，通过滥用正确使用的API的结果，甚至是程序的其他部分中不安全的设计。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3040413|这在软件行业中是一个非常常见的问题。|3040414|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

If you need "maximum" security, you really need to hire an expert to help you. You can end up with an insecure program not only via misuse of the crypto API, as Charlie Martin pointed out, but by correctly using the wrong type of crypto, through misusing the results of the correctly used API, or even insecure design in other parts of your program.

This is an extremely frequent problem in the software industry.

blocks|key|724277|text|如果使用得当，CryptoAPI是最可靠的。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|724278|你会发现有两种用于Windows的加密的外部库:一种是重新实现所有东西的库，因为它们旨在支持多平台开发；另一种是作为CryptoAPI之上的简化层用于特定目的的库。如果您属于前一类，请务必使用声誉良好的平台中立库。如果您发现在原始CryptoAPI中不能高效工作，那么可以找到一个声誉良好的库，它可以在较少的步骤中完成您所需的工作。但是，不要认为另一个库可以解决您的安全风险，因为它在某种程度上是“更好的”；只需确保您使用的任何库都是可靠的。|724279|正如许多其他人指出的那样，如果你真的需要“最高安全”(无论你的“最高”水平是什么)，你可能需要聘请一位专家。此外，您确实需要从整体的角度来看待安全性；加密数据只是其中一个方面。|724280|最后，不用说，甚至不要梦想编写自己的加密库，甚至不要实现现有的算法。你会失败的，很痛苦。|724281|entityMap^0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|J|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|K|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|L|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|M|8|@]|9|@]|A|$]]|$1|H|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|I|$]]

CryptoAPI is as solid as it gets, when used correctly.

You will find that there are two kinds of outside libraries for crypto for Windows: those that reimplement everything because they are intended to support multi-platform development, and those that act as a simplifying layer on top of CryptoAPI for specific purposes. If you are in the former crowd, by all means use a reputable platform-neutral library. If you find that you can't be productive in raw CryptoAPI, find a reputable library that will do exactly what you need in less steps. But don't assume that another library is going to cure your security risks because it's somehow "better"; just make sure that whatever you use is reputable.

As many other have pointed out, if you truly need "maximum security" (at whatever level your "maximum" happens to be), you might want to hire an expert. Also, you do need to look at security from a holistic angle; encrypting data is just one aspect.

And finally, it should go without saying, don't even dream of writing your own cryptographic library, not even to implementing existing algorithms. You will fail, miserably.

blocks|key|957325|text|出于安全考虑，请选择具有fips+140-2认证的库。在那之后，一切都取决于你如何安全地使用它。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|957326|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

For security choose a library that has fips 140-2 accreditation. After that it's all down to you using it securely.

blocks|key|724339|text|Crypto+API已被弃用，在Vista中仍然有效，但您应该使用CNG+(Crypto+APi下一代)。我不确定Crypto+API在Windows7中是否仍然可用。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|724340|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

Crypto API is deprecated, still works in Vista, but you should go with CNG (Crypto APi Next Generation). I'm not sure if Crypto API is still available in Windows 7.

i'm writing a crypto program that does stuff like hashing (sha1), encryption, digital signatues for win32 in c++
is built in cryptoapi secure, or should i use some other library like crypto++
i need maximum security and works on all systems xp and vista (and optionally 2000), but at same time i need to minimize exe size and so don't want uneeded external libs

is cryptoapi good?

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

教程

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云智能顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云AI代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

功能1上新10个字符

功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符。

功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符。

功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符

功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符

功能4上新

文章&问答评论现已支持表情

全新交互，全新视觉，新增快捷键、悬浮工具栏、高亮块等功能并同时优化现有功能，全面提升创作效率和体验

社区富文本编辑器全新改版！诚邀体验～ 

精选全网热门MCP server，让你的AI更好用 🚀

💥开发者 MCP广场重磅上线！

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

诚挚邀请您参与本次调研，分享您的真实使用感受与建议。您的反馈至关重要，感谢您的支持与参与！

社区新版编辑器体验调研

我正在写一个加密程序，做的东西，如散列(sha1)，加密，数字签名的win32在c++是建立在cryptoapi安全，或我应该使用一些其他库如crypto++我需要最大的安全性，并在所有系统xp和vista (和可选的2000)，但同时我需要最小化可执行文件的大小，所以不想要不成功的外部库

问cryptoapi好吗？
EN

回答 7

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问cryptoapi好吗？EN

回答 7

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问cryptoapi好吗？
EN