因此,在提及official Crypto++ Visual Studio Wiki page和in this tutorial时,在使用Qt时必须使用CryptoPP作为DLL。
但这是真的吗?我不能将cryptlib编译为/ MD和/ MDd到cryptlib.lib而不是cryptopp.dll并将其用于我的项目吗?为什么我需要包含外部DLL?
我正在努力将CryptoPP编译为DLL,所以我想知道我是不是只是浪费时间而且有一种方法可以直接使用cryptlib.lib(使用正确的Runtime / MD或/ MDd编译)
由于
答案 0 :(得分:1)
Do I need to use CryptoPP DLL with Qt?
No. But libraries like QT and MFC use dynamic C++ rumtimes, so you will need to switch to dynamic runtimes for Crypto++.
But is this really true? Can't I just compile cryptlib as /MD and /MDd into cryptlib.lib, instead of cryptopp.dll and use that with my project? Why would I need to include external DLL?
Yes. Just change to the dynamic C++ runtime library, and then link to the static library.
I am struggling with compiling CryptoPP as DLL
Yeah, its a pain. Folks should avoid it unless they have to use it.
Why would anyone use dll other than the fips signed (which is already compiled)
Those doing business in US Federal and US DoD must use the FIPS version. They have no choice. The OMB does not allow agencies to use anything other than validated cryptography.
The DLL is special purpose. If you want the FIPS DLL, then you can only use it on Windows 2000 SP1, Windows XP SP3 and Windows Server 2003 SP1.
The DLL only has approved algorithms. Its missing a bunch of stuff, like utilities (i.e., HexEncoder) and non-approved algorithms (i.e., MD5, Whirlpool, Camellia, etc).
If you want to supplement the DLL, then you have to add the missing algorithms from the static LIB. As you can imagine, that's going to be a pain point.
The signature for integrity assurances is provided by SHA-1/HMAC using the static key {0x47, 0x1E, 0x33, 0x96, 0x65, 0xB1, 0x6A, 0xED, 0x0B, 0xF8, 0x6B, 0xFD, 0x01, 0x65, 0x05, 0xCC}. Anyone can tamper with it, and create valid signatures over it.
We created a page on the topic. You can find it on the Crypto++ wiki at FIPS DLL. It provides things like implementation details, and discusses things like Operational Environments.