How to manage and protect sensitive data in C++?

In C, you can manage and protect sensitive data by: using libraries such as OpenSSL or libsodium for encryption; using the boost::tokenizer library for tokenization; using the fmtlib library for data masking; using the Google Cloud KMS library Store securely.

How to manage and protect sensitive data in C

Protecting sensitive data in C is crucial because it prevents Unauthorized access, theft or disclosure. This tutorial will guide you on how to effectively manage and protect your data, including practical examples.

1. Encryption

Encryption is one of the most effective ways to protect data. It uses algorithms to convert sensitive data into an incomprehensible format. There are several libraries in C for encryption, such as OpenSSL and libsodium.

#include <openssl/aes.h>

int main() {
  // 生成随机密钥
  unsigned char key[AES_KEY_SIZE];
  RAND_bytes(key, AES_KEY_SIZE);

  // 初始化 AES 加密器
  AES_KEY aes_key;
  AES_set_encrypt_key(key, AES_KEY_SIZE * 8, &aes_key);

  // 加密数据
  unsigned char data[] = "Sensitive data";
  unsigned char encrypted_data[AES_BLOCK_SIZE];
  AES_encrypt(data, encrypted_data, &aes_key);

  // 解密数据
  AES_decrypt(encrypted_data, data, &aes_key);

  return 0;
}

2. Tokenization

Tokenization involves replacing sensitive data with a unique identifier or token. This approach reduces the attack surface of the data because it does not require the actual data to be stored. There are several tokenization libraries in C, such as boost::tokenizer.

#include <boost/tokenizer.hpp>

int main() {
  // 定义令牌分隔符
  const char delimiter = ',';

  // 原始数据
  std::string original_data = "John Doe,123 Main Street,Anytown,CA";

  // 创建令牌分隔符
  boost::char_separator<char> sep(delimiter);

  // 令牌化数据
  std::vector<std::string> tokens;
  boost::split(tokens, original_data, sep);

  // 输出令牌化数据
  for (auto& token : tokens) {
    std::cout << token << std::endl;
  }

  return 0;
}

3. Data Masking

Data masking is a technique that masks sensitive data before it is displayed or exported. In C, you can use the fmtlib library for data masking.

#include <fmt/format.h>

int main() {
  // 原始数据
  std::string name = "John Doe";
  std::string address = "123 Main Street";

  // 掩盖姓氏
  std::string masked_name = fmt::format("{0} ***", name);

  // 掩盖地址
  std::string masked_address = fmt::format("*{0}", address);

  // 输出掩盖后的数据
  std::cout << "Masked name: " << masked_name << std::endl;
  std::cout << "Masked address: " << masked_address << std::endl;

  return 0;
}

4. Secure Storage

Secure storage technology ensures that sensitive data is stored securely, such as Key Manager or Credential Storage Library. The key manager can be accessed in C using the Google Cloud KMS library.

#include <google/cloud/kms/v1/key_management_service_client.h>

int main() {
  // 创建密钥管理器客户端
  auto client = google::cloud::kms::v1::KeyManagementServiceClient(
      google::cloud::Options{}
          .set<google::cloud::UnifiedCredentialsOption>(
              google::cloud::MakeGoogleDefaultCredentials()));

  // 创建密钥名称
  google::cloud::kms::v1::CryptoKeyName key_name(
      "projects/my-project", "locations/us-east1", "my-key");

  // 获取密钥
  auto key = client.GetCryptoKey(key_name);

  // 检查是否有错误
  if (!key) throw std::move(key).status();

  // 使用密钥进行操作

  return 0;
}

The above is the detailed content of How to manage and protect sensitive data in C++?. For more information, please follow other related articles on the PHP Chinese website!