Important: Please read the Qt Code of Conduct -

QCA for file encryption

  • I'm working on an application that uses several user level and configuration files that are stored locally on an embedded device. I was wondering if it's possible to encrypt the files using QCA so that only the application itself and the developers team can access these configuration files.

  • Lifetime Qt Champion


    Do you mean do something like the base64 example does but using a file to store the result ?

  • I've been trying to encrypt a local json file (in this case data.json) and read out it's content.

    I've manage to setup a small test for myself to encrypt and decrypt the data from the json file.

    #include <QCoreApplication>
    #include <Qca-qt5/QtCrypto/QtCrypto>
    #include <QFile>
    #include <QDir>
    #include <iostream>
    int main(int argc, char *argv[])
        QCA::Initializer init;
        // Get file path and file
        QDir path(QDir::currentPath()); + "/QtProjects/ConsoleEncryption");
        QString filepath = path.absolutePath() + "/" + "data.json";
        QFile file(filepath);
        if(!file.isReadable()) { std::cout << "Not Readable" << std::endl; }
    //    QJsonParseError error;
    //    QJsonDocument jsonFile = QJsonDocument::fromJson(file.readAll(), &error);
    //    std::cout << jsonFile.toJson().data() << std::endl;
        QString serial = file.readAll();
        QCA::SecureArray arg = serial.toUtf8().data();
    //    QCA::SecureArray arg = jsonFile.toJson().data();
        if (!QCA::isSupported("pkey") || !QCA::PKey::supportedIOTypes().contains(QCA::PKey::RSA)) {
            std::cout << "RSA not supported!\n";
        } else {
            /*** CREATE PASSPHRASE ************************************************/
            QCA::SecureArray passPhrase = "ManterWeigher";                
            /*** READ PRIVATE KEY FROM PEM FILE ***********************************/
            QCA::ConvertResult conversionResultPrivate;
            QCA::PrivateKey privateKey = QCA::PrivateKey::fromPEMFile( "privateKey.pem",
            if (! (QCA::ConvertGood == conversionResultPrivate) ) {
                std::cout << "Private key read failed" << std::endl;
            /*** READ PUBLIC KEY FROM PEM FILE ************************************/        
            QCA::ConvertResult conversionResultPublic;
            QCA::PublicKey publicKey = QCA::PublicKey::fromPEMFile("publicKey.pem", &conversionResultPublic);
            if (! (QCA::ConvertGood == conversionResultPublic) ) {
                std::cout << "Public key read failed" << std::endl;
            /*** ENCRYPT DATA WITH PUBLIC KEY *************************************/
            QCA::SecureArray result = publicKey.encrypt(arg, QCA::EME_PKCS1_OAEP);
            if(result.isEmpty()) {
                std::cout << "Error encrypting" << std::endl;
            QString rstr = QCA::arrayToHex(result.toByteArray());
            std::cout << "\"" << << "\" \n encrypted with RSA is :\"";
            std::cout << qPrintable(rstr) << "\"" << std::endl;
            /*** DECRYPT DATA WITH PRIVATE KEY ************************************/
            QCA::SecureArray decrypt;
            if(0 == privateKey.decrypt(result, &decrypt, QCA::EME_PKCS1_OAEP)) {
                std::cout << "Error decrypting.\n";
            // output the resulting decrypted string
            std::cout << "\"" << qPrintable(rstr) << "\" \n decrypted with RSA is :\"";
            std::cout << << "\"" << std::endl;    
        QCoreApplication a(argc, argv);
        return a.exec();

    The result was af2b1cd4-e704-4486-aa39-eae8b3ceb05c-afbeelding.png . The top line is the test data in the json file and the bottom is the decrypted one. For some reason I don't get the full json back. Any tips on this?

    P.S. Kinda new to Qt and C++ so still not too good with it.

  • @SGaist said in QCA for file encryption:


    Please be aware that Base64 is an encoding schema, not an encryption algorithm.
    Give me some Base64-encoded text and without relying on any key or password I'll be able to decode it :-)

  • @Deedss have you tried this QCA ciphertest example?

    You may want to try modifying it to read your JSON file instead of the "Hello" or first argument plain text.

    This example is using a symmetric key which maybe is easier at first, just not dealing with the private/public key like in your post.

  • @Pablo-J-Rogina

    The thing is that the application runs on an embedded device and the user can only run the program. The thing is that I want to encrypt certain configuration files (stored as json) so that the user cannot alter/read it's content in case they do get access to the folder containing the files. If I store the cipher inside the program (hardcoded), would it be ok for everday usage? The application is meant to run on an small embedded device to control a machine.

  • @Deedss I was not suggesting to use symmetric encryption as the definitive solution. It was just another approach to trying getting used to the QCA library.

    If I store the cipher inside the program (hardcoded), would it be ok for everday usage?

    This is a chicken-egg situation. Since I expect you're be storing the private certificate in the device, right? and you'd want to protect it with a passphrase so nobody can use it outside the application (you're already doing it in your example above) so either way you'll have some password hard-coded in your program.

  • In the end it was decided to use the SimpleCrypt implementation in the application. It allows for free usage and is enough encryption to prevent users of the embedded device to change settings.

  • @Deedss thank you for sharing. In the end you went for symmetric encryption though.

    Just in case, here's a reference to SimpleCrypt I found.

  • @Pablo-J-Rogina

    You could also check the max number of bytes you can encrypt ..

    qDebug() << publicKey.maximumEncryptSize(QCA::EME_PKCS1_OAEP);

    which gives , on my env 470
    So you cant encrypt anything larger .. and I don't know any method to increase that limit. I think you dont need to use for data encryption.
    public key is good to use for encrypting key for a symmetric scheme that encrypts files.
    If you really are limited to RSA keys .. given the JSON input .. best thing you can do, may be is split JSON to individual values .. and encrypt each ..

Log in to reply