But as you want a random key, not a derived key, none of those functions apply. OpenSSL also implements PBKDF2 which is the NIST approved method of password based key derivation function (PBKDF). EVP_BytesToKey is a key derivation function (KDF) that is specific to OpenSSL.
The OpenSSL documentation seems to be out of date where Windows is involved, but you can find more information on this by looking at the answer of the venerable Thomas Pornin on .ĮVP_BytesToKey is used to generate keys from passwords. The default RAND_bytes method is fortunately seeded per thread, and by default uses the random number generator available from the operating system.
Is there a function for secure passwordgeneration in openssl? Or is EVP_BytesToKey() just the wrong way to do what I want to do? I do the AES encryption with: EVP_CIPHER_CTX en ĮVP_EncryptInit_ex(&en, EVP_aes_256_cbc(), NULL, key, iv) ĮVP_EncryptUpdate(&en, ciphertext, &i, (unsigned char*)data, dataLength) ĮVP_EncryptFinal_ex(&en, ciphertext+i, &x) īut how do I create the key and the iv securely? Right now I Use the following function: EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, password, 64, 9, key, iv) īecause if I use rand() or something equal my attempt was completely useless because anybody who is able to get behind the "randomness" used for the "password" generation is able to decrypt the data anyway without caring about the RSA encryption of the "password". Then I send both, the AES encrypted data and the RSA encrypted password, through the socket and do the encryption the other way around.
I use openssl and c.īecause RSA decryption is quite slow I use the common and straight forward way to encrypt the data with AES first, and afterwards I encrypt the used AES password with RSA. I want to send large data encrypted with RSA through sockets.
0 kommentar(er)
