Hi all.
I posted question about PKCS12_key_gen() a few days ago,
but nobody answered; I beleive, that's because the posting
subj was not so clear. What is the correct way to create
pkcs12-complient password-based key (sorry for complitely
beginner's question)? If I need an a crossplatform-
cryptography implementation: OpenSSL<-->JCE - the java side
is smth like:
PBEKeySpec keyspec =
new PBEKeySpec(pwd.toCharArray());
SecretKeyFactory KFac =
SecretKeyFactory.getInstance(keyAlg);
SecretKey key = KFac.generateSecret(keyspec);
PBEParameterSpec pars =
new PBEParameterSpec(salt, iters);
Cipher cf = Cipher.getInstance(cryptAlg);
cf.init(Cipher.DECRYPT_MODE, key, pars);
How shoul'd I do the same with OpenSSL? For instace, with
cbc-triple-des - is that the correct way? :
{
char *k1, *k2, *k3, *pwd;
char deskey[24];
char salt[8] = {0x01,
0x02,
0x03,
0x04,
0x05,
0x06,
0x07,
0x08};
int saltlen = 8;
des_key_schedule ks1,ks2,ks3;
........
if(PKCS12_key_gen(usr_passwd,
strlen(usr_passwd),
salt,
saltlen,
PKCS12_KEY_ID,
1024, /* iters */
24, /*DES3_KEY_LEN, */
deskey,
EVP_sha1()) != 1)
exit(printf("failed: PKCS12_key_gen call\n"));
k1 = deskey;
k2 = deskey + 8;
k3 = deskey + 16;
des_set_key((C_Block *)k1,ks1);
des_set_key((C_Block *)k2,ks2);
des_set_key((C_Block *)k3,ks3);
des_ede3_cbc_encrypt((C_Block *)inBuff,
(C_Block *)outBuff,
data_len,
ks1, ks2, ks3,
(C_Block *)salt,
DES_ENCRYPT);
...
}
Thanx a lot for any help
Sincerely
Jab.
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
