On Thu, Sep 09, 2004, Steve Hay wrote: > Steve Hay wrote: > > It occurs to me that I can make use of PKCS5_v2_PBE_keyivgen() for > 0.9.4+, and just use EVP_BytesToKey() for earlier versions -- the fact > that the latter doesn't support non-default key lengths isn't a problem > because I can't set the key length prior to 0.9.6 anyway! > > So my question now is how do I use the (undocumented!) > PKCS5_v2_PBE_keyivgen() function? If I understand it correctly from > looking at the source code, the first three parameters are the cipher > context to have the generated key+iv set in plus the data and data > length to generate the key+iv from. The last two parameters are the > digest function to use and the encrypt/decrypt mode. > > What are the other two parameters for? Namely, "param" and "cipher" in > the following signature: > > int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int > passlen, > ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD > *md, int en_de); > > I could set the "cipher" to the cipher function that is already set in > the "ctx", but why doesn't PKCS5_v2_PBE_keyivgen() just use that > itself? Am I missing something here? > > I've no idea what the ASN1_TYPE *param is, or where to get one from. I > had a look at EVP_CIPHER_param_to_asn1(), but it says that the cipher IV > in the ctx passed to it must be set when the call is made, which seems > to be a chicken-and-egg problem to me -- I haven't got the cipher IV yet ;) > > Any clues how to use PKCS5_v2_PBE_keyivgen() would be greatly appreciated. >
The function itself is intended to be used to generate or supply various paramaters in an appropriate DER structure. The password based encryption functions are intended to be called via the EVP_PBE_CipherInit() interface which is very similar to EVP_CipherInit(). The ASN1_TYPE parameter comes from various places depending on the PBE algorithm in use. For PKCS#5 v2.0 PKCS5_pbe2_set() is used. This is primarily to allow the PBE stuff to be used in appropriate ASN1 structures. The IV is generated randomly and included in the structure. Currently there's no way to supply your own IV but that will be fixed at some point... Alternatively you can get at the "guts" of the function by using PKCS5_PBKDF2_HMAC_SHA1(). Then you have to generate your own salt and pass it to the function along with the password and interation count. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
