Kaushalye Kapuruge wrote:
Hi,
Im trying to encrypt/decrypt a string using openssl.
The program works fine for encryption but fails(not always) for
decryption. This happens in EVP_CipherFinal_ex() call.
I'm a bit confused with this random behavior. I've attached the code.
Can anybody point me out what I'm doing wrong here?
Thanks,
Kaushalye
(...)
/* Bogus key and IV: we'd normally set these from
* another source.
*/
unsigned char key[] = "0123456789";
unsigned char iv[] = "12345671";
As pointed out in another thread, key and IV should both have the
correct size for the intended algorithm.
Thus, key and/or IV read by EVP_CipherInit_ex may well be quite
undetermined, which is a good reason for a random result.
You probably should use some PKSC#5 procedure, or at least something
like EVP_BytesToKey() to derive a good Key/IV pair from a
passphrase/salt pair.
Anyway, I'm not sure it's a good idea to force the key length using
EVP_CIPHER_CTX_set_key_length().
Here, i'd rather let someone else give the correct answer.
--
alea+
Luc
begin:vcard
fn:Luc Perthuis
n:Perthuis;Luc
org:Atempo S.A.;Engineering
adr:;;PIBS;VANNES;;56000;FRANCE
email;internet:[EMAIL PROTECTED]
title:Core Technologies Group Manager
tel;work:02 97 68 40 26
tel;fax:02 97 68 40 25
tel;cell:06 89 16 96 37
note;quoted-printable:Enabling Information Lifecycle Strategies=0D=0A=
x-mozilla-html:TRUE
url:http://www.atempo.com
version:2.1
end:vcard
